The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/opencrypto/xform.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*      $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $  */
    2 /*-
    3  * The authors of this code are John Ioannidis (ji@tla.org),
    4  * Angelos D. Keromytis (kermit@csd.uch.gr),
    5  * Niels Provos (provos@physnet.uni-hamburg.de) and
    6  * Damien Miller (djm@mindrot.org).
    7  *
    8  * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
    9  * in November 1995.
   10  *
   11  * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
   12  * by Angelos D. Keromytis.
   13  *
   14  * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
   15  * and Niels Provos.
   16  *
   17  * Additional features in 1999 by Angelos D. Keromytis.
   18  *
   19  * AES XTS implementation in 2008 by Damien Miller
   20  *
   21  * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
   22  * Angelos D. Keromytis and Niels Provos.
   23  *
   24  * Copyright (C) 2001, Angelos D. Keromytis.
   25  *
   26  * Copyright (C) 2008, Damien Miller
   27  *
   28  * Permission to use, copy, and modify this software with or without fee
   29  * is hereby granted, provided that this entire notice is included in
   30  * all copies of any software which is or includes a copy or
   31  * modification of this software.
   32  * You may use this code under the GNU public license if you so wish. Please
   33  * contribute changes back to the authors under this freer than GPL license
   34  * so that we may further the use of strong encryption without limitations to
   35  * all.
   36  *
   37  * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
   38  * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
   39  * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
   40  * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
   41  * PURPOSE.
   42  */
   43 
   44 #include <sys/cdefs.h>
   45 __FBSDID("$FreeBSD$");
   46 
   47 #include <sys/param.h>
   48 #include <sys/systm.h>
   49 #include <sys/malloc.h>
   50 #include <sys/sysctl.h>
   51 #include <sys/errno.h>
   52 #include <sys/time.h>
   53 #include <sys/kernel.h>
   54 #include <machine/cpu.h>
   55 
   56 #include <crypto/blowfish/blowfish.h>
   57 #include <crypto/des/des.h>
   58 #include <crypto/rijndael/rijndael.h>
   59 #include <crypto/camellia/camellia.h>
   60 #include <crypto/sha1.h>
   61 
   62 #include <opencrypto/cast.h>
   63 #include <opencrypto/deflate.h>
   64 #include <opencrypto/rmd160.h>
   65 #include <opencrypto/skipjack.h>
   66 
   67 #include <sys/md5.h>
   68 
   69 #include <opencrypto/cryptodev.h>
   70 #include <opencrypto/xform.h>
   71 
   72 static  int null_setkey(u_int8_t **, u_int8_t *, int);
   73 static  int des1_setkey(u_int8_t **, u_int8_t *, int);
   74 static  int des3_setkey(u_int8_t **, u_int8_t *, int);
   75 static  int blf_setkey(u_int8_t **, u_int8_t *, int);
   76 static  int cast5_setkey(u_int8_t **, u_int8_t *, int);
   77 static  int skipjack_setkey(u_int8_t **, u_int8_t *, int);
   78 static  int rijndael128_setkey(u_int8_t **, u_int8_t *, int);
   79 static  int aes_xts_setkey(u_int8_t **, u_int8_t *, int);
   80 static  int cml_setkey(u_int8_t **, u_int8_t *, int);
   81 
   82 static  void null_encrypt(caddr_t, u_int8_t *);
   83 static  void des1_encrypt(caddr_t, u_int8_t *);
   84 static  void des3_encrypt(caddr_t, u_int8_t *);
   85 static  void blf_encrypt(caddr_t, u_int8_t *);
   86 static  void cast5_encrypt(caddr_t, u_int8_t *);
   87 static  void skipjack_encrypt(caddr_t, u_int8_t *);
   88 static  void rijndael128_encrypt(caddr_t, u_int8_t *);
   89 static  void aes_xts_encrypt(caddr_t, u_int8_t *);
   90 static  void cml_encrypt(caddr_t, u_int8_t *);
   91 
   92 static  void null_decrypt(caddr_t, u_int8_t *);
   93 static  void des1_decrypt(caddr_t, u_int8_t *);
   94 static  void des3_decrypt(caddr_t, u_int8_t *);
   95 static  void blf_decrypt(caddr_t, u_int8_t *);
   96 static  void cast5_decrypt(caddr_t, u_int8_t *);
   97 static  void skipjack_decrypt(caddr_t, u_int8_t *);
   98 static  void rijndael128_decrypt(caddr_t, u_int8_t *);
   99 static  void aes_xts_decrypt(caddr_t, u_int8_t *);
  100 static  void cml_decrypt(caddr_t, u_int8_t *);
  101 
  102 static  void null_zerokey(u_int8_t **);
  103 static  void des1_zerokey(u_int8_t **);
  104 static  void des3_zerokey(u_int8_t **);
  105 static  void blf_zerokey(u_int8_t **);
  106 static  void cast5_zerokey(u_int8_t **);
  107 static  void skipjack_zerokey(u_int8_t **);
  108 static  void rijndael128_zerokey(u_int8_t **);
  109 static  void aes_xts_zerokey(u_int8_t **);
  110 static  void cml_zerokey(u_int8_t **);
  111 
  112 static  void aes_xts_reinit(caddr_t, u_int8_t *);
  113 
  114 static  void null_init(void *);
  115 static  int null_update(void *, u_int8_t *, u_int16_t);
  116 static  void null_final(u_int8_t *, void *);
  117 static  int MD5Update_int(void *, u_int8_t *, u_int16_t);
  118 static  void SHA1Init_int(void *);
  119 static  int SHA1Update_int(void *, u_int8_t *, u_int16_t);
  120 static  void SHA1Final_int(u_int8_t *, void *);
  121 static  int RMD160Update_int(void *, u_int8_t *, u_int16_t);
  122 static  int SHA256Update_int(void *, u_int8_t *, u_int16_t);
  123 static  int SHA384Update_int(void *, u_int8_t *, u_int16_t);
  124 static  int SHA512Update_int(void *, u_int8_t *, u_int16_t);
  125 
  126 static  u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **);
  127 static  u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **);
  128 
  129 MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers");
  130 
  131 /* Encryption instances */
  132 struct enc_xform enc_xform_null = {
  133         CRYPTO_NULL_CBC, "NULL",
  134         /* NB: blocksize of 4 is to generate a properly aligned ESP header */
  135         NULL_BLOCK_LEN, 0, 256, /* 2048 bits, max key */
  136         null_encrypt,
  137         null_decrypt,
  138         null_setkey,
  139         null_zerokey,
  140         NULL
  141 };
  142 
  143 struct enc_xform enc_xform_des = {
  144         CRYPTO_DES_CBC, "DES",
  145         DES_BLOCK_LEN, 8, 8,
  146         des1_encrypt,
  147         des1_decrypt,
  148         des1_setkey,
  149         des1_zerokey,
  150         NULL
  151 };
  152 
  153 struct enc_xform enc_xform_3des = {
  154         CRYPTO_3DES_CBC, "3DES",
  155         DES3_BLOCK_LEN, 24, 24,
  156         des3_encrypt,
  157         des3_decrypt,
  158         des3_setkey,
  159         des3_zerokey,
  160         NULL
  161 };
  162 
  163 struct enc_xform enc_xform_blf = {
  164         CRYPTO_BLF_CBC, "Blowfish",
  165         BLOWFISH_BLOCK_LEN, 5, 56 /* 448 bits, max key */,
  166         blf_encrypt,
  167         blf_decrypt,
  168         blf_setkey,
  169         blf_zerokey,
  170         NULL
  171 };
  172 
  173 struct enc_xform enc_xform_cast5 = {
  174         CRYPTO_CAST_CBC, "CAST-128",
  175         CAST128_BLOCK_LEN, 5, 16,
  176         cast5_encrypt,
  177         cast5_decrypt,
  178         cast5_setkey,
  179         cast5_zerokey,
  180         NULL
  181 };
  182 
  183 struct enc_xform enc_xform_skipjack = {
  184         CRYPTO_SKIPJACK_CBC, "Skipjack",
  185         SKIPJACK_BLOCK_LEN, 10, 10,
  186         skipjack_encrypt,
  187         skipjack_decrypt,
  188         skipjack_setkey,
  189         skipjack_zerokey,
  190         NULL
  191 };
  192 
  193 struct enc_xform enc_xform_rijndael128 = {
  194         CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES",
  195         RIJNDAEL128_BLOCK_LEN, 8, 32,
  196         rijndael128_encrypt,
  197         rijndael128_decrypt,
  198         rijndael128_setkey,
  199         rijndael128_zerokey,
  200         NULL
  201 };
  202 
  203 struct enc_xform enc_xform_aes_xts = {
  204         CRYPTO_AES_XTS, "AES-XTS",
  205         RIJNDAEL128_BLOCK_LEN, 32, 64,
  206         aes_xts_encrypt,
  207         aes_xts_decrypt,
  208         aes_xts_setkey,
  209         aes_xts_zerokey,
  210         aes_xts_reinit
  211 };
  212 
  213 struct enc_xform enc_xform_arc4 = {
  214         CRYPTO_ARC4, "ARC4",
  215         1, 1, 32,
  216         NULL,
  217         NULL,
  218         NULL,
  219         NULL,
  220         NULL
  221 };
  222 
  223 struct enc_xform enc_xform_camellia = {
  224         CRYPTO_CAMELLIA_CBC, "Camellia",
  225         CAMELLIA_BLOCK_LEN, 8, 32,
  226         cml_encrypt,
  227         cml_decrypt,
  228         cml_setkey,
  229         cml_zerokey,
  230         NULL
  231 };
  232 
  233 /* Authentication instances */
  234 struct auth_hash auth_hash_null = {
  235         CRYPTO_NULL_HMAC, "NULL-HMAC",
  236         0, NULL_HASH_LEN, NULL_HMAC_BLOCK_LEN, sizeof(int),     /* NB: context isn't used */
  237         null_init, null_update, null_final
  238 };
  239 
  240 struct auth_hash auth_hash_hmac_md5 = {
  241         CRYPTO_MD5_HMAC, "HMAC-MD5",
  242         16, MD5_HASH_LEN, MD5_HMAC_BLOCK_LEN, sizeof(MD5_CTX),
  243         (void (*) (void *)) MD5Init, MD5Update_int,
  244         (void (*) (u_int8_t *, void *)) MD5Final
  245 };
  246 
  247 struct auth_hash auth_hash_hmac_sha1 = {
  248         CRYPTO_SHA1_HMAC, "HMAC-SHA1",
  249         20, SHA1_HASH_LEN, SHA1_HMAC_BLOCK_LEN, sizeof(SHA1_CTX),
  250         SHA1Init_int, SHA1Update_int, SHA1Final_int
  251 };
  252 
  253 struct auth_hash auth_hash_hmac_ripemd_160 = {
  254         CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
  255         20, RIPEMD160_HASH_LEN, RIPEMD160_HMAC_BLOCK_LEN, sizeof(RMD160_CTX),
  256         (void (*)(void *)) RMD160Init, RMD160Update_int,
  257         (void (*)(u_int8_t *, void *)) RMD160Final
  258 };
  259 
  260 struct auth_hash auth_hash_key_md5 = {
  261         CRYPTO_MD5_KPDK, "Keyed MD5",
  262         0, MD5_KPDK_HASH_LEN, 0, sizeof(MD5_CTX),
  263         (void (*)(void *)) MD5Init, MD5Update_int,
  264         (void (*)(u_int8_t *, void *)) MD5Final
  265 };
  266 
  267 struct auth_hash auth_hash_key_sha1 = {
  268         CRYPTO_SHA1_KPDK, "Keyed SHA1",
  269         0, SHA1_KPDK_HASH_LEN, 0, sizeof(SHA1_CTX),
  270         SHA1Init_int, SHA1Update_int, SHA1Final_int
  271 };
  272 
  273 struct auth_hash auth_hash_hmac_sha2_256 = {
  274         CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256",
  275         32, SHA2_256_HASH_LEN, SHA2_256_HMAC_BLOCK_LEN, sizeof(SHA256_CTX),
  276         (void (*)(void *)) SHA256_Init, SHA256Update_int,
  277         (void (*)(u_int8_t *, void *)) SHA256_Final
  278 };
  279 
  280 struct auth_hash auth_hash_hmac_sha2_384 = {
  281         CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384",
  282         48, SHA2_384_HASH_LEN, SHA2_384_HMAC_BLOCK_LEN, sizeof(SHA384_CTX),
  283         (void (*)(void *)) SHA384_Init, SHA384Update_int,
  284         (void (*)(u_int8_t *, void *)) SHA384_Final
  285 };
  286 
  287 struct auth_hash auth_hash_hmac_sha2_512 = {
  288         CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512",
  289         64, SHA2_512_HASH_LEN, SHA2_512_HMAC_BLOCK_LEN, sizeof(SHA512_CTX),
  290         (void (*)(void *)) SHA512_Init, SHA512Update_int,
  291         (void (*)(u_int8_t *, void *)) SHA512_Final
  292 };
  293 
  294 /* Compression instance */
  295 struct comp_algo comp_algo_deflate = {
  296         CRYPTO_DEFLATE_COMP, "Deflate",
  297         90, deflate_compress,
  298         deflate_decompress
  299 };
  300 
  301 /*
  302  * Encryption wrapper routines.
  303  */
  304 static void
  305 null_encrypt(caddr_t key, u_int8_t *blk)
  306 {
  307 }
  308 static void
  309 null_decrypt(caddr_t key, u_int8_t *blk)
  310 {
  311 }
  312 static int
  313 null_setkey(u_int8_t **sched, u_int8_t *key, int len)
  314 {
  315         *sched = NULL;
  316         return 0;
  317 }
  318 static void
  319 null_zerokey(u_int8_t **sched)
  320 {
  321         *sched = NULL;
  322 }
  323 
  324 static void
  325 des1_encrypt(caddr_t key, u_int8_t *blk)
  326 {
  327         des_cblock *cb = (des_cblock *) blk;
  328         des_key_schedule *p = (des_key_schedule *) key;
  329 
  330         des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT);
  331 }
  332 
  333 static void
  334 des1_decrypt(caddr_t key, u_int8_t *blk)
  335 {
  336         des_cblock *cb = (des_cblock *) blk;
  337         des_key_schedule *p = (des_key_schedule *) key;
  338 
  339         des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT);
  340 }
  341 
  342 static int
  343 des1_setkey(u_int8_t **sched, u_int8_t *key, int len)
  344 {
  345         des_key_schedule *p;
  346         int err;
  347 
  348         p = malloc(sizeof (des_key_schedule),
  349                 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
  350         if (p != NULL) {
  351                 des_set_key((des_cblock *) key, p[0]);
  352                 err = 0;
  353         } else
  354                 err = ENOMEM;
  355         *sched = (u_int8_t *) p;
  356         return err;
  357 }
  358 
  359 static void
  360 des1_zerokey(u_int8_t **sched)
  361 {
  362         bzero(*sched, sizeof (des_key_schedule));
  363         free(*sched, M_CRYPTO_DATA);
  364         *sched = NULL;
  365 }
  366 
  367 static void
  368 des3_encrypt(caddr_t key, u_int8_t *blk)
  369 {
  370         des_cblock *cb = (des_cblock *) blk;
  371         des_key_schedule *p = (des_key_schedule *) key;
  372 
  373         des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT);
  374 }
  375 
  376 static void
  377 des3_decrypt(caddr_t key, u_int8_t *blk)
  378 {
  379         des_cblock *cb = (des_cblock *) blk;
  380         des_key_schedule *p = (des_key_schedule *) key;
  381 
  382         des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT);
  383 }
  384 
  385 static int
  386 des3_setkey(u_int8_t **sched, u_int8_t *key, int len)
  387 {
  388         des_key_schedule *p;
  389         int err;
  390 
  391         p = malloc(3*sizeof (des_key_schedule),
  392                 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
  393         if (p != NULL) {
  394                 des_set_key((des_cblock *)(key +  0), p[0]);
  395                 des_set_key((des_cblock *)(key +  8), p[1]);
  396                 des_set_key((des_cblock *)(key + 16), p[2]);
  397                 err = 0;
  398         } else
  399                 err = ENOMEM;
  400         *sched = (u_int8_t *) p;
  401         return err;
  402 }
  403 
  404 static void
  405 des3_zerokey(u_int8_t **sched)
  406 {
  407         bzero(*sched, 3*sizeof (des_key_schedule));
  408         free(*sched, M_CRYPTO_DATA);
  409         *sched = NULL;
  410 }
  411 
  412 static void
  413 blf_encrypt(caddr_t key, u_int8_t *blk)
  414 {
  415         BF_LONG t[2];
  416 
  417         memcpy(t, blk, sizeof (t));
  418         t[0] = ntohl(t[0]);
  419         t[1] = ntohl(t[1]);
  420         /* NB: BF_encrypt expects the block in host order! */
  421         BF_encrypt(t, (BF_KEY *) key);
  422         t[0] = htonl(t[0]);
  423         t[1] = htonl(t[1]);
  424         memcpy(blk, t, sizeof (t));
  425 }
  426 
  427 static void
  428 blf_decrypt(caddr_t key, u_int8_t *blk)
  429 {
  430         BF_LONG t[2];
  431 
  432         memcpy(t, blk, sizeof (t));
  433         t[0] = ntohl(t[0]);
  434         t[1] = ntohl(t[1]);
  435         /* NB: BF_decrypt expects the block in host order! */
  436         BF_decrypt(t, (BF_KEY *) key);
  437         t[0] = htonl(t[0]);
  438         t[1] = htonl(t[1]);
  439         memcpy(blk, t, sizeof (t));
  440 }
  441 
  442 static int
  443 blf_setkey(u_int8_t **sched, u_int8_t *key, int len)
  444 {
  445         int err;
  446 
  447         *sched = malloc(sizeof(BF_KEY),
  448                 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
  449         if (*sched != NULL) {
  450                 BF_set_key((BF_KEY *) *sched, len, key);
  451                 err = 0;
  452         } else
  453                 err = ENOMEM;
  454         return err;
  455 }
  456 
  457 static void
  458 blf_zerokey(u_int8_t **sched)
  459 {
  460         bzero(*sched, sizeof(BF_KEY));
  461         free(*sched, M_CRYPTO_DATA);
  462         *sched = NULL;
  463 }
  464 
  465 static void
  466 cast5_encrypt(caddr_t key, u_int8_t *blk)
  467 {
  468         cast_encrypt((cast_key *) key, blk, blk);
  469 }
  470 
  471 static void
  472 cast5_decrypt(caddr_t key, u_int8_t *blk)
  473 {
  474         cast_decrypt((cast_key *) key, blk, blk);
  475 }
  476 
  477 static int
  478 cast5_setkey(u_int8_t **sched, u_int8_t *key, int len)
  479 {
  480         int err;
  481 
  482         *sched = malloc(sizeof(cast_key), M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
  483         if (*sched != NULL) {
  484                 cast_setkey((cast_key *)*sched, key, len);
  485                 err = 0;
  486         } else
  487                 err = ENOMEM;
  488         return err;
  489 }
  490 
  491 static void
  492 cast5_zerokey(u_int8_t **sched)
  493 {
  494         bzero(*sched, sizeof(cast_key));
  495         free(*sched, M_CRYPTO_DATA);
  496         *sched = NULL;
  497 }
  498 
  499 static void
  500 skipjack_encrypt(caddr_t key, u_int8_t *blk)
  501 {
  502         skipjack_forwards(blk, blk, (u_int8_t **) key);
  503 }
  504 
  505 static void
  506 skipjack_decrypt(caddr_t key, u_int8_t *blk)
  507 {
  508         skipjack_backwards(blk, blk, (u_int8_t **) key);
  509 }
  510 
  511 static int
  512 skipjack_setkey(u_int8_t **sched, u_int8_t *key, int len)
  513 {
  514         int err;
  515 
  516         /* NB: allocate all the memory that's needed at once */
  517         *sched = malloc(10 * (sizeof(u_int8_t *) + 0x100),
  518                 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
  519         if (*sched != NULL) {
  520                 u_int8_t** key_tables = (u_int8_t**) *sched;
  521                 u_int8_t* table = (u_int8_t*) &key_tables[10];
  522                 int k;
  523 
  524                 for (k = 0; k < 10; k++) {
  525                         key_tables[k] = table;
  526                         table += 0x100;
  527                 }
  528                 subkey_table_gen(key, (u_int8_t **) *sched);
  529                 err = 0;
  530         } else
  531                 err = ENOMEM;
  532         return err;
  533 }
  534 
  535 static void
  536 skipjack_zerokey(u_int8_t **sched)
  537 {
  538         bzero(*sched, 10 * (sizeof(u_int8_t *) + 0x100));
  539         free(*sched, M_CRYPTO_DATA);
  540         *sched = NULL;
  541 }
  542 
  543 static void
  544 rijndael128_encrypt(caddr_t key, u_int8_t *blk)
  545 {
  546         rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk);
  547 }
  548 
  549 static void
  550 rijndael128_decrypt(caddr_t key, u_int8_t *blk)
  551 {
  552         rijndael_decrypt(((rijndael_ctx *) key), (u_char *) blk,
  553             (u_char *) blk);
  554 }
  555 
  556 static int
  557 rijndael128_setkey(u_int8_t **sched, u_int8_t *key, int len)
  558 {
  559         int err;
  560 
  561         if (len != 16 && len != 24 && len != 32)
  562                 return (EINVAL);
  563         *sched = malloc(sizeof(rijndael_ctx), M_CRYPTO_DATA,
  564             M_NOWAIT|M_ZERO);
  565         if (*sched != NULL) {
  566                 rijndael_set_key((rijndael_ctx *) *sched, (u_char *) key,
  567                     len * 8);
  568                 err = 0;
  569         } else
  570                 err = ENOMEM;
  571         return err;
  572 }
  573 
  574 static void
  575 rijndael128_zerokey(u_int8_t **sched)
  576 {
  577         bzero(*sched, sizeof(rijndael_ctx));
  578         free(*sched, M_CRYPTO_DATA);
  579         *sched = NULL;
  580 }
  581 
  582 #define AES_XTS_BLOCKSIZE       16
  583 #define AES_XTS_IVSIZE          8
  584 #define AES_XTS_ALPHA           0x87    /* GF(2^128) generator polynomial */
  585 
  586 struct aes_xts_ctx {
  587         rijndael_ctx key1;
  588         rijndael_ctx key2;
  589         u_int8_t tweak[AES_XTS_BLOCKSIZE];
  590 };
  591 
  592 void
  593 aes_xts_reinit(caddr_t key, u_int8_t *iv)
  594 {
  595         struct aes_xts_ctx *ctx = (struct aes_xts_ctx *)key;
  596         u_int64_t blocknum;
  597         u_int i;
  598 
  599         /*
  600          * Prepare tweak as E_k2(IV). IV is specified as LE representation
  601          * of a 64-bit block number which we allow to be passed in directly.
  602          */
  603         bcopy(iv, &blocknum, AES_XTS_IVSIZE);
  604         for (i = 0; i < AES_XTS_IVSIZE; i++) {
  605                 ctx->tweak[i] = blocknum & 0xff;
  606                 blocknum >>= 8;
  607         }
  608         /* Last 64 bits of IV are always zero */
  609         bzero(ctx->tweak + AES_XTS_IVSIZE, AES_XTS_IVSIZE);
  610 
  611         rijndael_encrypt(&ctx->key2, ctx->tweak, ctx->tweak);
  612 }
  613 
  614 static void
  615 aes_xts_crypt(struct aes_xts_ctx *ctx, u_int8_t *data, u_int do_encrypt)
  616 {
  617         u_int8_t block[AES_XTS_BLOCKSIZE];
  618         u_int i, carry_in, carry_out;
  619 
  620         for (i = 0; i < AES_XTS_BLOCKSIZE; i++)
  621                 block[i] = data[i] ^ ctx->tweak[i];
  622 
  623         if (do_encrypt)
  624                 rijndael_encrypt(&ctx->key1, block, data);
  625         else
  626                 rijndael_decrypt(&ctx->key1, block, data);
  627 
  628         for (i = 0; i < AES_XTS_BLOCKSIZE; i++)
  629                 data[i] ^= ctx->tweak[i];
  630 
  631         /* Exponentiate tweak */
  632         carry_in = 0;
  633         for (i = 0; i < AES_XTS_BLOCKSIZE; i++) {
  634                 carry_out = ctx->tweak[i] & 0x80;
  635                 ctx->tweak[i] = (ctx->tweak[i] << 1) | (carry_in ? 1 : 0);
  636                 carry_in = carry_out;
  637         }
  638         if (carry_in)
  639                 ctx->tweak[0] ^= AES_XTS_ALPHA;
  640         bzero(block, sizeof(block));
  641 }
  642 
  643 void
  644 aes_xts_encrypt(caddr_t key, u_int8_t *data)
  645 {
  646         aes_xts_crypt((struct aes_xts_ctx *)key, data, 1);
  647 }
  648 
  649 void
  650 aes_xts_decrypt(caddr_t key, u_int8_t *data)
  651 {
  652         aes_xts_crypt((struct aes_xts_ctx *)key, data, 0);
  653 }
  654 
  655 int
  656 aes_xts_setkey(u_int8_t **sched, u_int8_t *key, int len)
  657 {
  658         struct aes_xts_ctx *ctx;
  659 
  660         if (len != 32 && len != 64)
  661                 return EINVAL;
  662 
  663         *sched = malloc(sizeof(struct aes_xts_ctx), M_CRYPTO_DATA,
  664             M_NOWAIT | M_ZERO);
  665         if (*sched == NULL)
  666                 return ENOMEM;
  667         ctx = (struct aes_xts_ctx *)*sched;
  668 
  669         rijndael_set_key(&ctx->key1, key, len * 4);
  670         rijndael_set_key(&ctx->key2, key + (len / 2), len * 4);
  671 
  672         return 0;
  673 }
  674 
  675 void
  676 aes_xts_zerokey(u_int8_t **sched)
  677 {
  678         bzero(*sched, sizeof(struct aes_xts_ctx));
  679         free(*sched, M_CRYPTO_DATA);
  680         *sched = NULL;
  681 }
  682 
  683 static void
  684 cml_encrypt(caddr_t key, u_int8_t *blk)
  685 {
  686         camellia_encrypt((camellia_ctx *) key, (u_char *) blk, (u_char *) blk);
  687 }
  688 
  689 static void
  690 cml_decrypt(caddr_t key, u_int8_t *blk)
  691 {
  692         camellia_decrypt(((camellia_ctx *) key), (u_char *) blk,
  693             (u_char *) blk);
  694 }
  695 
  696 static int
  697 cml_setkey(u_int8_t **sched, u_int8_t *key, int len)
  698 {
  699         int err;
  700 
  701         if (len != 16 && len != 24 && len != 32)
  702                 return (EINVAL);
  703         *sched = malloc(sizeof(camellia_ctx), M_CRYPTO_DATA,
  704             M_NOWAIT|M_ZERO);
  705         if (*sched != NULL) {
  706                 camellia_set_key((camellia_ctx *) *sched, (u_char *) key,
  707                     len * 8);
  708                 err = 0;
  709         } else
  710                 err = ENOMEM;
  711         return err;
  712 }
  713 
  714 static void
  715 cml_zerokey(u_int8_t **sched)
  716 {
  717         bzero(*sched, sizeof(camellia_ctx));
  718         free(*sched, M_CRYPTO_DATA);
  719         *sched = NULL;
  720 }
  721 
  722 /*
  723  * And now for auth.
  724  */
  725 
  726 static void
  727 null_init(void *ctx)
  728 {
  729 }
  730 
  731 static int
  732 null_update(void *ctx, u_int8_t *buf, u_int16_t len)
  733 {
  734         return 0;
  735 }
  736 
  737 static void
  738 null_final(u_int8_t *buf, void *ctx)
  739 {
  740         if (buf != (u_int8_t *) 0)
  741                 bzero(buf, 12);
  742 }
  743 
  744 static int
  745 RMD160Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
  746 {
  747         RMD160Update(ctx, buf, len);
  748         return 0;
  749 }
  750 
  751 static int
  752 MD5Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
  753 {
  754         MD5Update(ctx, buf, len);
  755         return 0;
  756 }
  757 
  758 static void
  759 SHA1Init_int(void *ctx)
  760 {
  761         SHA1Init(ctx);
  762 }
  763 
  764 static int
  765 SHA1Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
  766 {
  767         SHA1Update(ctx, buf, len);
  768         return 0;
  769 }
  770 
  771 static void
  772 SHA1Final_int(u_int8_t *blk, void *ctx)
  773 {
  774         SHA1Final(blk, ctx);
  775 }
  776 
  777 static int
  778 SHA256Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
  779 {
  780         SHA256_Update(ctx, buf, len);
  781         return 0;
  782 }
  783 
  784 static int
  785 SHA384Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
  786 {
  787         SHA384_Update(ctx, buf, len);
  788         return 0;
  789 }
  790 
  791 static int
  792 SHA512Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
  793 {
  794         SHA512_Update(ctx, buf, len);
  795         return 0;
  796 }
  797 
  798 /*
  799  * And compression
  800  */
  801 
  802 static u_int32_t
  803 deflate_compress(data, size, out)
  804         u_int8_t *data;
  805         u_int32_t size;
  806         u_int8_t **out;
  807 {
  808         return deflate_global(data, size, 0, out);
  809 }
  810 
  811 static u_int32_t
  812 deflate_decompress(data, size, out)
  813         u_int8_t *data;
  814         u_int32_t size;
  815         u_int8_t **out;
  816 {
  817         return deflate_global(data, size, 1, out);
  818 }

Cache object: c4e20090e2c3f92df72773be47672504


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.