Annotation of sys/crypto/xform.c, Revision 1.1.1.1
1.1 nbrk 1: /* $OpenBSD: xform.c,v 1.31 2007/05/27 05:43:17 tedu Exp $ */
2: /*
3: * The authors of this code are John Ioannidis (ji@tla.org),
4: * Angelos D. Keromytis (kermit@csd.uch.gr) and
5: * Niels Provos (provos@physnet.uni-hamburg.de).
6: *
7: * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
8: * in November 1995.
9: *
10: * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
11: * by Angelos D. Keromytis.
12: *
13: * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
14: * and Niels Provos.
15: *
16: * Additional features in 1999 by Angelos D. Keromytis.
17: *
18: * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
19: * Angelos D. Keromytis and Niels Provos.
20: *
21: * Copyright (C) 2001, Angelos D. Keromytis.
22: *
23: * Permission to use, copy, and modify this software with or without fee
24: * is hereby granted, provided that this entire notice is included in
25: * all copies of any software which is or includes a copy or
26: * modification of this software.
27: * You may use this code under the GNU public license if you so wish. Please
28: * contribute changes back to the authors under this freer than GPL license
29: * so that we may further the use of strong encryption without limitations to
30: * all.
31: *
32: * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
33: * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
34: * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
35: * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
36: * PURPOSE.
37: */
38:
39: #include <sys/param.h>
40: #include <sys/systm.h>
41: #include <sys/malloc.h>
42: #include <sys/sysctl.h>
43: #include <sys/errno.h>
44: #include <sys/time.h>
45: #include <sys/kernel.h>
46: #include <machine/cpu.h>
47:
48: #include <crypto/md5.h>
49: #include <crypto/sha1.h>
50: #include <crypto/sha2.h>
51: #include <crypto/rmd160.h>
52: #include <crypto/blf.h>
53: #include <crypto/cast.h>
54: #include <crypto/skipjack.h>
55: #include <crypto/rijndael.h>
56: #include <crypto/cryptodev.h>
57: #include <crypto/xform.h>
58: #include <crypto/deflate.h>
59:
60: extern void des_ecb3_encrypt(caddr_t, caddr_t, caddr_t, caddr_t, caddr_t, int);
61: extern void des_ecb_encrypt(caddr_t, caddr_t, caddr_t, int);
62:
63: int des_set_key(caddr_t, caddr_t);
64: int des1_setkey(u_int8_t **, u_int8_t *, int);
65: int des3_setkey(u_int8_t **, u_int8_t *, int);
66: int blf_setkey(u_int8_t **, u_int8_t *, int);
67: int cast5_setkey(u_int8_t **, u_int8_t *, int);
68: int skipjack_setkey(u_int8_t **, u_int8_t *, int);
69: int rijndael128_setkey(u_int8_t **, u_int8_t *, int);
70: int aes_ctr_setkey(u_int8_t **, u_int8_t *, int);
71: void des1_encrypt(caddr_t, u_int8_t *);
72: void des3_encrypt(caddr_t, u_int8_t *);
73: void blf_encrypt(caddr_t, u_int8_t *);
74: void cast5_encrypt(caddr_t, u_int8_t *);
75: void skipjack_encrypt(caddr_t, u_int8_t *);
76: void rijndael128_encrypt(caddr_t, u_int8_t *);
77: void des1_decrypt(caddr_t, u_int8_t *);
78: void des3_decrypt(caddr_t, u_int8_t *);
79: void blf_decrypt(caddr_t, u_int8_t *);
80: void cast5_decrypt(caddr_t, u_int8_t *);
81: void skipjack_decrypt(caddr_t, u_int8_t *);
82: void rijndael128_decrypt(caddr_t, u_int8_t *);
83: void des1_zerokey(u_int8_t **);
84: void des3_zerokey(u_int8_t **);
85: void blf_zerokey(u_int8_t **);
86: void cast5_zerokey(u_int8_t **);
87: void skipjack_zerokey(u_int8_t **);
88: void rijndael128_zerokey(u_int8_t **);
89: void aes_ctr_zerokey(u_int8_t **);
90: void null_encrypt(caddr_t, u_int8_t *);
91: void null_zerokey(u_int8_t **);
92: int null_setkey(u_int8_t **, u_int8_t *, int);
93: void null_decrypt(caddr_t, u_int8_t *);
94:
95: void aes_ctr_reinit(caddr_t, u_int8_t *);
96: void aes_ctr_crypt(caddr_t, u_int8_t *);
97:
98: int MD5Update_int(void *, u_int8_t *, u_int16_t);
99: int SHA1Update_int(void *, u_int8_t *, u_int16_t);
100: int RMD160Update_int(void *, u_int8_t *, u_int16_t);
101: int SHA256_Update_int(void *, u_int8_t *, u_int16_t);
102: int SHA384_Update_int(void *, u_int8_t *, u_int16_t);
103: int SHA512_Update_int(void *, u_int8_t *, u_int16_t);
104:
105: u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **);
106: u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **);
107: u_int32_t lzs_dummy(u_int8_t *, u_int32_t, u_int8_t **);
108:
109: /* Encryption instances */
110: struct enc_xform enc_xform_des = {
111: CRYPTO_DES_CBC, "DES",
112: 8, 8, 8, 8,
113: des1_encrypt,
114: des1_decrypt,
115: des1_setkey,
116: des1_zerokey,
117: NULL
118: };
119:
120: struct enc_xform enc_xform_3des = {
121: CRYPTO_3DES_CBC, "3DES",
122: 8, 8, 24, 24,
123: des3_encrypt,
124: des3_decrypt,
125: des3_setkey,
126: des3_zerokey,
127: NULL
128: };
129:
130: struct enc_xform enc_xform_blf = {
131: CRYPTO_BLF_CBC, "Blowfish",
132: 8, 8, 5, 56 /* 448 bits, max key */,
133: blf_encrypt,
134: blf_decrypt,
135: blf_setkey,
136: blf_zerokey,
137: NULL
138: };
139:
140: struct enc_xform enc_xform_cast5 = {
141: CRYPTO_CAST_CBC, "CAST-128",
142: 8, 8, 5, 16,
143: cast5_encrypt,
144: cast5_decrypt,
145: cast5_setkey,
146: cast5_zerokey,
147: NULL
148: };
149:
150: struct enc_xform enc_xform_skipjack = {
151: CRYPTO_SKIPJACK_CBC, "Skipjack",
152: 8, 8, 10, 10,
153: skipjack_encrypt,
154: skipjack_decrypt,
155: skipjack_setkey,
156: skipjack_zerokey,
157: NULL
158: };
159:
160: struct enc_xform enc_xform_rijndael128 = {
161: CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES",
162: 16, 16, 16, 32,
163: rijndael128_encrypt,
164: rijndael128_decrypt,
165: rijndael128_setkey,
166: rijndael128_zerokey,
167: NULL
168: };
169:
170: struct enc_xform enc_xform_aes_ctr = {
171: CRYPTO_AES_CTR, "AES-CTR",
172: 16, 8, 16+4, 32+4,
173: aes_ctr_crypt,
174: NULL,
175: aes_ctr_setkey,
176: aes_ctr_zerokey,
177: aes_ctr_reinit
178: };
179:
180: struct enc_xform enc_xform_arc4 = {
181: CRYPTO_ARC4, "ARC4",
182: 1, 1, 1, 32,
183: NULL,
184: NULL,
185: NULL,
186: NULL,
187: NULL
188: };
189:
190: struct enc_xform enc_xform_null = {
191: CRYPTO_NULL, "NULL",
192: 4, 0, 0, 256,
193: null_encrypt,
194: null_decrypt,
195: null_setkey,
196: null_zerokey,
197: NULL
198: };
199:
200: /* Authentication instances */
201: struct auth_hash auth_hash_hmac_md5_96 = {
202: CRYPTO_MD5_HMAC, "HMAC-MD5",
203: 16, 16, 12, sizeof(MD5_CTX),
204: (void (*) (void *)) MD5Init, MD5Update_int,
205: (void (*) (u_int8_t *, void *)) MD5Final
206: };
207:
208: struct auth_hash auth_hash_hmac_sha1_96 = {
209: CRYPTO_SHA1_HMAC, "HMAC-SHA1",
210: 20, 20, 12, sizeof(SHA1_CTX),
211: (void (*) (void *)) SHA1Init, SHA1Update_int,
212: (void (*) (u_int8_t *, void *)) SHA1Final
213: };
214:
215: struct auth_hash auth_hash_hmac_ripemd_160_96 = {
216: CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
217: 20, 20, 12, sizeof(RMD160_CTX),
218: (void (*)(void *)) RMD160Init, RMD160Update_int,
219: (void (*)(u_int8_t *, void *)) RMD160Final
220: };
221:
222: struct auth_hash auth_hash_hmac_sha2_256_96 = {
223: CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256",
224: 32, 32, 12, sizeof(SHA256_CTX),
225: (void (*)(void *)) SHA256_Init, SHA256_Update_int,
226: (void (*)(u_int8_t *, void *)) SHA256_Final
227: };
228:
229: struct auth_hash auth_hash_hmac_sha2_384_96 = {
230: CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384",
231: 48, 48, 12, sizeof(SHA384_CTX),
232: (void (*)(void *)) SHA384_Init, SHA384_Update_int,
233: (void (*)(u_int8_t *, void *)) SHA384_Final
234: };
235:
236: struct auth_hash auth_hash_hmac_sha2_512_96 = {
237: CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512",
238: 64, 64, 12, sizeof(SHA512_CTX),
239: (void (*)(void *)) SHA512_Init, SHA512_Update_int,
240: (void (*)(u_int8_t *, void *)) SHA512_Final
241: };
242:
243: struct auth_hash auth_hash_key_md5 = {
244: CRYPTO_MD5_KPDK, "Keyed MD5",
245: 0, 16, 16, sizeof(MD5_CTX),
246: (void (*)(void *)) MD5Init, MD5Update_int,
247: (void (*)(u_int8_t *, void *)) MD5Final
248: };
249:
250: struct auth_hash auth_hash_key_sha1 = {
251: CRYPTO_SHA1_KPDK, "Keyed SHA1",
252: 0, 20, 20, sizeof(SHA1_CTX),
253: (void (*)(void *)) SHA1Init, SHA1Update_int,
254: (void (*)(u_int8_t *, void *)) SHA1Final
255: };
256:
257: struct auth_hash auth_hash_md5 = {
258: CRYPTO_MD5, "MD5",
259: 0, 16, 16, sizeof(MD5_CTX),
260: (void (*) (void *)) MD5Init, MD5Update_int,
261: (void (*) (u_int8_t *, void *)) MD5Final
262: };
263:
264: struct auth_hash auth_hash_sha1 = {
265: CRYPTO_SHA1, "SHA1",
266: 0, 20, 20, sizeof(SHA1_CTX),
267: (void (*)(void *)) SHA1Init, SHA1Update_int,
268: (void (*)(u_int8_t *, void *)) SHA1Final
269: };
270:
271: /* Compression instance */
272: struct comp_algo comp_algo_deflate = {
273: CRYPTO_DEFLATE_COMP, "Deflate",
274: 90, deflate_compress,
275: deflate_decompress
276: };
277:
278: struct comp_algo comp_algo_lzs = {
279: CRYPTO_LZS_COMP, "LZS",
280: 90, lzs_dummy,
281: lzs_dummy
282: };
283:
284: /*
285: * Encryption wrapper routines.
286: */
287: void
288: des1_encrypt(caddr_t key, u_int8_t *blk)
289: {
290: des_ecb_encrypt(blk, blk, key, 1);
291: }
292:
293: void
294: des1_decrypt(caddr_t key, u_int8_t *blk)
295: {
296: des_ecb_encrypt(blk, blk, key, 0);
297: }
298:
299: int
300: des1_setkey(u_int8_t **sched, u_int8_t *key, int len)
301: {
302: MALLOC(*sched, u_int8_t *, 128, M_CRYPTO_DATA, M_WAITOK);
303: bzero(*sched, 128);
304:
305: if (des_set_key(key, *sched) < 0) {
306: des1_zerokey(sched);
307: return -1;
308: }
309:
310: return 0;
311: }
312:
313: void
314: des1_zerokey(u_int8_t **sched)
315: {
316: bzero(*sched, 128);
317: FREE(*sched, M_CRYPTO_DATA);
318: *sched = NULL;
319: }
320:
321: void
322: des3_encrypt(caddr_t key, u_int8_t *blk)
323: {
324: des_ecb3_encrypt(blk, blk, key, key + 128, key + 256, 1);
325: }
326:
327: void
328: des3_decrypt(caddr_t key, u_int8_t *blk)
329: {
330: des_ecb3_encrypt(blk, blk, key + 256, key + 128, key, 0);
331: }
332:
333: int
334: des3_setkey(u_int8_t **sched, u_int8_t *key, int len)
335: {
336: MALLOC(*sched, u_int8_t *, 384, M_CRYPTO_DATA, M_WAITOK);
337: bzero(*sched, 384);
338:
339: if (des_set_key(key, *sched) < 0 || des_set_key(key + 8, *sched + 128)
340: < 0 || des_set_key(key + 16, *sched + 256) < 0) {
341: des3_zerokey(sched);
342: return -1;
343: }
344:
345: return 0;
346: }
347:
348: void
349: des3_zerokey(u_int8_t **sched)
350: {
351: bzero(*sched, 384);
352: FREE(*sched, M_CRYPTO_DATA);
353: *sched = NULL;
354: }
355:
356: void
357: blf_encrypt(caddr_t key, u_int8_t *blk)
358: {
359: blf_ecb_encrypt((blf_ctx *) key, blk, 8);
360: }
361:
362: void
363: blf_decrypt(caddr_t key, u_int8_t *blk)
364: {
365: blf_ecb_decrypt((blf_ctx *) key, blk, 8);
366: }
367:
368: int
369: blf_setkey(u_int8_t **sched, u_int8_t *key, int len)
370: {
371: MALLOC(*sched, u_int8_t *, sizeof(blf_ctx), M_CRYPTO_DATA, M_WAITOK);
372: bzero(*sched, sizeof(blf_ctx));
373: blf_key((blf_ctx *)*sched, key, len);
374:
375: return 0;
376: }
377:
378: void
379: blf_zerokey(u_int8_t **sched)
380: {
381: bzero(*sched, sizeof(blf_ctx));
382: FREE(*sched, M_CRYPTO_DATA);
383: *sched = NULL;
384: }
385:
386: int
387: null_setkey(u_int8_t **sched, u_int8_t *key, int len)
388: {
389: return 0;
390: }
391:
392: void
393: null_zerokey(u_int8_t **sched)
394: {
395: }
396:
397: void
398: null_encrypt(caddr_t key, u_int8_t *blk)
399: {
400: }
401:
402: void
403: null_decrypt(caddr_t key, u_int8_t *blk)
404: {
405: }
406:
407: void
408: cast5_encrypt(caddr_t key, u_int8_t *blk)
409: {
410: cast_encrypt((cast_key *) key, blk, blk);
411: }
412:
413: void
414: cast5_decrypt(caddr_t key, u_int8_t *blk)
415: {
416: cast_decrypt((cast_key *) key, blk, blk);
417: }
418:
419: int
420: cast5_setkey(u_int8_t **sched, u_int8_t *key, int len)
421: {
422: MALLOC(*sched, u_int8_t *, sizeof(cast_key), M_CRYPTO_DATA, M_WAITOK);
423: bzero(*sched, sizeof(cast_key));
424: cast_setkey((cast_key *)*sched, key, len);
425:
426: return 0;
427: }
428:
429: void
430: cast5_zerokey(u_int8_t **sched)
431: {
432: bzero(*sched, sizeof(cast_key));
433: FREE(*sched, M_CRYPTO_DATA);
434: *sched = NULL;
435: }
436:
437: void
438: skipjack_encrypt(caddr_t key, u_int8_t *blk)
439: {
440: skipjack_forwards(blk, blk, (u_int8_t **) key);
441: }
442:
443: void
444: skipjack_decrypt(caddr_t key, u_int8_t *blk)
445: {
446: skipjack_backwards(blk, blk, (u_int8_t **) key);
447: }
448:
449: int
450: skipjack_setkey(u_int8_t **sched, u_int8_t *key, int len)
451: {
452: MALLOC(*sched, u_int8_t *, 10 * sizeof(u_int8_t *), M_CRYPTO_DATA,
453: M_WAITOK);
454: bzero(*sched, 10 * sizeof(u_int8_t *));
455: subkey_table_gen(key, (u_int8_t **) *sched);
456:
457: return 0;
458: }
459:
460: void
461: skipjack_zerokey(u_int8_t **sched)
462: {
463: int k;
464:
465: for (k = 0; k < 10; k++) {
466: if (((u_int8_t **)(*sched))[k]) {
467: bzero(((u_int8_t **)(*sched))[k], 0x100);
468: FREE(((u_int8_t **)(*sched))[k], M_CRYPTO_DATA);
469: }
470: }
471: bzero(*sched, 10 * sizeof(u_int8_t *));
472: FREE(*sched, M_CRYPTO_DATA);
473: *sched = NULL;
474: }
475:
476: void
477: rijndael128_encrypt(caddr_t key, u_int8_t *blk)
478: {
479: rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk);
480: }
481:
482: void
483: rijndael128_decrypt(caddr_t key, u_int8_t *blk)
484: {
485: rijndael_decrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk);
486: }
487:
488: int
489: rijndael128_setkey(u_int8_t **sched, u_int8_t *key, int len)
490: {
491: MALLOC(*sched, u_int8_t *, sizeof(rijndael_ctx), M_CRYPTO_DATA,
492: M_WAITOK);
493: bzero(*sched, sizeof(rijndael_ctx));
494:
495: if (rijndael_set_key((rijndael_ctx *)*sched, (u_char *)key, len * 8)
496: < 0) {
497: rijndael128_zerokey(sched);
498: return -1;
499: }
500:
501: return 0;
502: }
503:
504: void
505: rijndael128_zerokey(u_int8_t **sched)
506: {
507: bzero(*sched, sizeof(rijndael_ctx));
508: FREE(*sched, M_CRYPTO_DATA);
509: *sched = NULL;
510: }
511:
512: #define AESCTR_NONCESIZE 4
513: #define AESCTR_IVSIZE 8
514: #define AESCTR_BLOCKSIZE 16
515:
516: struct aes_ctr_ctx {
517: u_int32_t ac_ek[4*(AES_MAXROUNDS + 1)];
518: u_int8_t ac_block[AESCTR_BLOCKSIZE];
519: int ac_nr;
520: };
521:
522: void
523: aes_ctr_reinit(caddr_t key, u_int8_t *iv)
524: {
525: struct aes_ctr_ctx *ctx;
526:
527: ctx = (struct aes_ctr_ctx *)key;
528: bcopy(iv, ctx->ac_block + AESCTR_NONCESIZE, AESCTR_IVSIZE);
529:
530: /* reset counter */
531: bzero(ctx->ac_block + AESCTR_NONCESIZE + AESCTR_IVSIZE, 4);
532: }
533:
534: void
535: aes_ctr_crypt(caddr_t key, u_int8_t *data)
536: {
537: struct aes_ctr_ctx *ctx;
538: u_int8_t keystream[AESCTR_BLOCKSIZE];
539: int i;
540:
541: ctx = (struct aes_ctr_ctx *)key;
542: /* increment counter */
543: for (i = AESCTR_BLOCKSIZE - 1;
544: i >= AESCTR_NONCESIZE + AESCTR_IVSIZE; i--)
545: if (++ctx->ac_block[i]) /* continue on overflow */
546: break;
547: rijndaelEncrypt(ctx->ac_ek, ctx->ac_nr, ctx->ac_block, keystream);
548: for (i = 0; i < AESCTR_BLOCKSIZE; i++)
549: data[i] ^= keystream[i];
550: }
551:
552: int
553: aes_ctr_setkey(u_int8_t **sched, u_int8_t *key, int len)
554: {
555: struct aes_ctr_ctx *ctx;
556:
557: if (len < AESCTR_NONCESIZE)
558: return -1;
559:
560: MALLOC(*sched, u_int8_t *, sizeof(struct aes_ctr_ctx), M_CRYPTO_DATA,
561: M_WAITOK);
562: bzero(*sched, sizeof(struct aes_ctr_ctx));
563: ctx = (struct aes_ctr_ctx *)*sched;
564: ctx->ac_nr = rijndaelKeySetupEnc(ctx->ac_ek, (u_char *)key,
565: (len - AESCTR_NONCESIZE) * 8);
566: if (ctx->ac_nr == 0) {
567: aes_ctr_zerokey(sched);
568: return -1;
569: }
570: bcopy(key + len - AESCTR_NONCESIZE, ctx->ac_block, AESCTR_NONCESIZE);
571: return 0;
572: }
573:
574: void
575: aes_ctr_zerokey(u_int8_t **sched)
576: {
577: bzero(*sched, sizeof(struct aes_ctr_ctx));
578: FREE(*sched, M_CRYPTO_DATA);
579: *sched = NULL;
580: }
581:
582: /*
583: * And now for auth.
584: */
585:
586: int
587: RMD160Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
588: {
589: RMD160Update(ctx, buf, len);
590: return 0;
591: }
592:
593: int
594: MD5Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
595: {
596: MD5Update(ctx, buf, len);
597: return 0;
598: }
599:
600: int
601: SHA1Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
602: {
603: SHA1Update(ctx, buf, len);
604: return 0;
605: }
606:
607: int
608: SHA256_Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
609: {
610: SHA256_Update(ctx, buf, len);
611: return 0;
612: }
613:
614: int
615: SHA384_Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
616: {
617: SHA384_Update(ctx, buf, len);
618: return 0;
619: }
620:
621: int
622: SHA512_Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
623: {
624: SHA512_Update(ctx, buf, len);
625: return 0;
626: }
627:
628: /*
629: * And compression
630: */
631:
632: u_int32_t
633: deflate_compress(u_int8_t *data, u_int32_t size, u_int8_t **out)
634: {
635: return deflate_global(data, size, 0, out);
636: }
637:
638: u_int32_t
639: deflate_decompress(u_int8_t *data, u_int32_t size, u_int8_t **out)
640: {
641: return deflate_global(data, size, 1, out);
642: }
643:
644: u_int32_t
645: lzs_dummy(u_int8_t *data, u_int32_t size, u_int8_t **out)
646: {
647: *out = NULL;
648: return (0);
649: }
CVSweb