1 /* $FreeBSD$ */
2 /* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */
3 /*
4 * The authors of this code are John Ioannidis (ji@tla.org),
5 * Angelos D. Keromytis (kermit@csd.uch.gr) and
6 * Niels Provos (provos@physnet.uni-hamburg.de).
7 *
8 * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
9 * in November 1995.
10 *
11 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
12 * by Angelos D. Keromytis.
13 *
14 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
15 * and Niels Provos.
16 *
17 * Additional features in 1999 by Angelos D. Keromytis.
18 *
19 * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
20 * Angelos D. Keromytis and Niels Provos.
21 *
22 * Copyright (C) 2001, Angelos D. Keromytis.
23 *
24 * Permission to use, copy, and modify this software with or without fee
25 * is hereby granted, provided that this entire notice is included in
26 * all copies of any software which is or includes a copy or
27 * modification of this software.
28 * You may use this code under the GNU public license if you so wish. Please
29 * contribute changes back to the authors under this freer than GPL license
30 * so that we may further the use of strong encryption without limitations to
31 * all.
32 *
33 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
34 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
35 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
36 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
37 * PURPOSE.
38 */
39
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/malloc.h>
43 #include <sys/sysctl.h>
44 #include <sys/errno.h>
45 #include <sys/time.h>
46 #include <sys/kernel.h>
47 #include <machine/cpu.h>
48
49 #include <crypto/blowfish/blowfish.h>
50 #include <crypto/des/des.h>
51 #include <crypto/sha1.h>
52
53 #include <opencrypto/cast.h>
54 #include <opencrypto/deflate.h>
55 #include <opencrypto/rijndael.h>
56 #include <opencrypto/rmd160.h>
57 #include <opencrypto/skipjack.h>
58
59 #include <sys/md5.h>
60
61 #include <opencrypto/cryptodev.h>
62 #include <opencrypto/xform.h>
63
64 static void null_encrypt(caddr_t, u_int8_t *);
65 static void null_decrypt(caddr_t, u_int8_t *);
66 static int null_setkey(u_int8_t **, u_int8_t *, int);
67 static void null_zerokey(u_int8_t **);
68
69 static int des1_setkey(u_int8_t **, u_int8_t *, int);
70 static int des3_setkey(u_int8_t **, u_int8_t *, int);
71 static int blf_setkey(u_int8_t **, u_int8_t *, int);
72 static int cast5_setkey(u_int8_t **, u_int8_t *, int);
73 static int skipjack_setkey(u_int8_t **, u_int8_t *, int);
74 static int rijndael128_setkey(u_int8_t **, u_int8_t *, int);
75 static void des1_encrypt(caddr_t, u_int8_t *);
76 static void des3_encrypt(caddr_t, u_int8_t *);
77 static void blf_encrypt(caddr_t, u_int8_t *);
78 static void cast5_encrypt(caddr_t, u_int8_t *);
79 static void skipjack_encrypt(caddr_t, u_int8_t *);
80 static void rijndael128_encrypt(caddr_t, u_int8_t *);
81 static void des1_decrypt(caddr_t, u_int8_t *);
82 static void des3_decrypt(caddr_t, u_int8_t *);
83 static void blf_decrypt(caddr_t, u_int8_t *);
84 static void cast5_decrypt(caddr_t, u_int8_t *);
85 static void skipjack_decrypt(caddr_t, u_int8_t *);
86 static void rijndael128_decrypt(caddr_t, u_int8_t *);
87 static void des1_zerokey(u_int8_t **);
88 static void des3_zerokey(u_int8_t **);
89 static void blf_zerokey(u_int8_t **);
90 static void cast5_zerokey(u_int8_t **);
91 static void skipjack_zerokey(u_int8_t **);
92 static void rijndael128_zerokey(u_int8_t **);
93
94 static void null_init(void *);
95 static int null_update(void *, u_int8_t *, u_int16_t);
96 static void null_final(u_int8_t *, void *);
97 static int MD5Update_int(void *, u_int8_t *, u_int16_t);
98 static void SHA1Init_int(void *);
99 static int SHA1Update_int(void *, u_int8_t *, u_int16_t);
100 static void SHA1Final_int(u_int8_t *, void *);
101 static int RMD160Update_int(void *, u_int8_t *, u_int16_t);
102 static int SHA256Update_int(void *, u_int8_t *, u_int16_t);
103 static int SHA384Update_int(void *, u_int8_t *, u_int16_t);
104 static int SHA512Update_int(void *, u_int8_t *, u_int16_t);
105
106 static u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **);
107 static u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **);
108
109 MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers");
110
111 /* Encryption instances */
112 struct enc_xform enc_xform_null = {
113 CRYPTO_NULL_CBC, "NULL",
114 /* NB: blocksize of 4 is to generate a properly aligned ESP header */
115 4, 0, 256, /* 2048 bits, max key */
116 null_encrypt,
117 null_decrypt,
118 null_setkey,
119 null_zerokey,
120 };
121
122 struct enc_xform enc_xform_des = {
123 CRYPTO_DES_CBC, "DES",
124 8, 8, 8,
125 des1_encrypt,
126 des1_decrypt,
127 des1_setkey,
128 des1_zerokey,
129 };
130
131 struct enc_xform enc_xform_3des = {
132 CRYPTO_3DES_CBC, "3DES",
133 8, 24, 24,
134 des3_encrypt,
135 des3_decrypt,
136 des3_setkey,
137 des3_zerokey
138 };
139
140 struct enc_xform enc_xform_blf = {
141 CRYPTO_BLF_CBC, "Blowfish",
142 8, 5, 56 /* 448 bits, max key */,
143 blf_encrypt,
144 blf_decrypt,
145 blf_setkey,
146 blf_zerokey
147 };
148
149 struct enc_xform enc_xform_cast5 = {
150 CRYPTO_CAST_CBC, "CAST-128",
151 8, 5, 16,
152 cast5_encrypt,
153 cast5_decrypt,
154 cast5_setkey,
155 cast5_zerokey
156 };
157
158 struct enc_xform enc_xform_skipjack = {
159 CRYPTO_SKIPJACK_CBC, "Skipjack",
160 8, 10, 10,
161 skipjack_encrypt,
162 skipjack_decrypt,
163 skipjack_setkey,
164 skipjack_zerokey
165 };
166
167 struct enc_xform enc_xform_rijndael128 = {
168 CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES",
169 16, 8, 32,
170 rijndael128_encrypt,
171 rijndael128_decrypt,
172 rijndael128_setkey,
173 rijndael128_zerokey,
174 };
175
176 struct enc_xform enc_xform_arc4 = {
177 CRYPTO_ARC4, "ARC4",
178 1, 1, 32,
179 NULL,
180 NULL,
181 NULL,
182 NULL,
183 };
184
185 /* Authentication instances */
186 struct auth_hash auth_hash_null = {
187 CRYPTO_NULL_HMAC, "NULL-HMAC",
188 0, 0, 12, sizeof(int), /* NB: context isn't used */
189 null_init, null_update, null_final
190 };
191
192 struct auth_hash auth_hash_hmac_md5_96 = {
193 CRYPTO_MD5_HMAC, "HMAC-MD5",
194 16, 16, 12, sizeof(MD5_CTX),
195 (void (*) (void *)) MD5Init, MD5Update_int,
196 (void (*) (u_int8_t *, void *)) MD5Final
197 };
198
199 struct auth_hash auth_hash_hmac_sha1_96 = {
200 CRYPTO_SHA1_HMAC, "HMAC-SHA1",
201 20, 20, 12, sizeof(SHA1_CTX),
202 SHA1Init_int, SHA1Update_int, SHA1Final_int
203 };
204
205 struct auth_hash auth_hash_hmac_ripemd_160_96 = {
206 CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
207 20, 20, 12, sizeof(RMD160_CTX),
208 (void (*)(void *)) RMD160Init, RMD160Update_int,
209 (void (*)(u_int8_t *, void *)) RMD160Final
210 };
211
212 struct auth_hash auth_hash_key_md5 = {
213 CRYPTO_MD5_KPDK, "Keyed MD5",
214 0, 16, 12, sizeof(MD5_CTX),
215 (void (*)(void *)) MD5Init, MD5Update_int,
216 (void (*)(u_int8_t *, void *)) MD5Final
217 };
218
219 struct auth_hash auth_hash_key_sha1 = {
220 CRYPTO_SHA1_KPDK, "Keyed SHA1",
221 0, 20, 12, sizeof(SHA1_CTX),
222 SHA1Init_int, SHA1Update_int, SHA1Final_int
223 };
224
225 struct auth_hash auth_hash_hmac_sha2_256 = {
226 CRYPTO_SHA2_HMAC, "HMAC-SHA2",
227 32, 32, 12, sizeof(SHA256_CTX),
228 (void (*)(void *)) SHA256_Init, SHA256Update_int,
229 (void (*)(u_int8_t *, void *)) SHA256_Final
230 };
231
232 struct auth_hash auth_hash_hmac_sha2_384 = {
233 CRYPTO_SHA2_HMAC, "HMAC-SHA2-384",
234 48, 48, 12, sizeof(SHA384_CTX),
235 (void (*)(void *)) SHA384_Init, SHA384Update_int,
236 (void (*)(u_int8_t *, void *)) SHA384_Final
237 };
238
239 struct auth_hash auth_hash_hmac_sha2_512 = {
240 CRYPTO_SHA2_HMAC, "HMAC-SHA2-512",
241 64, 64, 12, sizeof(SHA512_CTX),
242 (void (*)(void *)) SHA512_Init, SHA512Update_int,
243 (void (*)(u_int8_t *, void *)) SHA512_Final
244 };
245
246 /* Compression instance */
247 struct comp_algo comp_algo_deflate = {
248 CRYPTO_DEFLATE_COMP, "Deflate",
249 90, deflate_compress,
250 deflate_decompress
251 };
252
253 /*
254 * Encryption wrapper routines.
255 */
256 static void
257 null_encrypt(caddr_t key, u_int8_t *blk)
258 {
259 }
260 static void
261 null_decrypt(caddr_t key, u_int8_t *blk)
262 {
263 }
264 static int
265 null_setkey(u_int8_t **sched, u_int8_t *key, int len)
266 {
267 *sched = NULL;
268 return 0;
269 }
270 static void
271 null_zerokey(u_int8_t **sched)
272 {
273 *sched = NULL;
274 }
275
276 static void
277 des1_encrypt(caddr_t key, u_int8_t *blk)
278 {
279 des_cblock *cb = (des_cblock *) blk;
280 des_key_schedule *p = (des_key_schedule *) key;
281
282 des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT);
283 }
284
285 static void
286 des1_decrypt(caddr_t key, u_int8_t *blk)
287 {
288 des_cblock *cb = (des_cblock *) blk;
289 des_key_schedule *p = (des_key_schedule *) key;
290
291 des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT);
292 }
293
294 static int
295 des1_setkey(u_int8_t **sched, u_int8_t *key, int len)
296 {
297 des_key_schedule *p;
298 int err;
299
300 MALLOC(p, des_key_schedule *, sizeof (des_key_schedule),
301 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
302 if (p != NULL) {
303 des_set_key((des_cblock *) key, p[0]);
304 err = 0;
305 } else
306 err = ENOMEM;
307 *sched = (u_int8_t *) p;
308 return err;
309 }
310
311 static void
312 des1_zerokey(u_int8_t **sched)
313 {
314 bzero(*sched, sizeof (des_key_schedule));
315 FREE(*sched, M_CRYPTO_DATA);
316 *sched = NULL;
317 }
318
319 static void
320 des3_encrypt(caddr_t key, u_int8_t *blk)
321 {
322 des_cblock *cb = (des_cblock *) blk;
323 des_key_schedule *p = (des_key_schedule *) key;
324
325 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT);
326 }
327
328 static void
329 des3_decrypt(caddr_t key, u_int8_t *blk)
330 {
331 des_cblock *cb = (des_cblock *) blk;
332 des_key_schedule *p = (des_key_schedule *) key;
333
334 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT);
335 }
336
337 static int
338 des3_setkey(u_int8_t **sched, u_int8_t *key, int len)
339 {
340 des_key_schedule *p;
341 int err;
342
343 MALLOC(p, des_key_schedule *, 3*sizeof (des_key_schedule),
344 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
345 if (p != NULL) {
346 des_set_key((des_cblock *)(key + 0), p[0]);
347 des_set_key((des_cblock *)(key + 8), p[1]);
348 des_set_key((des_cblock *)(key + 16), p[2]);
349 err = 0;
350 } else
351 err = ENOMEM;
352 *sched = (u_int8_t *) p;
353 return err;
354 }
355
356 static void
357 des3_zerokey(u_int8_t **sched)
358 {
359 bzero(*sched, 3*sizeof (des_key_schedule));
360 FREE(*sched, M_CRYPTO_DATA);
361 *sched = NULL;
362 }
363
364 static void
365 blf_encrypt(caddr_t key, u_int8_t *blk)
366 {
367 BF_LONG t[2];
368
369 memcpy(t, blk, sizeof (t));
370 t[0] = ntohl(t[0]);
371 t[1] = ntohl(t[1]);
372 /* NB: BF_encrypt expects the block in host order! */
373 BF_encrypt(t, (BF_KEY *) key);
374 t[0] = htonl(t[0]);
375 t[1] = htonl(t[1]);
376 memcpy(blk, t, sizeof (t));
377 }
378
379 static void
380 blf_decrypt(caddr_t key, u_int8_t *blk)
381 {
382 BF_LONG t[2];
383
384 memcpy(t, blk, sizeof (t));
385 t[0] = ntohl(t[0]);
386 t[1] = ntohl(t[1]);
387 /* NB: BF_decrypt expects the block in host order! */
388 BF_decrypt(t, (BF_KEY *) key);
389 t[0] = htonl(t[0]);
390 t[1] = htonl(t[1]);
391 memcpy(blk, t, sizeof (t));
392 }
393
394 static int
395 blf_setkey(u_int8_t **sched, u_int8_t *key, int len)
396 {
397 int err;
398
399 MALLOC(*sched, u_int8_t *, sizeof(BF_KEY),
400 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
401 if (*sched != NULL) {
402 BF_set_key((BF_KEY *) *sched, len, key);
403 err = 0;
404 } else
405 err = ENOMEM;
406 return err;
407 }
408
409 static void
410 blf_zerokey(u_int8_t **sched)
411 {
412 bzero(*sched, sizeof(BF_KEY));
413 FREE(*sched, M_CRYPTO_DATA);
414 *sched = NULL;
415 }
416
417 static void
418 cast5_encrypt(caddr_t key, u_int8_t *blk)
419 {
420 cast_encrypt((cast_key *) key, blk, blk);
421 }
422
423 static void
424 cast5_decrypt(caddr_t key, u_int8_t *blk)
425 {
426 cast_decrypt((cast_key *) key, blk, blk);
427 }
428
429 static int
430 cast5_setkey(u_int8_t **sched, u_int8_t *key, int len)
431 {
432 int err;
433
434 MALLOC(*sched, u_int8_t *, sizeof(cast_key), M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
435 if (*sched != NULL) {
436 cast_setkey((cast_key *)*sched, key, len);
437 err = 0;
438 } else
439 err = ENOMEM;
440 return err;
441 }
442
443 static void
444 cast5_zerokey(u_int8_t **sched)
445 {
446 bzero(*sched, sizeof(cast_key));
447 FREE(*sched, M_CRYPTO_DATA);
448 *sched = NULL;
449 }
450
451 static void
452 skipjack_encrypt(caddr_t key, u_int8_t *blk)
453 {
454 skipjack_forwards(blk, blk, (u_int8_t **) key);
455 }
456
457 static void
458 skipjack_decrypt(caddr_t key, u_int8_t *blk)
459 {
460 skipjack_backwards(blk, blk, (u_int8_t **) key);
461 }
462
463 static int
464 skipjack_setkey(u_int8_t **sched, u_int8_t *key, int len)
465 {
466 int err;
467
468 /* NB: allocate all the memory that's needed at once */
469 MALLOC(*sched, u_int8_t *, 10 * (sizeof(u_int8_t *) + 0x100),
470 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
471 if (*sched != NULL) {
472 u_int8_t** key_tables = (u_int8_t**) *sched;
473 u_int8_t* table = (u_int8_t*) &key_tables[10];
474 int k;
475
476 for (k = 0; k < 10; k++) {
477 key_tables[k] = table;
478 table += 0x100;
479 }
480 subkey_table_gen(key, (u_int8_t **) *sched);
481 err = 0;
482 } else
483 err = ENOMEM;
484 return err;
485 }
486
487 static void
488 skipjack_zerokey(u_int8_t **sched)
489 {
490 bzero(*sched, 10 * (sizeof(u_int8_t *) + 0x100));
491 FREE(*sched, M_CRYPTO_DATA);
492 *sched = NULL;
493 }
494
495 static void
496 rijndael128_encrypt(caddr_t key, u_int8_t *blk)
497 {
498 rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk);
499 }
500
501 static void
502 rijndael128_decrypt(caddr_t key, u_int8_t *blk)
503 {
504 rijndael_decrypt(((rijndael_ctx *) key) + 1, (u_char *) blk,
505 (u_char *) blk);
506 }
507
508 static int
509 rijndael128_setkey(u_int8_t **sched, u_int8_t *key, int len)
510 {
511 int err;
512
513 MALLOC(*sched, u_int8_t *, 2 * sizeof(rijndael_ctx), M_CRYPTO_DATA,
514 M_NOWAIT|M_ZERO);
515 if (*sched != NULL) {
516 rijndael_set_key((rijndael_ctx *) *sched, (u_char *) key, len * 8, 1);
517 rijndael_set_key(((rijndael_ctx *) *sched) + 1, (u_char *) key,
518 len * 8, 0);
519 err = 0;
520 } else
521 err = ENOMEM;
522 return err;
523 }
524
525 static void
526 rijndael128_zerokey(u_int8_t **sched)
527 {
528 bzero(*sched, 2 * sizeof(rijndael_ctx));
529 FREE(*sched, M_CRYPTO_DATA);
530 *sched = NULL;
531 }
532
533 /*
534 * And now for auth.
535 */
536
537 static void
538 null_init(void *ctx)
539 {
540 }
541
542 static int
543 null_update(void *ctx, u_int8_t *buf, u_int16_t len)
544 {
545 return 0;
546 }
547
548 static void
549 null_final(u_int8_t *buf, void *ctx)
550 {
551 if (buf != (u_int8_t *) 0)
552 bzero(buf, 12);
553 }
554
555 static int
556 RMD160Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
557 {
558 RMD160Update(ctx, buf, len);
559 return 0;
560 }
561
562 static int
563 MD5Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
564 {
565 MD5Update(ctx, buf, len);
566 return 0;
567 }
568
569 static void
570 SHA1Init_int(void *ctx)
571 {
572 SHA1Init(ctx);
573 }
574
575 static int
576 SHA1Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
577 {
578 SHA1Update(ctx, buf, len);
579 return 0;
580 }
581
582 static void
583 SHA1Final_int(u_int8_t *blk, void *ctx)
584 {
585 SHA1Final(blk, ctx);
586 }
587
588 static int
589 SHA256Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
590 {
591 SHA256_Update(ctx, buf, len);
592 return 0;
593 }
594
595 static int
596 SHA384Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
597 {
598 SHA384_Update(ctx, buf, len);
599 return 0;
600 }
601
602 static int
603 SHA512Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
604 {
605 SHA512_Update(ctx, buf, len);
606 return 0;
607 }
608
609 /*
610 * And compression
611 */
612
613 static u_int32_t
614 deflate_compress(data, size, out)
615 u_int8_t *data;
616 u_int32_t size;
617 u_int8_t **out;
618 {
619 return deflate_global(data, size, 0, out);
620 }
621
622 static u_int32_t
623 deflate_decompress(data, size, out)
624 u_int8_t *data;
625 u_int32_t size;
626 u_int8_t **out;
627 {
628 return deflate_global(data, size, 1, out);
629 }
Cache object: 664940f8d99271f9e71b99b2b9fac3c5
|