1 /* $NetBSD: xform.c,v 1.13 2003/11/18 23:01:39 jonathan Exp $ */
2 /* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */
3 /* $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */
4
5 /*
6 * The authors of this code are John Ioannidis (ji@tla.org),
7 * Angelos D. Keromytis (kermit@csd.uch.gr) and
8 * Niels Provos (provos@physnet.uni-hamburg.de).
9 *
10 * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
11 * in November 1995.
12 *
13 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
14 * by Angelos D. Keromytis.
15 *
16 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
17 * and Niels Provos.
18 *
19 * Additional features in 1999 by Angelos D. Keromytis.
20 *
21 * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
22 * Angelos D. Keromytis and Niels Provos.
23 *
24 * Copyright (C) 2001, Angelos D. Keromytis.
25 *
26 * Permission to use, copy, and modify this software with or without fee
27 * is hereby granted, provided that this entire notice is included in
28 * all copies of any software which is or includes a copy or
29 * modification of this software.
30 * You may use this code under the GNU public license if you so wish. Please
31 * contribute changes back to the authors under this freer than GPL license
32 * so that we may further the use of strong encryption without limitations to
33 * all.
34 *
35 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
36 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
37 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
38 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
39 * PURPOSE.
40 */
41
42 #include <sys/cdefs.h>
43 __KERNEL_RCSID(0, "$NetBSD: xform.c,v 1.13 2003/11/18 23:01:39 jonathan Exp $");
44
45 #include <sys/param.h>
46 #include <sys/systm.h>
47 #include <sys/malloc.h>
48 #include <sys/sysctl.h>
49 #include <sys/errno.h>
50 #include <sys/time.h>
51 #include <sys/kernel.h>
52 #include <machine/cpu.h>
53
54 #include <crypto/blowfish/blowfish.h>
55 #include <crypto/cast128/cast128.h>
56 #include <crypto/des/des.h>
57 #include <crypto/rijndael/rijndael.h>
58 #include <crypto/ripemd160/rmd160.h>
59 #include <crypto/skipjack/skipjack.h>
60
61 #include <opencrypto/deflate.h>
62
63 #include <sys/md5.h>
64 #include <sys/sha1.h>
65
66 #include <opencrypto/cryptodev.h>
67 #include <opencrypto/xform.h>
68
69 static void null_encrypt(caddr_t, u_int8_t *);
70 static void null_decrypt(caddr_t, u_int8_t *);
71 static int null_setkey(u_int8_t **, const u_int8_t *, int);
72 static void null_zerokey(u_int8_t **);
73
74 static int des1_setkey(u_int8_t **, const u_int8_t *, int);
75 static int des3_setkey(u_int8_t **, const u_int8_t *, int);
76 static int blf_setkey(u_int8_t **, const u_int8_t *, int);
77 static int cast5_setkey(u_int8_t **, const u_int8_t *, int);
78 static int skipjack_setkey(u_int8_t **, const u_int8_t *, int);
79 static int rijndael128_setkey(u_int8_t **, const u_int8_t *, int);
80 static void des1_encrypt(caddr_t, u_int8_t *);
81 static void des3_encrypt(caddr_t, u_int8_t *);
82 static void blf_encrypt(caddr_t, u_int8_t *);
83 static void cast5_encrypt(caddr_t, u_int8_t *);
84 static void skipjack_encrypt(caddr_t, u_int8_t *);
85 static void rijndael128_encrypt(caddr_t, u_int8_t *);
86 static void des1_decrypt(caddr_t, u_int8_t *);
87 static void des3_decrypt(caddr_t, u_int8_t *);
88 static void blf_decrypt(caddr_t, u_int8_t *);
89 static void cast5_decrypt(caddr_t, u_int8_t *);
90 static void skipjack_decrypt(caddr_t, u_int8_t *);
91 static void rijndael128_decrypt(caddr_t, u_int8_t *);
92 static void des1_zerokey(u_int8_t **);
93 static void des3_zerokey(u_int8_t **);
94 static void blf_zerokey(u_int8_t **);
95 static void cast5_zerokey(u_int8_t **);
96 static void skipjack_zerokey(u_int8_t **);
97 static void rijndael128_zerokey(u_int8_t **);
98
99 static void null_init(void *);
100 static int null_update(void *, const u_int8_t *, u_int16_t);
101 static void null_final(u_int8_t *, void *);
102
103 static int MD5Update_int(void *, const u_int8_t *, u_int16_t);
104 static void SHA1Init_int(void *);
105 static int SHA1Update_int(void *, const u_int8_t *, u_int16_t);
106 static void SHA1Final_int(u_int8_t *, void *);
107
108
109 static int RMD160Update_int(void *, const u_int8_t *, u_int16_t);
110 static int SHA1Update_int(void *, const u_int8_t *, u_int16_t);
111 static void SHA1Final_int(u_int8_t *, void *);
112 static int RMD160Update_int(void *, const u_int8_t *, u_int16_t);
113 static int SHA256Update_int(void *, const u_int8_t *, u_int16_t);
114 static int SHA384Update_int(void *, const u_int8_t *, u_int16_t);
115 static int SHA512Update_int(void *, const u_int8_t *, u_int16_t);
116
117 static u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **);
118 static u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **);
119
120 MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers");
121
122 /* Encryption instances */
123 struct enc_xform enc_xform_null = {
124 CRYPTO_NULL_CBC, "NULL",
125 /* NB: blocksize of 4 is to generate a properly aligned ESP header */
126 4, 0, 256, /* 2048 bits, max key */
127 null_encrypt,
128 null_decrypt,
129 null_setkey,
130 null_zerokey,
131 };
132
133 struct enc_xform enc_xform_des = {
134 CRYPTO_DES_CBC, "DES",
135 8, 8, 8,
136 des1_encrypt,
137 des1_decrypt,
138 des1_setkey,
139 des1_zerokey,
140 };
141
142 struct enc_xform enc_xform_3des = {
143 CRYPTO_3DES_CBC, "3DES",
144 8, 24, 24,
145 des3_encrypt,
146 des3_decrypt,
147 des3_setkey,
148 des3_zerokey
149 };
150
151 struct enc_xform enc_xform_blf = {
152 CRYPTO_BLF_CBC, "Blowfish",
153 8, 5, 56 /* 448 bits, max key */,
154 blf_encrypt,
155 blf_decrypt,
156 blf_setkey,
157 blf_zerokey
158 };
159
160 struct enc_xform enc_xform_cast5 = {
161 CRYPTO_CAST_CBC, "CAST-128",
162 8, 5, 16,
163 cast5_encrypt,
164 cast5_decrypt,
165 cast5_setkey,
166 cast5_zerokey
167 };
168
169 struct enc_xform enc_xform_skipjack = {
170 CRYPTO_SKIPJACK_CBC, "Skipjack",
171 8, 10, 10,
172 skipjack_encrypt,
173 skipjack_decrypt,
174 skipjack_setkey,
175 skipjack_zerokey
176 };
177
178 struct enc_xform enc_xform_rijndael128 = {
179 CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES",
180 16, 8, 32,
181 rijndael128_encrypt,
182 rijndael128_decrypt,
183 rijndael128_setkey,
184 rijndael128_zerokey,
185 };
186
187 struct enc_xform enc_xform_arc4 = {
188 CRYPTO_ARC4, "ARC4",
189 1, 1, 32,
190 NULL,
191 NULL,
192 NULL,
193 NULL,
194 };
195
196 /* Authentication instances */
197 struct auth_hash auth_hash_null = {
198 CRYPTO_NULL_HMAC, "NULL-HMAC",
199 0, 0, 12, sizeof(int), /* NB: context isn't used */
200 null_init, null_update, null_final
201 };
202
203 struct auth_hash auth_hash_hmac_md5_96 = {
204 CRYPTO_MD5_HMAC, "HMAC-MD5",
205 16, 16, 12, sizeof(MD5_CTX),
206 (void (*) (void *)) MD5Init, MD5Update_int,
207 (void (*) (u_int8_t *, void *)) MD5Final
208 };
209
210 struct auth_hash auth_hash_hmac_sha1_96 = {
211 CRYPTO_SHA1_HMAC, "HMAC-SHA1",
212 20, 20, 12, sizeof(SHA1_CTX),
213 SHA1Init_int, SHA1Update_int, SHA1Final_int
214 };
215
216 struct auth_hash auth_hash_hmac_ripemd_160_96 = {
217 CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
218 20, 20, 12, sizeof(RMD160_CTX),
219 (void (*)(void *)) RMD160Init, RMD160Update_int,
220 (void (*)(u_int8_t *, void *)) RMD160Final
221 };
222
223 struct auth_hash auth_hash_key_md5 = {
224 CRYPTO_MD5_KPDK, "Keyed MD5",
225 0, 16, 16, sizeof(MD5_CTX),
226 (void (*)(void *)) MD5Init, MD5Update_int,
227 (void (*)(u_int8_t *, void *)) MD5Final
228 };
229
230 struct auth_hash auth_hash_key_sha1 = {
231 CRYPTO_SHA1_KPDK, "Keyed SHA1",
232 0, 20, 20, sizeof(SHA1_CTX),
233 SHA1Init_int, SHA1Update_int, SHA1Final_int
234 };
235
236 struct auth_hash auth_hash_md5 = {
237 CRYPTO_MD5, "MD5",
238 0, 16, 16, sizeof(MD5_CTX),
239 (void (*) (void *)) MD5Init, MD5Update_int,
240 (void (*) (u_int8_t *, void *)) MD5Final
241 };
242
243 struct auth_hash auth_hash_sha1 = {
244 CRYPTO_SHA1, "SHA1",
245 0, 20, 20, sizeof(SHA1_CTX),
246 (void (*)(void *)) SHA1Init, SHA1Update_int,
247 (void (*)(u_int8_t *, void *)) SHA1Final
248 };
249
250 struct auth_hash auth_hash_hmac_sha2_256 = {
251 CRYPTO_SHA2_HMAC, "HMAC-SHA2",
252 32, 32, 12, sizeof(SHA256_CTX),
253 (void (*)(void *)) SHA256_Init, SHA256Update_int,
254 (void (*)(u_int8_t *, void *)) SHA256_Final
255 };
256
257 struct auth_hash auth_hash_hmac_sha2_384 = {
258 CRYPTO_SHA2_HMAC, "HMAC-SHA2-384",
259 48, 48, 12, sizeof(SHA384_CTX),
260 (void (*)(void *)) SHA384_Init, SHA384Update_int,
261 (void (*)(u_int8_t *, void *)) SHA384_Final
262 };
263
264 struct auth_hash auth_hash_hmac_sha2_512 = {
265 CRYPTO_SHA2_HMAC, "HMAC-SHA2-512",
266 64, 64, 12, sizeof(SHA512_CTX),
267 (void (*)(void *)) SHA512_Init, SHA512Update_int,
268 (void (*)(u_int8_t *, void *)) SHA512_Final
269 };
270
271 /* Compression instance */
272 struct comp_algo comp_algo_deflate = {
273 CRYPTO_DEFLATE_COMP, "Deflate",
274 90, deflate_compress,
275 deflate_decompress
276 };
277
278 /*
279 * Encryption wrapper routines.
280 */
281 static void
282 null_encrypt(caddr_t key, u_int8_t *blk)
283 {
284 }
285 static void
286 null_decrypt(caddr_t key, u_int8_t *blk)
287 {
288 }
289 static int
290 null_setkey(u_int8_t **sched, const u_int8_t *key, int len)
291 {
292 *sched = NULL;
293 return 0;
294 }
295 static void
296 null_zerokey(u_int8_t **sched)
297 {
298 *sched = NULL;
299 }
300
301 static void
302 des1_encrypt(caddr_t key, u_int8_t *blk)
303 {
304 des_cblock *cb = (des_cblock *) blk;
305 des_key_schedule *p = (des_key_schedule *) key;
306
307 des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT);
308 }
309
310 static void
311 des1_decrypt(caddr_t key, u_int8_t *blk)
312 {
313 des_cblock *cb = (des_cblock *) blk;
314 des_key_schedule *p = (des_key_schedule *) key;
315
316 des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT);
317 }
318
319 static int
320 des1_setkey(u_int8_t **sched, const u_int8_t *key, int len)
321 {
322 des_key_schedule *p;
323 int err;
324
325 MALLOC(p, des_key_schedule *, sizeof (des_key_schedule),
326 M_CRYPTO_DATA, M_NOWAIT);
327 if (p != NULL) {
328 bzero(p, sizeof(des_key_schedule));
329 des_set_key((des_cblock *) key, p[0]);
330 err = 0;
331 } else
332 err = ENOMEM;
333 *sched = (u_int8_t *) p;
334 return err;
335 }
336
337 static void
338 des1_zerokey(u_int8_t **sched)
339 {
340 bzero(*sched, sizeof (des_key_schedule));
341 FREE(*sched, M_CRYPTO_DATA);
342 *sched = NULL;
343 }
344
345 static void
346 des3_encrypt(caddr_t key, u_int8_t *blk)
347 {
348 des_cblock *cb = (des_cblock *) blk;
349 des_key_schedule *p = (des_key_schedule *) key;
350
351 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT);
352 }
353
354 static void
355 des3_decrypt(caddr_t key, u_int8_t *blk)
356 {
357 des_cblock *cb = (des_cblock *) blk;
358 des_key_schedule *p = (des_key_schedule *) key;
359
360 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT);
361 }
362
363 static int
364 des3_setkey(u_int8_t **sched, const u_int8_t *key, int len)
365 {
366 des_key_schedule *p;
367 int err;
368
369 MALLOC(p, des_key_schedule *, 3*sizeof (des_key_schedule),
370 M_CRYPTO_DATA, M_NOWAIT);
371 if (p != NULL) {
372 bzero(p, 3*sizeof(des_key_schedule));
373 des_set_key((des_cblock *)(key + 0), p[0]);
374 des_set_key((des_cblock *)(key + 8), p[1]);
375 des_set_key((des_cblock *)(key + 16), p[2]);
376 err = 0;
377 } else
378 err = ENOMEM;
379 *sched = (u_int8_t *) p;
380 return err;
381 }
382
383 static void
384 des3_zerokey(u_int8_t **sched)
385 {
386 bzero(*sched, 3*sizeof (des_key_schedule));
387 FREE(*sched, M_CRYPTO_DATA);
388 *sched = NULL;
389 }
390
391 static void
392 blf_encrypt(caddr_t key, u_int8_t *blk)
393 {
394
395 #if defined(__NetBSD__)
396 BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 1);
397 #else
398 blf_ecb_encrypt((blf_ctx *) key, blk, 8);
399 #endif
400 }
401
402 static void
403 blf_decrypt(caddr_t key, u_int8_t *blk)
404 {
405
406 #if defined(__NetBSD__)
407 BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 0);
408 #else
409 blf_ecb_decrypt((blf_ctx *) key, blk, 8);
410 #endif
411 }
412
413 static int
414 blf_setkey(u_int8_t **sched, const u_int8_t *key, int len)
415 {
416 int err;
417
418 #if defined(__FreeBSD__) || defined(__NetBSD__)
419 #define BLF_SIZ sizeof(BF_KEY)
420 #else
421 #define BLF_SIZ sizeof(blf_ctx)
422 #endif
423
424 MALLOC(*sched, u_int8_t *, BLF_SIZ,
425 M_CRYPTO_DATA, M_NOWAIT);
426 if (*sched != NULL) {
427 bzero(*sched, BLF_SIZ);
428 #if defined(__FreeBSD__) || defined(__NetBSD__)
429 BF_set_key((BF_KEY *) *sched, len, key);
430 #else
431 blf_key((blf_ctx *)*sched, key, len);
432 #endif
433 err = 0;
434 } else
435 err = ENOMEM;
436 return err;
437 }
438
439 static void
440 blf_zerokey(u_int8_t **sched)
441 {
442 bzero(*sched, BLF_SIZ);
443 FREE(*sched, M_CRYPTO_DATA);
444 *sched = NULL;
445 }
446
447 static void
448 cast5_encrypt(caddr_t key, u_int8_t *blk)
449 {
450 cast128_encrypt((cast128_key *) key, blk, blk);
451 }
452
453 static void
454 cast5_decrypt(caddr_t key, u_int8_t *blk)
455 {
456 cast128_decrypt((cast128_key *) key, blk, blk);
457 }
458
459 static int
460 cast5_setkey(u_int8_t **sched, const u_int8_t *key, int len)
461 {
462 int err;
463
464 MALLOC(*sched, u_int8_t *, sizeof(cast128_key), M_CRYPTO_DATA,
465 M_NOWAIT);
466 if (*sched != NULL) {
467 bzero(*sched, sizeof(cast128_key));
468 cast128_setkey((cast128_key *)*sched, key, len);
469 err = 0;
470 } else
471 err = ENOMEM;
472 return err;
473 }
474
475 static void
476 cast5_zerokey(u_int8_t **sched)
477 {
478 bzero(*sched, sizeof(cast128_key));
479 FREE(*sched, M_CRYPTO_DATA);
480 *sched = NULL;
481 }
482
483 static void
484 skipjack_encrypt(caddr_t key, u_int8_t *blk)
485 {
486 skipjack_forwards(blk, blk, (u_int8_t **) key);
487 }
488
489 static void
490 skipjack_decrypt(caddr_t key, u_int8_t *blk)
491 {
492 skipjack_backwards(blk, blk, (u_int8_t **) key);
493 }
494
495 static int
496 skipjack_setkey(u_int8_t **sched, const u_int8_t *key, int len)
497 {
498 int err;
499
500 /* NB: allocate all the memory that's needed at once */
501 /* XXX assumes bytes are aligned on sizeof(u_char) == 1 boundaries.
502 * Will this break a pdp-10, Cray-1, or GE-645 port?
503 */
504 MALLOC(*sched, u_int8_t *, 10 * (sizeof(u_int8_t *) + 0x100),
505 M_CRYPTO_DATA, M_NOWAIT);
506
507 if (*sched != NULL) {
508
509 u_int8_t** key_tables = (u_int8_t**) *sched;
510 u_int8_t* table = (u_int8_t*) &key_tables[10];
511 int k;
512
513 bzero(*sched, 10 * sizeof(u_int8_t *)+0x100);
514
515 for (k = 0; k < 10; k++) {
516 key_tables[k] = table;
517 table += 0x100;
518 }
519 subkey_table_gen(key, (u_int8_t **) *sched);
520 err = 0;
521 } else
522 err = ENOMEM;
523 return err;
524 }
525
526 static void
527 skipjack_zerokey(u_int8_t **sched)
528 {
529 bzero(*sched, 10 * (sizeof(u_int8_t *) + 0x100));
530 FREE(*sched, M_CRYPTO_DATA);
531 *sched = NULL;
532 }
533
534 static void
535 rijndael128_encrypt(caddr_t key, u_int8_t *blk)
536 {
537 rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk);
538 }
539
540 static void
541 rijndael128_decrypt(caddr_t key, u_int8_t *blk)
542 {
543 rijndael_decrypt((rijndael_ctx *) key, (u_char *) blk,
544 (u_char *) blk);
545 }
546
547 static int
548 rijndael128_setkey(u_int8_t **sched, const u_int8_t *key, int len)
549 {
550 int err;
551
552 MALLOC(*sched, u_int8_t *, sizeof(rijndael_ctx), M_CRYPTO_DATA,
553 M_WAITOK);
554 if (*sched != NULL) {
555 bzero(*sched, sizeof(rijndael_ctx));
556 rijndael_set_key((rijndael_ctx *) *sched, key, len * 8);
557 err = 0;
558 } else
559 err = ENOMEM;
560 return err;
561 }
562
563 static void
564 rijndael128_zerokey(u_int8_t **sched)
565 {
566 bzero(*sched, sizeof(rijndael_ctx));
567 FREE(*sched, M_CRYPTO_DATA);
568 *sched = NULL;
569 }
570
571 /*
572 * And now for auth.
573 */
574
575 static void
576 null_init(void *ctx)
577 {
578 }
579
580 static int
581 null_update(void *ctx, const u_int8_t *buf, u_int16_t len)
582 {
583 return 0;
584 }
585
586 static void
587 null_final(u_int8_t *buf, void *ctx)
588 {
589 if (buf != (u_int8_t *) 0)
590 bzero(buf, 12);
591 }
592
593 static int
594 RMD160Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
595 {
596 RMD160Update(ctx, buf, len);
597 return 0;
598 }
599
600 static int
601 MD5Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
602 {
603 MD5Update(ctx, buf, len);
604 return 0;
605 }
606
607 static void
608 SHA1Init_int(void *ctx)
609 {
610 SHA1Init(ctx);
611 }
612
613 static int
614 SHA1Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
615 {
616 SHA1Update(ctx, buf, len);
617 return 0;
618 }
619
620 static void
621 SHA1Final_int(u_int8_t *blk, void *ctx)
622 {
623 SHA1Final(blk, ctx);
624 }
625
626 static int
627 SHA256Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
628 {
629 SHA256_Update(ctx, buf, len);
630 return 0;
631 }
632
633 static int
634 SHA384Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
635 {
636 SHA384_Update(ctx, buf, len);
637 return 0;
638 }
639
640 static int
641 SHA512Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
642 {
643 SHA512_Update(ctx, buf, len);
644 return 0;
645 }
646
647 /*
648 * And compression
649 */
650
651 static u_int32_t
652 deflate_compress(data, size, out)
653 u_int8_t *data;
654 u_int32_t size;
655 u_int8_t **out;
656 {
657 return deflate_global(data, size, 0, out);
658 }
659
660 static u_int32_t
661 deflate_decompress(data, size, out)
662 u_int8_t *data;
663 u_int32_t size;
664 u_int8_t **out;
665 {
666 return deflate_global(data, size, 1, out);
667 }
Cache object: 7a081aae1bdc9951d630286d5c2c6216
|