1 /* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */
2 /*-
3 * The authors of this code are John Ioannidis (ji@tla.org),
4 * Angelos D. Keromytis (kermit@csd.uch.gr) and
5 * Niels Provos (provos@physnet.uni-hamburg.de).
6 *
7 * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
8 * in November 1995.
9 *
10 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
11 * by Angelos D. Keromytis.
12 *
13 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
14 * and Niels Provos.
15 *
16 * Additional features in 1999 by Angelos D. Keromytis.
17 *
18 * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
19 * Angelos D. Keromytis and Niels Provos.
20 *
21 * Copyright (C) 2001, Angelos D. Keromytis.
22 *
23 * Permission to use, copy, and modify this software with or without fee
24 * is hereby granted, provided that this entire notice is included in
25 * all copies of any software which is or includes a copy or
26 * modification of this software.
27 * You may use this code under the GNU public license if you so wish. Please
28 * contribute changes back to the authors under this freer than GPL license
29 * so that we may further the use of strong encryption without limitations to
30 * all.
31 *
32 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
33 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
34 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
35 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
36 * PURPOSE.
37 */
38
39 #include <sys/cdefs.h>
40 __FBSDID("$FreeBSD: releng/6.2/sys/opencrypto/xform.c 161998 2006-09-04 15:16:14Z pjd $");
41
42 #include <sys/param.h>
43 #include <sys/systm.h>
44 #include <sys/malloc.h>
45 #include <sys/sysctl.h>
46 #include <sys/errno.h>
47 #include <sys/time.h>
48 #include <sys/kernel.h>
49 #include <machine/cpu.h>
50
51 #include <crypto/blowfish/blowfish.h>
52 #include <crypto/des/des.h>
53 #include <crypto/rijndael/rijndael.h>
54 #include <crypto/sha1.h>
55
56 #include <opencrypto/cast.h>
57 #include <opencrypto/deflate.h>
58 #include <opencrypto/rmd160.h>
59 #include <opencrypto/skipjack.h>
60
61 #include <sys/md5.h>
62
63 #include <opencrypto/cryptodev.h>
64 #include <opencrypto/xform.h>
65
66 static void null_encrypt(caddr_t, u_int8_t *);
67 static void null_decrypt(caddr_t, u_int8_t *);
68 static int null_setkey(u_int8_t **, u_int8_t *, int);
69 static void null_zerokey(u_int8_t **);
70
71 static int des1_setkey(u_int8_t **, u_int8_t *, int);
72 static int des3_setkey(u_int8_t **, u_int8_t *, int);
73 static int blf_setkey(u_int8_t **, u_int8_t *, int);
74 static int cast5_setkey(u_int8_t **, u_int8_t *, int);
75 static int skipjack_setkey(u_int8_t **, u_int8_t *, int);
76 static int rijndael128_setkey(u_int8_t **, u_int8_t *, int);
77 static void des1_encrypt(caddr_t, u_int8_t *);
78 static void des3_encrypt(caddr_t, u_int8_t *);
79 static void blf_encrypt(caddr_t, u_int8_t *);
80 static void cast5_encrypt(caddr_t, u_int8_t *);
81 static void skipjack_encrypt(caddr_t, u_int8_t *);
82 static void rijndael128_encrypt(caddr_t, u_int8_t *);
83 static void des1_decrypt(caddr_t, u_int8_t *);
84 static void des3_decrypt(caddr_t, u_int8_t *);
85 static void blf_decrypt(caddr_t, u_int8_t *);
86 static void cast5_decrypt(caddr_t, u_int8_t *);
87 static void skipjack_decrypt(caddr_t, u_int8_t *);
88 static void rijndael128_decrypt(caddr_t, u_int8_t *);
89 static void des1_zerokey(u_int8_t **);
90 static void des3_zerokey(u_int8_t **);
91 static void blf_zerokey(u_int8_t **);
92 static void cast5_zerokey(u_int8_t **);
93 static void skipjack_zerokey(u_int8_t **);
94 static void rijndael128_zerokey(u_int8_t **);
95
96 static void null_init(void *);
97 static int null_update(void *, u_int8_t *, u_int16_t);
98 static void null_final(u_int8_t *, void *);
99 static int MD5Update_int(void *, u_int8_t *, u_int16_t);
100 static void SHA1Init_int(void *);
101 static int SHA1Update_int(void *, u_int8_t *, u_int16_t);
102 static void SHA1Final_int(u_int8_t *, void *);
103 static int RMD160Update_int(void *, u_int8_t *, u_int16_t);
104 static int SHA256Update_int(void *, u_int8_t *, u_int16_t);
105 static int SHA384Update_int(void *, u_int8_t *, u_int16_t);
106 static int SHA512Update_int(void *, u_int8_t *, u_int16_t);
107
108 static u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **);
109 static u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **);
110
111 MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers");
112
113 /* Encryption instances */
114 struct enc_xform enc_xform_null = {
115 CRYPTO_NULL_CBC, "NULL",
116 /* NB: blocksize of 4 is to generate a properly aligned ESP header */
117 NULL_BLOCK_LEN, 0, 256, /* 2048 bits, max key */
118 null_encrypt,
119 null_decrypt,
120 null_setkey,
121 null_zerokey,
122 };
123
124 struct enc_xform enc_xform_des = {
125 CRYPTO_DES_CBC, "DES",
126 DES_BLOCK_LEN, 8, 8,
127 des1_encrypt,
128 des1_decrypt,
129 des1_setkey,
130 des1_zerokey,
131 };
132
133 struct enc_xform enc_xform_3des = {
134 CRYPTO_3DES_CBC, "3DES",
135 DES3_BLOCK_LEN, 24, 24,
136 des3_encrypt,
137 des3_decrypt,
138 des3_setkey,
139 des3_zerokey
140 };
141
142 struct enc_xform enc_xform_blf = {
143 CRYPTO_BLF_CBC, "Blowfish",
144 BLOWFISH_BLOCK_LEN, 5, 56 /* 448 bits, max key */,
145 blf_encrypt,
146 blf_decrypt,
147 blf_setkey,
148 blf_zerokey
149 };
150
151 struct enc_xform enc_xform_cast5 = {
152 CRYPTO_CAST_CBC, "CAST-128",
153 CAST128_BLOCK_LEN, 5, 16,
154 cast5_encrypt,
155 cast5_decrypt,
156 cast5_setkey,
157 cast5_zerokey
158 };
159
160 struct enc_xform enc_xform_skipjack = {
161 CRYPTO_SKIPJACK_CBC, "Skipjack",
162 SKIPJACK_BLOCK_LEN, 10, 10,
163 skipjack_encrypt,
164 skipjack_decrypt,
165 skipjack_setkey,
166 skipjack_zerokey
167 };
168
169 struct enc_xform enc_xform_rijndael128 = {
170 CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES",
171 RIJNDAEL128_BLOCK_LEN, 8, 32,
172 rijndael128_encrypt,
173 rijndael128_decrypt,
174 rijndael128_setkey,
175 rijndael128_zerokey,
176 };
177
178 struct enc_xform enc_xform_arc4 = {
179 CRYPTO_ARC4, "ARC4",
180 1, 1, 32,
181 NULL,
182 NULL,
183 NULL,
184 NULL,
185 };
186
187 /* Authentication instances */
188 struct auth_hash auth_hash_null = {
189 CRYPTO_NULL_HMAC, "NULL-HMAC",
190 0, NULL_HASH_LEN, NULL_HMAC_BLOCK_LEN, sizeof(int), /* NB: context isn't used */
191 null_init, null_update, null_final
192 };
193
194 struct auth_hash auth_hash_hmac_md5 = {
195 CRYPTO_MD5_HMAC, "HMAC-MD5",
196 16, MD5_HASH_LEN, MD5_HMAC_BLOCK_LEN, sizeof(MD5_CTX),
197 (void (*) (void *)) MD5Init, MD5Update_int,
198 (void (*) (u_int8_t *, void *)) MD5Final
199 };
200
201 struct auth_hash auth_hash_hmac_sha1 = {
202 CRYPTO_SHA1_HMAC, "HMAC-SHA1",
203 20, SHA1_HASH_LEN, SHA1_HMAC_BLOCK_LEN, sizeof(SHA1_CTX),
204 SHA1Init_int, SHA1Update_int, SHA1Final_int
205 };
206
207 struct auth_hash auth_hash_hmac_ripemd_160 = {
208 CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
209 20, RIPEMD160_HASH_LEN, RIPEMD160_HMAC_BLOCK_LEN, sizeof(RMD160_CTX),
210 (void (*)(void *)) RMD160Init, RMD160Update_int,
211 (void (*)(u_int8_t *, void *)) RMD160Final
212 };
213
214 struct auth_hash auth_hash_key_md5 = {
215 CRYPTO_MD5_KPDK, "Keyed MD5",
216 0, MD5_KPDK_HASH_LEN, 0, sizeof(MD5_CTX),
217 (void (*)(void *)) MD5Init, MD5Update_int,
218 (void (*)(u_int8_t *, void *)) MD5Final
219 };
220
221 struct auth_hash auth_hash_key_sha1 = {
222 CRYPTO_SHA1_KPDK, "Keyed SHA1",
223 0, SHA1_KPDK_HASH_LEN, 0, sizeof(SHA1_CTX),
224 SHA1Init_int, SHA1Update_int, SHA1Final_int
225 };
226
227 struct auth_hash auth_hash_hmac_sha2_256 = {
228 CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256",
229 32, SHA2_256_HASH_LEN, SHA2_256_HMAC_BLOCK_LEN, sizeof(SHA256_CTX),
230 (void (*)(void *)) SHA256_Init, SHA256Update_int,
231 (void (*)(u_int8_t *, void *)) SHA256_Final
232 };
233
234 struct auth_hash auth_hash_hmac_sha2_384 = {
235 CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384",
236 48, SHA2_384_HASH_LEN, SHA2_384_HMAC_BLOCK_LEN, sizeof(SHA384_CTX),
237 (void (*)(void *)) SHA384_Init, SHA384Update_int,
238 (void (*)(u_int8_t *, void *)) SHA384_Final
239 };
240
241 struct auth_hash auth_hash_hmac_sha2_512 = {
242 CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512",
243 64, SHA2_512_HASH_LEN, SHA2_512_HMAC_BLOCK_LEN, sizeof(SHA512_CTX),
244 (void (*)(void *)) SHA512_Init, SHA512Update_int,
245 (void (*)(u_int8_t *, void *)) SHA512_Final
246 };
247
248 /* Compression instance */
249 struct comp_algo comp_algo_deflate = {
250 CRYPTO_DEFLATE_COMP, "Deflate",
251 90, deflate_compress,
252 deflate_decompress
253 };
254
255 /*
256 * Encryption wrapper routines.
257 */
258 static void
259 null_encrypt(caddr_t key, u_int8_t *blk)
260 {
261 }
262 static void
263 null_decrypt(caddr_t key, u_int8_t *blk)
264 {
265 }
266 static int
267 null_setkey(u_int8_t **sched, u_int8_t *key, int len)
268 {
269 *sched = NULL;
270 return 0;
271 }
272 static void
273 null_zerokey(u_int8_t **sched)
274 {
275 *sched = NULL;
276 }
277
278 static void
279 des1_encrypt(caddr_t key, u_int8_t *blk)
280 {
281 des_cblock *cb = (des_cblock *) blk;
282 des_key_schedule *p = (des_key_schedule *) key;
283
284 des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT);
285 }
286
287 static void
288 des1_decrypt(caddr_t key, u_int8_t *blk)
289 {
290 des_cblock *cb = (des_cblock *) blk;
291 des_key_schedule *p = (des_key_schedule *) key;
292
293 des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT);
294 }
295
296 static int
297 des1_setkey(u_int8_t **sched, u_int8_t *key, int len)
298 {
299 des_key_schedule *p;
300 int err;
301
302 MALLOC(p, des_key_schedule *, sizeof (des_key_schedule),
303 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
304 if (p != NULL) {
305 des_set_key((des_cblock *) key, p[0]);
306 err = 0;
307 } else
308 err = ENOMEM;
309 *sched = (u_int8_t *) p;
310 return err;
311 }
312
313 static void
314 des1_zerokey(u_int8_t **sched)
315 {
316 bzero(*sched, sizeof (des_key_schedule));
317 FREE(*sched, M_CRYPTO_DATA);
318 *sched = NULL;
319 }
320
321 static void
322 des3_encrypt(caddr_t key, u_int8_t *blk)
323 {
324 des_cblock *cb = (des_cblock *) blk;
325 des_key_schedule *p = (des_key_schedule *) key;
326
327 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT);
328 }
329
330 static void
331 des3_decrypt(caddr_t key, u_int8_t *blk)
332 {
333 des_cblock *cb = (des_cblock *) blk;
334 des_key_schedule *p = (des_key_schedule *) key;
335
336 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT);
337 }
338
339 static int
340 des3_setkey(u_int8_t **sched, u_int8_t *key, int len)
341 {
342 des_key_schedule *p;
343 int err;
344
345 MALLOC(p, des_key_schedule *, 3*sizeof (des_key_schedule),
346 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
347 if (p != NULL) {
348 des_set_key((des_cblock *)(key + 0), p[0]);
349 des_set_key((des_cblock *)(key + 8), p[1]);
350 des_set_key((des_cblock *)(key + 16), p[2]);
351 err = 0;
352 } else
353 err = ENOMEM;
354 *sched = (u_int8_t *) p;
355 return err;
356 }
357
358 static void
359 des3_zerokey(u_int8_t **sched)
360 {
361 bzero(*sched, 3*sizeof (des_key_schedule));
362 FREE(*sched, M_CRYPTO_DATA);
363 *sched = NULL;
364 }
365
366 static void
367 blf_encrypt(caddr_t key, u_int8_t *blk)
368 {
369 BF_LONG t[2];
370
371 memcpy(t, blk, sizeof (t));
372 t[0] = ntohl(t[0]);
373 t[1] = ntohl(t[1]);
374 /* NB: BF_encrypt expects the block in host order! */
375 BF_encrypt(t, (BF_KEY *) key);
376 t[0] = htonl(t[0]);
377 t[1] = htonl(t[1]);
378 memcpy(blk, t, sizeof (t));
379 }
380
381 static void
382 blf_decrypt(caddr_t key, u_int8_t *blk)
383 {
384 BF_LONG t[2];
385
386 memcpy(t, blk, sizeof (t));
387 t[0] = ntohl(t[0]);
388 t[1] = ntohl(t[1]);
389 /* NB: BF_decrypt expects the block in host order! */
390 BF_decrypt(t, (BF_KEY *) key);
391 t[0] = htonl(t[0]);
392 t[1] = htonl(t[1]);
393 memcpy(blk, t, sizeof (t));
394 }
395
396 static int
397 blf_setkey(u_int8_t **sched, u_int8_t *key, int len)
398 {
399 int err;
400
401 MALLOC(*sched, u_int8_t *, sizeof(BF_KEY),
402 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
403 if (*sched != NULL) {
404 BF_set_key((BF_KEY *) *sched, len, key);
405 err = 0;
406 } else
407 err = ENOMEM;
408 return err;
409 }
410
411 static void
412 blf_zerokey(u_int8_t **sched)
413 {
414 bzero(*sched, sizeof(BF_KEY));
415 FREE(*sched, M_CRYPTO_DATA);
416 *sched = NULL;
417 }
418
419 static void
420 cast5_encrypt(caddr_t key, u_int8_t *blk)
421 {
422 cast_encrypt((cast_key *) key, blk, blk);
423 }
424
425 static void
426 cast5_decrypt(caddr_t key, u_int8_t *blk)
427 {
428 cast_decrypt((cast_key *) key, blk, blk);
429 }
430
431 static int
432 cast5_setkey(u_int8_t **sched, u_int8_t *key, int len)
433 {
434 int err;
435
436 MALLOC(*sched, u_int8_t *, sizeof(cast_key), M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
437 if (*sched != NULL) {
438 cast_setkey((cast_key *)*sched, key, len);
439 err = 0;
440 } else
441 err = ENOMEM;
442 return err;
443 }
444
445 static void
446 cast5_zerokey(u_int8_t **sched)
447 {
448 bzero(*sched, sizeof(cast_key));
449 FREE(*sched, M_CRYPTO_DATA);
450 *sched = NULL;
451 }
452
453 static void
454 skipjack_encrypt(caddr_t key, u_int8_t *blk)
455 {
456 skipjack_forwards(blk, blk, (u_int8_t **) key);
457 }
458
459 static void
460 skipjack_decrypt(caddr_t key, u_int8_t *blk)
461 {
462 skipjack_backwards(blk, blk, (u_int8_t **) key);
463 }
464
465 static int
466 skipjack_setkey(u_int8_t **sched, u_int8_t *key, int len)
467 {
468 int err;
469
470 /* NB: allocate all the memory that's needed at once */
471 MALLOC(*sched, u_int8_t *, 10 * (sizeof(u_int8_t *) + 0x100),
472 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
473 if (*sched != NULL) {
474 u_int8_t** key_tables = (u_int8_t**) *sched;
475 u_int8_t* table = (u_int8_t*) &key_tables[10];
476 int k;
477
478 for (k = 0; k < 10; k++) {
479 key_tables[k] = table;
480 table += 0x100;
481 }
482 subkey_table_gen(key, (u_int8_t **) *sched);
483 err = 0;
484 } else
485 err = ENOMEM;
486 return err;
487 }
488
489 static void
490 skipjack_zerokey(u_int8_t **sched)
491 {
492 bzero(*sched, 10 * (sizeof(u_int8_t *) + 0x100));
493 FREE(*sched, M_CRYPTO_DATA);
494 *sched = NULL;
495 }
496
497 static void
498 rijndael128_encrypt(caddr_t key, u_int8_t *blk)
499 {
500 rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk);
501 }
502
503 static void
504 rijndael128_decrypt(caddr_t key, u_int8_t *blk)
505 {
506 rijndael_decrypt(((rijndael_ctx *) key), (u_char *) blk,
507 (u_char *) blk);
508 }
509
510 static int
511 rijndael128_setkey(u_int8_t **sched, u_int8_t *key, int len)
512 {
513 int err;
514
515 if (len != 16 && len != 24 && len != 32)
516 return (EINVAL);
517 MALLOC(*sched, u_int8_t *, sizeof(rijndael_ctx), M_CRYPTO_DATA,
518 M_NOWAIT|M_ZERO);
519 if (*sched != NULL) {
520 rijndael_set_key((rijndael_ctx *) *sched, (u_char *) key,
521 len * 8);
522 err = 0;
523 } else
524 err = ENOMEM;
525 return err;
526 }
527
528 static void
529 rijndael128_zerokey(u_int8_t **sched)
530 {
531 bzero(*sched, sizeof(rijndael_ctx));
532 FREE(*sched, M_CRYPTO_DATA);
533 *sched = NULL;
534 }
535
536 /*
537 * And now for auth.
538 */
539
540 static void
541 null_init(void *ctx)
542 {
543 }
544
545 static int
546 null_update(void *ctx, u_int8_t *buf, u_int16_t len)
547 {
548 return 0;
549 }
550
551 static void
552 null_final(u_int8_t *buf, void *ctx)
553 {
554 if (buf != (u_int8_t *) 0)
555 bzero(buf, 12);
556 }
557
558 static int
559 RMD160Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
560 {
561 RMD160Update(ctx, buf, len);
562 return 0;
563 }
564
565 static int
566 MD5Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
567 {
568 MD5Update(ctx, buf, len);
569 return 0;
570 }
571
572 static void
573 SHA1Init_int(void *ctx)
574 {
575 SHA1Init(ctx);
576 }
577
578 static int
579 SHA1Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
580 {
581 SHA1Update(ctx, buf, len);
582 return 0;
583 }
584
585 static void
586 SHA1Final_int(u_int8_t *blk, void *ctx)
587 {
588 SHA1Final(blk, ctx);
589 }
590
591 static int
592 SHA256Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
593 {
594 SHA256_Update(ctx, buf, len);
595 return 0;
596 }
597
598 static int
599 SHA384Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
600 {
601 SHA384_Update(ctx, buf, len);
602 return 0;
603 }
604
605 static int
606 SHA512Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
607 {
608 SHA512_Update(ctx, buf, len);
609 return 0;
610 }
611
612 /*
613 * And compression
614 */
615
616 static u_int32_t
617 deflate_compress(data, size, out)
618 u_int8_t *data;
619 u_int32_t size;
620 u_int8_t **out;
621 {
622 return deflate_global(data, size, 0, out);
623 }
624
625 static u_int32_t
626 deflate_decompress(data, size, out)
627 u_int8_t *data;
628 u_int32_t size;
629 u_int8_t **out;
630 {
631 return deflate_global(data, size, 1, out);
632 }
Cache object: 3472f2deea8f9738ec88e211a4fad9b5
|