The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/opencrypto/xform.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*      $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $  */
    2 /*-
    3  * The authors of this code are John Ioannidis (ji@tla.org),
    4  * Angelos D. Keromytis (kermit@csd.uch.gr) and
    5  * Niels Provos (provos@physnet.uni-hamburg.de).
    6  *
    7  * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
    8  * in November 1995.
    9  *
   10  * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
   11  * by Angelos D. Keromytis.
   12  *
   13  * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
   14  * and Niels Provos.
   15  *
   16  * Additional features in 1999 by Angelos D. Keromytis.
   17  *
   18  * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
   19  * Angelos D. Keromytis and Niels Provos.
   20  *
   21  * Copyright (C) 2001, Angelos D. Keromytis.
   22  *
   23  * Permission to use, copy, and modify this software with or without fee
   24  * is hereby granted, provided that this entire notice is included in
   25  * all copies of any software which is or includes a copy or
   26  * modification of this software.
   27  * You may use this code under the GNU public license if you so wish. Please
   28  * contribute changes back to the authors under this freer than GPL license
   29  * so that we may further the use of strong encryption without limitations to
   30  * all.
   31  *
   32  * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
   33  * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
   34  * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
   35  * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
   36  * PURPOSE.
   37  */
   38 
   39 #include <sys/cdefs.h>
   40 __FBSDID("$FreeBSD: releng/8.2/sys/opencrypto/xform.c 214254 2010-10-23 22:11:30Z pjd $");
   41 
   42 #include <sys/param.h>
   43 #include <sys/systm.h>
   44 #include <sys/malloc.h>
   45 #include <sys/sysctl.h>
   46 #include <sys/errno.h>
   47 #include <sys/time.h>
   48 #include <sys/kernel.h>
   49 #include <machine/cpu.h>
   50 
   51 #include <crypto/blowfish/blowfish.h>
   52 #include <crypto/des/des.h>
   53 #include <crypto/rijndael/rijndael.h>
   54 #include <crypto/camellia/camellia.h>
   55 #include <crypto/sha1.h>
   56 
   57 #include <opencrypto/cast.h>
   58 #include <opencrypto/deflate.h>
   59 #include <opencrypto/rmd160.h>
   60 #include <opencrypto/skipjack.h>
   61 
   62 #include <sys/md5.h>
   63 
   64 #include <opencrypto/cryptodev.h>
   65 #include <opencrypto/xform.h>
   66 
   67 static  int null_setkey(u_int8_t **, u_int8_t *, int);
   68 static  int des1_setkey(u_int8_t **, u_int8_t *, int);
   69 static  int des3_setkey(u_int8_t **, u_int8_t *, int);
   70 static  int blf_setkey(u_int8_t **, u_int8_t *, int);
   71 static  int cast5_setkey(u_int8_t **, u_int8_t *, int);
   72 static  int skipjack_setkey(u_int8_t **, u_int8_t *, int);
   73 static  int rijndael128_setkey(u_int8_t **, u_int8_t *, int);
   74 static  int aes_xts_setkey(u_int8_t **, u_int8_t *, int);
   75 static  int cml_setkey(u_int8_t **, u_int8_t *, int);
   76 
   77 static  void null_encrypt(caddr_t, u_int8_t *);
   78 static  void des1_encrypt(caddr_t, u_int8_t *);
   79 static  void des3_encrypt(caddr_t, u_int8_t *);
   80 static  void blf_encrypt(caddr_t, u_int8_t *);
   81 static  void cast5_encrypt(caddr_t, u_int8_t *);
   82 static  void skipjack_encrypt(caddr_t, u_int8_t *);
   83 static  void rijndael128_encrypt(caddr_t, u_int8_t *);
   84 static  void aes_xts_encrypt(caddr_t, u_int8_t *);
   85 static  void cml_encrypt(caddr_t, u_int8_t *);
   86 
   87 static  void null_decrypt(caddr_t, u_int8_t *);
   88 static  void des1_decrypt(caddr_t, u_int8_t *);
   89 static  void des3_decrypt(caddr_t, u_int8_t *);
   90 static  void blf_decrypt(caddr_t, u_int8_t *);
   91 static  void cast5_decrypt(caddr_t, u_int8_t *);
   92 static  void skipjack_decrypt(caddr_t, u_int8_t *);
   93 static  void rijndael128_decrypt(caddr_t, u_int8_t *);
   94 static  void aes_xts_decrypt(caddr_t, u_int8_t *);
   95 static  void cml_decrypt(caddr_t, u_int8_t *);
   96 
   97 static  void null_zerokey(u_int8_t **);
   98 static  void des1_zerokey(u_int8_t **);
   99 static  void des3_zerokey(u_int8_t **);
  100 static  void blf_zerokey(u_int8_t **);
  101 static  void cast5_zerokey(u_int8_t **);
  102 static  void skipjack_zerokey(u_int8_t **);
  103 static  void rijndael128_zerokey(u_int8_t **);
  104 static  void aes_xts_zerokey(u_int8_t **);
  105 static  void cml_zerokey(u_int8_t **);
  106 
  107 static  void aes_xts_reinit(caddr_t, u_int8_t *);
  108 
  109 static  void null_init(void *);
  110 static  int null_update(void *, u_int8_t *, u_int16_t);
  111 static  void null_final(u_int8_t *, void *);
  112 static  int MD5Update_int(void *, u_int8_t *, u_int16_t);
  113 static  void SHA1Init_int(void *);
  114 static  int SHA1Update_int(void *, u_int8_t *, u_int16_t);
  115 static  void SHA1Final_int(u_int8_t *, void *);
  116 static  int RMD160Update_int(void *, u_int8_t *, u_int16_t);
  117 static  int SHA256Update_int(void *, u_int8_t *, u_int16_t);
  118 static  int SHA384Update_int(void *, u_int8_t *, u_int16_t);
  119 static  int SHA512Update_int(void *, u_int8_t *, u_int16_t);
  120 
  121 static  u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **);
  122 static  u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **);
  123 
  124 MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers");
  125 
  126 /* Encryption instances */
  127 struct enc_xform enc_xform_null = {
  128         CRYPTO_NULL_CBC, "NULL",
  129         /* NB: blocksize of 4 is to generate a properly aligned ESP header */
  130         NULL_BLOCK_LEN, 0, 256, /* 2048 bits, max key */
  131         null_encrypt,
  132         null_decrypt,
  133         null_setkey,
  134         null_zerokey,
  135         NULL
  136 };
  137 
  138 struct enc_xform enc_xform_des = {
  139         CRYPTO_DES_CBC, "DES",
  140         DES_BLOCK_LEN, 8, 8,
  141         des1_encrypt,
  142         des1_decrypt,
  143         des1_setkey,
  144         des1_zerokey,
  145         NULL
  146 };
  147 
  148 struct enc_xform enc_xform_3des = {
  149         CRYPTO_3DES_CBC, "3DES",
  150         DES3_BLOCK_LEN, 24, 24,
  151         des3_encrypt,
  152         des3_decrypt,
  153         des3_setkey,
  154         des3_zerokey,
  155         NULL
  156 };
  157 
  158 struct enc_xform enc_xform_blf = {
  159         CRYPTO_BLF_CBC, "Blowfish",
  160         BLOWFISH_BLOCK_LEN, 5, 56 /* 448 bits, max key */,
  161         blf_encrypt,
  162         blf_decrypt,
  163         blf_setkey,
  164         blf_zerokey,
  165         NULL
  166 };
  167 
  168 struct enc_xform enc_xform_cast5 = {
  169         CRYPTO_CAST_CBC, "CAST-128",
  170         CAST128_BLOCK_LEN, 5, 16,
  171         cast5_encrypt,
  172         cast5_decrypt,
  173         cast5_setkey,
  174         cast5_zerokey,
  175         NULL
  176 };
  177 
  178 struct enc_xform enc_xform_skipjack = {
  179         CRYPTO_SKIPJACK_CBC, "Skipjack",
  180         SKIPJACK_BLOCK_LEN, 10, 10,
  181         skipjack_encrypt,
  182         skipjack_decrypt,
  183         skipjack_setkey,
  184         skipjack_zerokey,
  185         NULL
  186 };
  187 
  188 struct enc_xform enc_xform_rijndael128 = {
  189         CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES",
  190         RIJNDAEL128_BLOCK_LEN, 8, 32,
  191         rijndael128_encrypt,
  192         rijndael128_decrypt,
  193         rijndael128_setkey,
  194         rijndael128_zerokey,
  195         NULL
  196 };
  197 
  198 struct enc_xform enc_xform_aes_xts = {
  199         CRYPTO_AES_XTS, "AES-XTS",
  200         RIJNDAEL128_BLOCK_LEN, 32, 64,
  201         aes_xts_encrypt,
  202         aes_xts_decrypt,
  203         aes_xts_setkey,
  204         aes_xts_zerokey,
  205         aes_xts_reinit
  206 };
  207 
  208 struct enc_xform enc_xform_arc4 = {
  209         CRYPTO_ARC4, "ARC4",
  210         1, 1, 32,
  211         NULL,
  212         NULL,
  213         NULL,
  214         NULL,
  215         NULL
  216 };
  217 
  218 struct enc_xform enc_xform_camellia = {
  219         CRYPTO_CAMELLIA_CBC, "Camellia",
  220         CAMELLIA_BLOCK_LEN, 8, 32,
  221         cml_encrypt,
  222         cml_decrypt,
  223         cml_setkey,
  224         cml_zerokey,
  225         NULL
  226 };
  227 
  228 /* Authentication instances */
  229 struct auth_hash auth_hash_null = {
  230         CRYPTO_NULL_HMAC, "NULL-HMAC",
  231         0, NULL_HASH_LEN, NULL_HMAC_BLOCK_LEN, sizeof(int),     /* NB: context isn't used */
  232         null_init, null_update, null_final
  233 };
  234 
  235 struct auth_hash auth_hash_hmac_md5 = {
  236         CRYPTO_MD5_HMAC, "HMAC-MD5",
  237         16, MD5_HASH_LEN, MD5_HMAC_BLOCK_LEN, sizeof(MD5_CTX),
  238         (void (*) (void *)) MD5Init, MD5Update_int,
  239         (void (*) (u_int8_t *, void *)) MD5Final
  240 };
  241 
  242 struct auth_hash auth_hash_hmac_sha1 = {
  243         CRYPTO_SHA1_HMAC, "HMAC-SHA1",
  244         20, SHA1_HASH_LEN, SHA1_HMAC_BLOCK_LEN, sizeof(SHA1_CTX),
  245         SHA1Init_int, SHA1Update_int, SHA1Final_int
  246 };
  247 
  248 struct auth_hash auth_hash_hmac_ripemd_160 = {
  249         CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
  250         20, RIPEMD160_HASH_LEN, RIPEMD160_HMAC_BLOCK_LEN, sizeof(RMD160_CTX),
  251         (void (*)(void *)) RMD160Init, RMD160Update_int,
  252         (void (*)(u_int8_t *, void *)) RMD160Final
  253 };
  254 
  255 struct auth_hash auth_hash_key_md5 = {
  256         CRYPTO_MD5_KPDK, "Keyed MD5",
  257         0, MD5_KPDK_HASH_LEN, 0, sizeof(MD5_CTX),
  258         (void (*)(void *)) MD5Init, MD5Update_int,
  259         (void (*)(u_int8_t *, void *)) MD5Final
  260 };
  261 
  262 struct auth_hash auth_hash_key_sha1 = {
  263         CRYPTO_SHA1_KPDK, "Keyed SHA1",
  264         0, SHA1_KPDK_HASH_LEN, 0, sizeof(SHA1_CTX),
  265         SHA1Init_int, SHA1Update_int, SHA1Final_int
  266 };
  267 
  268 struct auth_hash auth_hash_hmac_sha2_256 = {
  269         CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256",
  270         32, SHA2_256_HASH_LEN, SHA2_256_HMAC_BLOCK_LEN, sizeof(SHA256_CTX),
  271         (void (*)(void *)) SHA256_Init, SHA256Update_int,
  272         (void (*)(u_int8_t *, void *)) SHA256_Final
  273 };
  274 
  275 struct auth_hash auth_hash_hmac_sha2_384 = {
  276         CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384",
  277         48, SHA2_384_HASH_LEN, SHA2_384_HMAC_BLOCK_LEN, sizeof(SHA384_CTX),
  278         (void (*)(void *)) SHA384_Init, SHA384Update_int,
  279         (void (*)(u_int8_t *, void *)) SHA384_Final
  280 };
  281 
  282 struct auth_hash auth_hash_hmac_sha2_512 = {
  283         CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512",
  284         64, SHA2_512_HASH_LEN, SHA2_512_HMAC_BLOCK_LEN, sizeof(SHA512_CTX),
  285         (void (*)(void *)) SHA512_Init, SHA512Update_int,
  286         (void (*)(u_int8_t *, void *)) SHA512_Final
  287 };
  288 
  289 /* Compression instance */
  290 struct comp_algo comp_algo_deflate = {
  291         CRYPTO_DEFLATE_COMP, "Deflate",
  292         90, deflate_compress,
  293         deflate_decompress
  294 };
  295 
  296 /*
  297  * Encryption wrapper routines.
  298  */
  299 static void
  300 null_encrypt(caddr_t key, u_int8_t *blk)
  301 {
  302 }
  303 static void
  304 null_decrypt(caddr_t key, u_int8_t *blk)
  305 {
  306 }
  307 static int
  308 null_setkey(u_int8_t **sched, u_int8_t *key, int len)
  309 {
  310         *sched = NULL;
  311         return 0;
  312 }
  313 static void
  314 null_zerokey(u_int8_t **sched)
  315 {
  316         *sched = NULL;
  317 }
  318 
  319 static void
  320 des1_encrypt(caddr_t key, u_int8_t *blk)
  321 {
  322         des_cblock *cb = (des_cblock *) blk;
  323         des_key_schedule *p = (des_key_schedule *) key;
  324 
  325         des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT);
  326 }
  327 
  328 static void
  329 des1_decrypt(caddr_t key, u_int8_t *blk)
  330 {
  331         des_cblock *cb = (des_cblock *) blk;
  332         des_key_schedule *p = (des_key_schedule *) key;
  333 
  334         des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT);
  335 }
  336 
  337 static int
  338 des1_setkey(u_int8_t **sched, u_int8_t *key, int len)
  339 {
  340         des_key_schedule *p;
  341         int err;
  342 
  343         p = malloc(sizeof (des_key_schedule),
  344                 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
  345         if (p != NULL) {
  346                 des_set_key((des_cblock *) key, p[0]);
  347                 err = 0;
  348         } else
  349                 err = ENOMEM;
  350         *sched = (u_int8_t *) p;
  351         return err;
  352 }
  353 
  354 static void
  355 des1_zerokey(u_int8_t **sched)
  356 {
  357         bzero(*sched, sizeof (des_key_schedule));
  358         free(*sched, M_CRYPTO_DATA);
  359         *sched = NULL;
  360 }
  361 
  362 static void
  363 des3_encrypt(caddr_t key, u_int8_t *blk)
  364 {
  365         des_cblock *cb = (des_cblock *) blk;
  366         des_key_schedule *p = (des_key_schedule *) key;
  367 
  368         des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT);
  369 }
  370 
  371 static void
  372 des3_decrypt(caddr_t key, u_int8_t *blk)
  373 {
  374         des_cblock *cb = (des_cblock *) blk;
  375         des_key_schedule *p = (des_key_schedule *) key;
  376 
  377         des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT);
  378 }
  379 
  380 static int
  381 des3_setkey(u_int8_t **sched, u_int8_t *key, int len)
  382 {
  383         des_key_schedule *p;
  384         int err;
  385 
  386         p = malloc(3*sizeof (des_key_schedule),
  387                 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
  388         if (p != NULL) {
  389                 des_set_key((des_cblock *)(key +  0), p[0]);
  390                 des_set_key((des_cblock *)(key +  8), p[1]);
  391                 des_set_key((des_cblock *)(key + 16), p[2]);
  392                 err = 0;
  393         } else
  394                 err = ENOMEM;
  395         *sched = (u_int8_t *) p;
  396         return err;
  397 }
  398 
  399 static void
  400 des3_zerokey(u_int8_t **sched)
  401 {
  402         bzero(*sched, 3*sizeof (des_key_schedule));
  403         free(*sched, M_CRYPTO_DATA);
  404         *sched = NULL;
  405 }
  406 
  407 static void
  408 blf_encrypt(caddr_t key, u_int8_t *blk)
  409 {
  410         BF_LONG t[2];
  411 
  412         memcpy(t, blk, sizeof (t));
  413         t[0] = ntohl(t[0]);
  414         t[1] = ntohl(t[1]);
  415         /* NB: BF_encrypt expects the block in host order! */
  416         BF_encrypt(t, (BF_KEY *) key);
  417         t[0] = htonl(t[0]);
  418         t[1] = htonl(t[1]);
  419         memcpy(blk, t, sizeof (t));
  420 }
  421 
  422 static void
  423 blf_decrypt(caddr_t key, u_int8_t *blk)
  424 {
  425         BF_LONG t[2];
  426 
  427         memcpy(t, blk, sizeof (t));
  428         t[0] = ntohl(t[0]);
  429         t[1] = ntohl(t[1]);
  430         /* NB: BF_decrypt expects the block in host order! */
  431         BF_decrypt(t, (BF_KEY *) key);
  432         t[0] = htonl(t[0]);
  433         t[1] = htonl(t[1]);
  434         memcpy(blk, t, sizeof (t));
  435 }
  436 
  437 static int
  438 blf_setkey(u_int8_t **sched, u_int8_t *key, int len)
  439 {
  440         int err;
  441 
  442         *sched = malloc(sizeof(BF_KEY),
  443                 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
  444         if (*sched != NULL) {
  445                 BF_set_key((BF_KEY *) *sched, len, key);
  446                 err = 0;
  447         } else
  448                 err = ENOMEM;
  449         return err;
  450 }
  451 
  452 static void
  453 blf_zerokey(u_int8_t **sched)
  454 {
  455         bzero(*sched, sizeof(BF_KEY));
  456         free(*sched, M_CRYPTO_DATA);
  457         *sched = NULL;
  458 }
  459 
  460 static void
  461 cast5_encrypt(caddr_t key, u_int8_t *blk)
  462 {
  463         cast_encrypt((cast_key *) key, blk, blk);
  464 }
  465 
  466 static void
  467 cast5_decrypt(caddr_t key, u_int8_t *blk)
  468 {
  469         cast_decrypt((cast_key *) key, blk, blk);
  470 }
  471 
  472 static int
  473 cast5_setkey(u_int8_t **sched, u_int8_t *key, int len)
  474 {
  475         int err;
  476 
  477         *sched = malloc(sizeof(cast_key), M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
  478         if (*sched != NULL) {
  479                 cast_setkey((cast_key *)*sched, key, len);
  480                 err = 0;
  481         } else
  482                 err = ENOMEM;
  483         return err;
  484 }
  485 
  486 static void
  487 cast5_zerokey(u_int8_t **sched)
  488 {
  489         bzero(*sched, sizeof(cast_key));
  490         free(*sched, M_CRYPTO_DATA);
  491         *sched = NULL;
  492 }
  493 
  494 static void
  495 skipjack_encrypt(caddr_t key, u_int8_t *blk)
  496 {
  497         skipjack_forwards(blk, blk, (u_int8_t **) key);
  498 }
  499 
  500 static void
  501 skipjack_decrypt(caddr_t key, u_int8_t *blk)
  502 {
  503         skipjack_backwards(blk, blk, (u_int8_t **) key);
  504 }
  505 
  506 static int
  507 skipjack_setkey(u_int8_t **sched, u_int8_t *key, int len)
  508 {
  509         int err;
  510 
  511         /* NB: allocate all the memory that's needed at once */
  512         *sched = malloc(10 * (sizeof(u_int8_t *) + 0x100),
  513                 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
  514         if (*sched != NULL) {
  515                 u_int8_t** key_tables = (u_int8_t**) *sched;
  516                 u_int8_t* table = (u_int8_t*) &key_tables[10];
  517                 int k;
  518 
  519                 for (k = 0; k < 10; k++) {
  520                         key_tables[k] = table;
  521                         table += 0x100;
  522                 }
  523                 subkey_table_gen(key, (u_int8_t **) *sched);
  524                 err = 0;
  525         } else
  526                 err = ENOMEM;
  527         return err;
  528 }
  529 
  530 static void
  531 skipjack_zerokey(u_int8_t **sched)
  532 {
  533         bzero(*sched, 10 * (sizeof(u_int8_t *) + 0x100));
  534         free(*sched, M_CRYPTO_DATA);
  535         *sched = NULL;
  536 }
  537 
  538 static void
  539 rijndael128_encrypt(caddr_t key, u_int8_t *blk)
  540 {
  541         rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk);
  542 }
  543 
  544 static void
  545 rijndael128_decrypt(caddr_t key, u_int8_t *blk)
  546 {
  547         rijndael_decrypt(((rijndael_ctx *) key), (u_char *) blk,
  548             (u_char *) blk);
  549 }
  550 
  551 static int
  552 rijndael128_setkey(u_int8_t **sched, u_int8_t *key, int len)
  553 {
  554         int err;
  555 
  556         if (len != 16 && len != 24 && len != 32)
  557                 return (EINVAL);
  558         *sched = malloc(sizeof(rijndael_ctx), M_CRYPTO_DATA,
  559             M_NOWAIT|M_ZERO);
  560         if (*sched != NULL) {
  561                 rijndael_set_key((rijndael_ctx *) *sched, (u_char *) key,
  562                     len * 8);
  563                 err = 0;
  564         } else
  565                 err = ENOMEM;
  566         return err;
  567 }
  568 
  569 static void
  570 rijndael128_zerokey(u_int8_t **sched)
  571 {
  572         bzero(*sched, sizeof(rijndael_ctx));
  573         free(*sched, M_CRYPTO_DATA);
  574         *sched = NULL;
  575 }
  576 
  577 #define AES_XTS_BLOCKSIZE       16
  578 #define AES_XTS_IVSIZE          8
  579 #define AES_XTS_ALPHA           0x87    /* GF(2^128) generator polynomial */
  580 
  581 struct aes_xts_ctx {
  582         rijndael_ctx key1;
  583         rijndael_ctx key2;
  584         u_int8_t tweak[AES_XTS_BLOCKSIZE];
  585 };
  586 
  587 void
  588 aes_xts_reinit(caddr_t key, u_int8_t *iv)
  589 {
  590         struct aes_xts_ctx *ctx = (struct aes_xts_ctx *)key;
  591         u_int64_t blocknum;
  592         u_int i;
  593 
  594         /*
  595          * Prepare tweak as E_k2(IV). IV is specified as LE representation
  596          * of a 64-bit block number which we allow to be passed in directly.
  597          */
  598         bcopy(iv, &blocknum, AES_XTS_IVSIZE);
  599         for (i = 0; i < AES_XTS_IVSIZE; i++) {
  600                 ctx->tweak[i] = blocknum & 0xff;
  601                 blocknum >>= 8;
  602         }
  603         /* Last 64 bits of IV are always zero */
  604         bzero(ctx->tweak + AES_XTS_IVSIZE, AES_XTS_IVSIZE);
  605 
  606         rijndael_encrypt(&ctx->key2, ctx->tweak, ctx->tweak);
  607 }
  608 
  609 static void
  610 aes_xts_crypt(struct aes_xts_ctx *ctx, u_int8_t *data, u_int do_encrypt)
  611 {
  612         u_int8_t block[AES_XTS_BLOCKSIZE];
  613         u_int i, carry_in, carry_out;
  614 
  615         for (i = 0; i < AES_XTS_BLOCKSIZE; i++)
  616                 block[i] = data[i] ^ ctx->tweak[i];
  617 
  618         if (do_encrypt)
  619                 rijndael_encrypt(&ctx->key1, block, data);
  620         else
  621                 rijndael_decrypt(&ctx->key1, block, data);
  622 
  623         for (i = 0; i < AES_XTS_BLOCKSIZE; i++)
  624                 data[i] ^= ctx->tweak[i];
  625 
  626         /* Exponentiate tweak */
  627         carry_in = 0;
  628         for (i = 0; i < AES_XTS_BLOCKSIZE; i++) {
  629                 carry_out = ctx->tweak[i] & 0x80;
  630                 ctx->tweak[i] = (ctx->tweak[i] << 1) | (carry_in ? 1 : 0);
  631                 carry_in = carry_out;
  632         }
  633         if (carry_in)
  634                 ctx->tweak[0] ^= AES_XTS_ALPHA;
  635         bzero(block, sizeof(block));
  636 }
  637 
  638 void
  639 aes_xts_encrypt(caddr_t key, u_int8_t *data)
  640 {
  641         aes_xts_crypt((struct aes_xts_ctx *)key, data, 1);
  642 }
  643 
  644 void
  645 aes_xts_decrypt(caddr_t key, u_int8_t *data)
  646 {
  647         aes_xts_crypt((struct aes_xts_ctx *)key, data, 0);
  648 }
  649 
  650 int
  651 aes_xts_setkey(u_int8_t **sched, u_int8_t *key, int len)
  652 {
  653         struct aes_xts_ctx *ctx;
  654 
  655         if (len != 32 && len != 64)
  656                 return EINVAL;
  657 
  658         *sched = malloc(sizeof(struct aes_xts_ctx), M_CRYPTO_DATA,
  659             M_NOWAIT | M_ZERO);
  660         if (*sched == NULL)
  661                 return ENOMEM;
  662         ctx = (struct aes_xts_ctx *)*sched;
  663 
  664         rijndael_set_key(&ctx->key1, key, len * 4);
  665         rijndael_set_key(&ctx->key2, key + (len / 2), len * 4);
  666 
  667         return 0;
  668 }
  669 
  670 void
  671 aes_xts_zerokey(u_int8_t **sched)
  672 {
  673         bzero(*sched, sizeof(struct aes_xts_ctx));
  674         free(*sched, M_CRYPTO_DATA);
  675         *sched = NULL;
  676 }
  677 
  678 static void
  679 cml_encrypt(caddr_t key, u_int8_t *blk)
  680 {
  681         camellia_encrypt((camellia_ctx *) key, (u_char *) blk, (u_char *) blk);
  682 }
  683 
  684 static void
  685 cml_decrypt(caddr_t key, u_int8_t *blk)
  686 {
  687         camellia_decrypt(((camellia_ctx *) key), (u_char *) blk,
  688             (u_char *) blk);
  689 }
  690 
  691 static int
  692 cml_setkey(u_int8_t **sched, u_int8_t *key, int len)
  693 {
  694         int err;
  695 
  696         if (len != 16 && len != 24 && len != 32)
  697                 return (EINVAL);
  698         *sched = malloc(sizeof(camellia_ctx), M_CRYPTO_DATA,
  699             M_NOWAIT|M_ZERO);
  700         if (*sched != NULL) {
  701                 camellia_set_key((camellia_ctx *) *sched, (u_char *) key,
  702                     len * 8);
  703                 err = 0;
  704         } else
  705                 err = ENOMEM;
  706         return err;
  707 }
  708 
  709 static void
  710 cml_zerokey(u_int8_t **sched)
  711 {
  712         bzero(*sched, sizeof(camellia_ctx));
  713         free(*sched, M_CRYPTO_DATA);
  714         *sched = NULL;
  715 }
  716 
  717 /*
  718  * And now for auth.
  719  */
  720 
  721 static void
  722 null_init(void *ctx)
  723 {
  724 }
  725 
  726 static int
  727 null_update(void *ctx, u_int8_t *buf, u_int16_t len)
  728 {
  729         return 0;
  730 }
  731 
  732 static void
  733 null_final(u_int8_t *buf, void *ctx)
  734 {
  735         if (buf != (u_int8_t *) 0)
  736                 bzero(buf, 12);
  737 }
  738 
  739 static int
  740 RMD160Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
  741 {
  742         RMD160Update(ctx, buf, len);
  743         return 0;
  744 }
  745 
  746 static int
  747 MD5Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
  748 {
  749         MD5Update(ctx, buf, len);
  750         return 0;
  751 }
  752 
  753 static void
  754 SHA1Init_int(void *ctx)
  755 {
  756         SHA1Init(ctx);
  757 }
  758 
  759 static int
  760 SHA1Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
  761 {
  762         SHA1Update(ctx, buf, len);
  763         return 0;
  764 }
  765 
  766 static void
  767 SHA1Final_int(u_int8_t *blk, void *ctx)
  768 {
  769         SHA1Final(blk, ctx);
  770 }
  771 
  772 static int
  773 SHA256Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
  774 {
  775         SHA256_Update(ctx, buf, len);
  776         return 0;
  777 }
  778 
  779 static int
  780 SHA384Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
  781 {
  782         SHA384_Update(ctx, buf, len);
  783         return 0;
  784 }
  785 
  786 static int
  787 SHA512Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
  788 {
  789         SHA512_Update(ctx, buf, len);
  790         return 0;
  791 }
  792 
  793 /*
  794  * And compression
  795  */
  796 
  797 static u_int32_t
  798 deflate_compress(data, size, out)
  799         u_int8_t *data;
  800         u_int32_t size;
  801         u_int8_t **out;
  802 {
  803         return deflate_global(data, size, 0, out);
  804 }
  805 
  806 static u_int32_t
  807 deflate_decompress(data, size, out)
  808         u_int8_t *data;
  809         u_int32_t size;
  810         u_int8_t **out;
  811 {
  812         return deflate_global(data, size, 1, out);
  813 }

Cache object: ec793fb3ed9d3d406df895c77be8eb44


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.