cgd_crypto.c revision 1.22
1 1.22 riastrad /* $NetBSD: cgd_crypto.c,v 1.22 2020/06/13 18:40:14 riastradh Exp $ */ 2 1.1 elric 3 1.1 elric /*- 4 1.1 elric * Copyright (c) 2002 The NetBSD Foundation, Inc. 5 1.1 elric * All rights reserved. 6 1.1 elric * 7 1.1 elric * This code is derived from software contributed to The NetBSD Foundation 8 1.1 elric * by Roland C. Dowdeswell. 9 1.1 elric * 10 1.1 elric * Redistribution and use in source and binary forms, with or without 11 1.1 elric * modification, are permitted provided that the following conditions 12 1.1 elric * are met: 13 1.1 elric * 1. Redistributions of source code must retain the above copyright 14 1.1 elric * notice, this list of conditions and the following disclaimer. 15 1.1 elric * 2. Redistributions in binary form must reproduce the above copyright 16 1.1 elric * notice, this list of conditions and the following disclaimer in the 17 1.1 elric * documentation and/or other materials provided with the distribution. 18 1.1 elric * 19 1.1 elric * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 1.1 elric * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 1.1 elric * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 1.1 elric * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 1.1 elric * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 1.1 elric * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 1.1 elric * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 1.1 elric * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 1.1 elric * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 1.1 elric * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 1.1 elric * POSSIBILITY OF SUCH DAMAGE. 30 1.1 elric */ 31 1.1 elric 32 1.1 elric /* 33 1.1 elric * Crypto Framework For cgd.c 34 1.1 elric * 35 1.1 elric * This framework is temporary and awaits a more complete 36 1.1 elric * kernel wide crypto implementation. 37 1.1 elric */ 38 1.1 elric 39 1.1 elric #include <sys/cdefs.h> 40 1.22 riastrad __KERNEL_RCSID(0, "$NetBSD: cgd_crypto.c,v 1.22 2020/06/13 18:40:14 riastradh Exp $"); 41 1.1 elric 42 1.1 elric #include <sys/param.h> 43 1.21 riastrad #include <sys/kmem.h> 44 1.1 elric #include <sys/systm.h> 45 1.1 elric 46 1.1 elric #include <dev/cgd_crypto.h> 47 1.1 elric 48 1.19 riastrad #include <crypto/blowfish/blowfish.h> 49 1.19 riastrad #include <crypto/des/des.h> 50 1.11 christos #include <crypto/rijndael/rijndael-api-fst.h> 51 1.11 christos 52 1.1 elric /* 53 1.1 elric * The general framework provides only one generic function. 54 1.16 gutterid * It takes the name of an algorithm and returns a struct cryptfuncs * 55 1.1 elric * for it. It is up to the initialisation routines of the algorithm 56 1.1 elric * to check key size and block size. 57 1.1 elric */ 58 1.1 elric 59 1.14 alnsn static cfunc_init cgd_cipher_aes_cbc_init; 60 1.14 alnsn static cfunc_destroy cgd_cipher_aes_cbc_destroy; 61 1.14 alnsn static cfunc_cipher cgd_cipher_aes_cbc; 62 1.14 alnsn 63 1.14 alnsn static cfunc_init cgd_cipher_aes_xts_init; 64 1.14 alnsn static cfunc_destroy cgd_cipher_aes_xts_destroy; 65 1.14 alnsn static cfunc_cipher cgd_cipher_aes_xts; 66 1.14 alnsn 67 1.14 alnsn static cfunc_init cgd_cipher_3des_init; 68 1.14 alnsn static cfunc_destroy cgd_cipher_3des_destroy; 69 1.14 alnsn static cfunc_cipher cgd_cipher_3des_cbc; 70 1.14 alnsn 71 1.14 alnsn static cfunc_init cgd_cipher_bf_init; 72 1.14 alnsn static cfunc_destroy cgd_cipher_bf_destroy; 73 1.14 alnsn static cfunc_cipher cgd_cipher_bf_cbc; 74 1.11 christos 75 1.11 christos static const struct cryptfuncs cf[] = { 76 1.11 christos { 77 1.14 alnsn .cf_name = "aes-xts", 78 1.14 alnsn .cf_init = cgd_cipher_aes_xts_init, 79 1.14 alnsn .cf_destroy = cgd_cipher_aes_xts_destroy, 80 1.14 alnsn .cf_cipher = cgd_cipher_aes_xts, 81 1.14 alnsn }, 82 1.14 alnsn { 83 1.11 christos .cf_name = "aes-cbc", 84 1.14 alnsn .cf_init = cgd_cipher_aes_cbc_init, 85 1.14 alnsn .cf_destroy = cgd_cipher_aes_cbc_destroy, 86 1.11 christos .cf_cipher = cgd_cipher_aes_cbc, 87 1.11 christos }, 88 1.11 christos { 89 1.11 christos .cf_name = "3des-cbc", 90 1.11 christos .cf_init = cgd_cipher_3des_init, 91 1.11 christos .cf_destroy = cgd_cipher_3des_destroy, 92 1.11 christos .cf_cipher = cgd_cipher_3des_cbc, 93 1.11 christos }, 94 1.11 christos { 95 1.11 christos .cf_name = "blowfish-cbc", 96 1.11 christos .cf_init = cgd_cipher_bf_init, 97 1.11 christos .cf_destroy = cgd_cipher_bf_destroy, 98 1.11 christos .cf_cipher = cgd_cipher_bf_cbc, 99 1.11 christos }, 100 1.11 christos }; 101 1.11 christos const struct cryptfuncs * 102 1.6 christos cryptfuncs_find(const char *alg) 103 1.1 elric { 104 1.1 elric 105 1.11 christos for (size_t i = 0; i < __arraycount(cf); i++) 106 1.11 christos if (strcmp(cf[i].cf_name, alg) == 0) 107 1.11 christos return &cf[i]; 108 1.11 christos 109 1.1 elric return NULL; 110 1.1 elric } 111 1.1 elric 112 1.7 cbiere typedef void (*cipher_func)(void *, void *, const void *, size_t); 113 1.1 elric 114 1.11 christos static void 115 1.14 alnsn cgd_cipher_uio(void *privdata, cipher_func cipher, 116 1.1 elric struct uio *dstuio, struct uio *srcuio); 117 1.1 elric 118 1.1 elric /* 119 1.14 alnsn * cgd_cipher_uio takes a simple cbc or xts cipher and iterates 120 1.1 elric * it over two struct uio's. It presumes that the cipher function 121 1.1 elric * that is passed to it keeps the IV state between calls. 122 1.1 elric * 123 1.1 elric * We assume that the caller has ensured that each segment is evenly 124 1.1 elric * divisible by the block size, which for the cgd is a valid assumption. 125 1.1 elric * If we were to make this code more generic, we might need to take care 126 1.1 elric * of this case, either by issuing an error or copying the data. 127 1.1 elric */ 128 1.1 elric 129 1.11 christos static void 130 1.14 alnsn cgd_cipher_uio(void *privdata, cipher_func cipher, 131 1.6 christos struct uio *dstuio, struct uio *srcuio) 132 1.1 elric { 133 1.13 riastrad const struct iovec *dst; 134 1.13 riastrad const struct iovec *src; 135 1.1 elric int dstnum; 136 1.1 elric int dstoff = 0; 137 1.1 elric int srcnum; 138 1.1 elric int srcoff = 0; 139 1.1 elric 140 1.1 elric dst = dstuio->uio_iov; 141 1.1 elric dstnum = dstuio->uio_iovcnt; 142 1.1 elric src = srcuio->uio_iov; 143 1.1 elric srcnum = srcuio->uio_iovcnt; 144 1.1 elric for (;;) { 145 1.18 riastrad int l = MIN(dst->iov_len - dstoff, src->iov_len - srcoff); 146 1.18 riastrad uint8_t *d = (uint8_t *)dst->iov_base + dstoff; 147 1.18 riastrad const uint8_t *s = (const uint8_t *)src->iov_base + srcoff; 148 1.1 elric 149 1.1 elric cipher(privdata, d, s, l); 150 1.1 elric 151 1.1 elric dstoff += l; 152 1.1 elric srcoff += l; 153 1.1 elric /* 154 1.1 elric * We assume that {dst,src} == {dst,src}->iov_len, 155 1.1 elric * because it should not be possible for it not to be. 156 1.1 elric */ 157 1.1 elric if (dstoff == dst->iov_len) { 158 1.1 elric dstoff = 0; 159 1.1 elric dstnum--; 160 1.1 elric dst++; 161 1.1 elric } 162 1.1 elric if (srcoff == src->iov_len) { 163 1.1 elric srcoff = 0; 164 1.1 elric srcnum--; 165 1.1 elric src++; 166 1.1 elric } 167 1.1 elric if (!srcnum || !dstnum) 168 1.1 elric break; 169 1.1 elric } 170 1.1 elric } 171 1.1 elric 172 1.1 elric /* 173 1.1 elric * AES Framework 174 1.1 elric */ 175 1.1 elric 176 1.1 elric struct aes_privdata { 177 1.1 elric keyInstance ap_enckey; 178 1.1 elric keyInstance ap_deckey; 179 1.1 elric }; 180 1.1 elric 181 1.1 elric struct aes_encdata { 182 1.1 elric keyInstance *ae_key; /* key for this direction */ 183 1.18 riastrad uint8_t ae_iv[CGD_AES_BLOCK_SIZE]; /* Initialization Vector */ 184 1.1 elric }; 185 1.1 elric 186 1.11 christos static void * 187 1.14 alnsn cgd_cipher_aes_cbc_init(size_t keylen, const void *key, size_t *blocksize) 188 1.1 elric { 189 1.1 elric struct aes_privdata *ap; 190 1.1 elric 191 1.1 elric if (!blocksize) 192 1.1 elric return NULL; 193 1.1 elric if (keylen != 128 && keylen != 192 && keylen != 256) 194 1.1 elric return NULL; 195 1.6 christos if (*blocksize == (size_t)-1) 196 1.1 elric *blocksize = 128; 197 1.1 elric if (*blocksize != 128) 198 1.1 elric return NULL; 199 1.21 riastrad ap = kmem_zalloc(sizeof(*ap), KM_SLEEP); 200 1.1 elric rijndael_makeKey(&ap->ap_enckey, DIR_ENCRYPT, keylen, key); 201 1.1 elric rijndael_makeKey(&ap->ap_deckey, DIR_DECRYPT, keylen, key); 202 1.6 christos return ap; 203 1.1 elric } 204 1.1 elric 205 1.11 christos static void 206 1.14 alnsn cgd_cipher_aes_cbc_destroy(void *data) 207 1.1 elric { 208 1.6 christos struct aes_privdata *apd = data; 209 1.1 elric 210 1.12 riastrad explicit_memset(apd, 0, sizeof(*apd)); 211 1.21 riastrad kmem_free(apd, sizeof(*apd)); 212 1.1 elric } 213 1.1 elric 214 1.11 christos static void 215 1.7 cbiere aes_cbc_enc_int(void *privdata, void *dst, const void *src, size_t len) 216 1.1 elric { 217 1.6 christos struct aes_encdata *ae = privdata; 218 1.1 elric cipherInstance cipher; 219 1.14 alnsn int cipher_ok __diagused; 220 1.1 elric 221 1.14 alnsn cipher_ok = rijndael_cipherInit(&cipher, MODE_CBC, ae->ae_iv); 222 1.14 alnsn KASSERT(cipher_ok > 0); 223 1.18 riastrad rijndael_blockEncrypt(&cipher, ae->ae_key, src, /*inputbits*/len * 8, 224 1.18 riastrad dst); 225 1.18 riastrad (void)memcpy(ae->ae_iv, (uint8_t *)dst + 226 1.15 alnsn (len - CGD_AES_BLOCK_SIZE), CGD_AES_BLOCK_SIZE); 227 1.1 elric } 228 1.1 elric 229 1.11 christos static void 230 1.7 cbiere aes_cbc_dec_int(void *privdata, void *dst, const void *src, size_t len) 231 1.1 elric { 232 1.6 christos struct aes_encdata *ae = privdata; 233 1.1 elric cipherInstance cipher; 234 1.14 alnsn int cipher_ok __diagused; 235 1.1 elric 236 1.14 alnsn cipher_ok = rijndael_cipherInit(&cipher, MODE_CBC, ae->ae_iv); 237 1.14 alnsn KASSERT(cipher_ok > 0); 238 1.18 riastrad rijndael_blockDecrypt(&cipher, ae->ae_key, src, /*inputbits*/len * 8, 239 1.18 riastrad dst); 240 1.18 riastrad (void)memcpy(ae->ae_iv, (const uint8_t *)src + 241 1.15 alnsn (len - CGD_AES_BLOCK_SIZE), CGD_AES_BLOCK_SIZE); 242 1.1 elric } 243 1.1 elric 244 1.11 christos static void 245 1.6 christos cgd_cipher_aes_cbc(void *privdata, struct uio *dstuio, 246 1.13 riastrad struct uio *srcuio, const void *iv, int dir) 247 1.1 elric { 248 1.6 christos struct aes_privdata *apd = privdata; 249 1.1 elric struct aes_encdata encd; 250 1.18 riastrad cipherInstance cipher; 251 1.18 riastrad int cipher_ok __diagused; 252 1.18 riastrad 253 1.18 riastrad /* Compute the CBC IV as AES_k(iv). */ 254 1.18 riastrad cipher_ok = rijndael_cipherInit(&cipher, MODE_ECB, NULL); 255 1.18 riastrad KASSERT(cipher_ok > 0); 256 1.18 riastrad rijndael_blockEncrypt(&cipher, &apd->ap_enckey, iv, /*inputbits*/128, 257 1.18 riastrad encd.ae_iv); 258 1.1 elric 259 1.1 elric switch (dir) { 260 1.1 elric case CGD_CIPHER_ENCRYPT: 261 1.1 elric encd.ae_key = &apd->ap_enckey; 262 1.14 alnsn cgd_cipher_uio(&encd, aes_cbc_enc_int, dstuio, srcuio); 263 1.1 elric break; 264 1.1 elric case CGD_CIPHER_DECRYPT: 265 1.1 elric encd.ae_key = &apd->ap_deckey; 266 1.14 alnsn cgd_cipher_uio(&encd, aes_cbc_dec_int, dstuio, srcuio); 267 1.14 alnsn break; 268 1.14 alnsn default: 269 1.17 riastrad panic("%s: unrecognised direction %d", __func__, dir); 270 1.14 alnsn } 271 1.14 alnsn } 272 1.14 alnsn 273 1.22 riastrad /* 274 1.22 riastrad * AES-XTS 275 1.22 riastrad */ 276 1.22 riastrad 277 1.22 riastrad struct aesxts { 278 1.22 riastrad keyInstance ax_enckey; 279 1.22 riastrad keyInstance ax_deckey; 280 1.22 riastrad keyInstance ax_tweakkey; 281 1.22 riastrad }; 282 1.22 riastrad 283 1.22 riastrad struct aesxts_state { 284 1.22 riastrad struct aesxts *axs_keys; 285 1.22 riastrad uint8_t axs_tweak[CGD_AES_BLOCK_SIZE]; 286 1.22 riastrad }; 287 1.22 riastrad 288 1.14 alnsn static void * 289 1.14 alnsn cgd_cipher_aes_xts_init(size_t keylen, const void *xtskey, size_t *blocksize) 290 1.14 alnsn { 291 1.22 riastrad struct aesxts *ax; 292 1.14 alnsn const char *key, *key2; /* XTS key is made of two AES keys. */ 293 1.14 alnsn 294 1.14 alnsn if (!blocksize) 295 1.14 alnsn return NULL; 296 1.14 alnsn if (keylen != 256 && keylen != 512) 297 1.14 alnsn return NULL; 298 1.14 alnsn if (*blocksize == (size_t)-1) 299 1.14 alnsn *blocksize = 128; 300 1.14 alnsn if (*blocksize != 128) 301 1.14 alnsn return NULL; 302 1.14 alnsn 303 1.22 riastrad ax = kmem_zalloc(sizeof(*ax), KM_SLEEP); 304 1.14 alnsn keylen /= 2; 305 1.14 alnsn key = xtskey; 306 1.14 alnsn key2 = key + keylen / CHAR_BIT; 307 1.14 alnsn 308 1.22 riastrad rijndael_makeKey(&ax->ax_enckey, DIR_ENCRYPT, keylen, key); 309 1.22 riastrad rijndael_makeKey(&ax->ax_deckey, DIR_DECRYPT, keylen, key); 310 1.22 riastrad rijndael_makeKey(&ax->ax_tweakkey, DIR_ENCRYPT, keylen, key2); 311 1.14 alnsn 312 1.22 riastrad return ax; 313 1.14 alnsn } 314 1.14 alnsn 315 1.14 alnsn static void 316 1.22 riastrad cgd_cipher_aes_xts_destroy(void *cookie) 317 1.14 alnsn { 318 1.22 riastrad struct aesxts *ax = cookie; 319 1.14 alnsn 320 1.22 riastrad explicit_memset(ax, 0, sizeof(*ax)); 321 1.22 riastrad kmem_free(ax, sizeof(*ax)); 322 1.14 alnsn } 323 1.14 alnsn 324 1.14 alnsn static void 325 1.22 riastrad aes_xts_enc_int(void *state, void *dst, const void *src, size_t len) 326 1.14 alnsn { 327 1.22 riastrad struct aesxts_state *axs = state; 328 1.22 riastrad cipherInstance cipher; 329 1.22 riastrad int cipher_ok __diagused; 330 1.14 alnsn 331 1.22 riastrad cipher_ok = rijndael_cipherInit(&cipher, MODE_XTS, axs->axs_tweak); 332 1.14 alnsn KASSERT(cipher_ok > 0); 333 1.22 riastrad rijndael_blockEncrypt(&cipher, &axs->axs_keys->ax_enckey, src, 334 1.22 riastrad /*inputbits*/len * 8, dst); 335 1.22 riastrad memcpy(axs->axs_tweak, cipher.IV, CGD_AES_BLOCK_SIZE); 336 1.14 alnsn } 337 1.14 alnsn 338 1.14 alnsn static void 339 1.22 riastrad aes_xts_dec_int(void *state, void *dst, const void *src, size_t len) 340 1.14 alnsn { 341 1.22 riastrad struct aesxts_state *axs = state; 342 1.22 riastrad cipherInstance cipher; 343 1.22 riastrad int cipher_ok __diagused; 344 1.14 alnsn 345 1.22 riastrad cipher_ok = rijndael_cipherInit(&cipher, MODE_XTS, axs->axs_tweak); 346 1.14 alnsn KASSERT(cipher_ok > 0); 347 1.22 riastrad rijndael_blockDecrypt(&cipher, &axs->axs_keys->ax_deckey, src, 348 1.22 riastrad /*inputbits*/len * 8, dst); 349 1.22 riastrad memcpy(axs->axs_tweak, cipher.IV, CGD_AES_BLOCK_SIZE); 350 1.14 alnsn } 351 1.14 alnsn 352 1.14 alnsn static void 353 1.22 riastrad cgd_cipher_aes_xts(void *cookie, struct uio *dstuio, struct uio *srcuio, 354 1.22 riastrad const void *iv, int dir) 355 1.14 alnsn { 356 1.22 riastrad struct aesxts *ax = cookie; 357 1.22 riastrad struct aesxts_state axs = { .axs_keys = ax }; 358 1.22 riastrad cipherInstance cipher; 359 1.22 riastrad int cipher_ok __diagused; 360 1.18 riastrad 361 1.18 riastrad cipher_ok = rijndael_cipherInit(&cipher, MODE_ECB, NULL); 362 1.18 riastrad KASSERT(cipher_ok > 0); 363 1.22 riastrad rijndael_blockEncrypt(&cipher, &ax->ax_tweakkey, iv, /*inputbits*/128, 364 1.22 riastrad axs.axs_tweak); 365 1.14 alnsn 366 1.14 alnsn switch (dir) { 367 1.14 alnsn case CGD_CIPHER_ENCRYPT: 368 1.22 riastrad cgd_cipher_uio(&axs, aes_xts_enc_int, dstuio, srcuio); 369 1.14 alnsn break; 370 1.14 alnsn case CGD_CIPHER_DECRYPT: 371 1.22 riastrad cgd_cipher_uio(&axs, aes_xts_dec_int, dstuio, srcuio); 372 1.1 elric break; 373 1.1 elric default: 374 1.17 riastrad panic("%s: unrecognised direction %d", __func__, dir); 375 1.1 elric } 376 1.1 elric } 377 1.1 elric 378 1.1 elric /* 379 1.1 elric * 3DES Framework 380 1.1 elric */ 381 1.1 elric 382 1.1 elric struct c3des_privdata { 383 1.1 elric des_key_schedule cp_key1; 384 1.1 elric des_key_schedule cp_key2; 385 1.1 elric des_key_schedule cp_key3; 386 1.1 elric }; 387 1.1 elric 388 1.1 elric struct c3des_encdata { 389 1.1 elric des_key_schedule *ce_key1; 390 1.1 elric des_key_schedule *ce_key2; 391 1.1 elric des_key_schedule *ce_key3; 392 1.18 riastrad uint8_t ce_iv[CGD_3DES_BLOCK_SIZE]; 393 1.1 elric }; 394 1.1 elric 395 1.11 christos static void * 396 1.7 cbiere cgd_cipher_3des_init(size_t keylen, const void *key, size_t *blocksize) 397 1.1 elric { 398 1.1 elric struct c3des_privdata *cp; 399 1.1 elric int error = 0; 400 1.7 cbiere des_cblock *block; 401 1.1 elric 402 1.1 elric if (!blocksize) 403 1.1 elric return NULL; 404 1.6 christos if (*blocksize == (size_t)-1) 405 1.1 elric *blocksize = 64; 406 1.1 elric if (keylen != (DES_KEY_SZ * 3 * 8) || *blocksize != 64) 407 1.1 elric return NULL; 408 1.21 riastrad cp = kmem_zalloc(sizeof(*cp), KM_SLEEP); 409 1.7 cbiere block = __UNCONST(key); 410 1.7 cbiere error = des_key_sched(block, cp->cp_key1); 411 1.7 cbiere error |= des_key_sched(block + 1, cp->cp_key2); 412 1.7 cbiere error |= des_key_sched(block + 2, cp->cp_key3); 413 1.1 elric if (error) { 414 1.12 riastrad explicit_memset(cp, 0, sizeof(*cp)); 415 1.21 riastrad kmem_free(cp, sizeof(*cp)); 416 1.1 elric return NULL; 417 1.1 elric } 418 1.6 christos return cp; 419 1.1 elric } 420 1.1 elric 421 1.11 christos static void 422 1.6 christos cgd_cipher_3des_destroy(void *data) 423 1.1 elric { 424 1.6 christos struct c3des_privdata *cp = data; 425 1.1 elric 426 1.12 riastrad explicit_memset(cp, 0, sizeof(*cp)); 427 1.21 riastrad kmem_free(cp, sizeof(*cp)); 428 1.1 elric } 429 1.1 elric 430 1.1 elric static void 431 1.7 cbiere c3des_cbc_enc_int(void *privdata, void *dst, const void *src, size_t len) 432 1.1 elric { 433 1.6 christos struct c3des_encdata *ce = privdata; 434 1.1 elric 435 1.1 elric des_ede3_cbc_encrypt(src, dst, len, *ce->ce_key1, *ce->ce_key2, 436 1.18 riastrad *ce->ce_key3, (des_cblock *)ce->ce_iv, /*encrypt*/1); 437 1.18 riastrad (void)memcpy(ce->ce_iv, (const uint8_t *)dst + 438 1.15 alnsn (len - CGD_3DES_BLOCK_SIZE), CGD_3DES_BLOCK_SIZE); 439 1.1 elric } 440 1.1 elric 441 1.1 elric static void 442 1.7 cbiere c3des_cbc_dec_int(void *privdata, void *dst, const void *src, size_t len) 443 1.1 elric { 444 1.6 christos struct c3des_encdata *ce = privdata; 445 1.1 elric 446 1.1 elric des_ede3_cbc_encrypt(src, dst, len, *ce->ce_key1, *ce->ce_key2, 447 1.18 riastrad *ce->ce_key3, (des_cblock *)ce->ce_iv, /*encrypt*/0); 448 1.18 riastrad (void)memcpy(ce->ce_iv, (const uint8_t *)src + 449 1.15 alnsn (len - CGD_3DES_BLOCK_SIZE), CGD_3DES_BLOCK_SIZE); 450 1.1 elric } 451 1.1 elric 452 1.11 christos static void 453 1.6 christos cgd_cipher_3des_cbc(void *privdata, struct uio *dstuio, 454 1.13 riastrad struct uio *srcuio, const void *iv, int dir) 455 1.1 elric { 456 1.6 christos struct c3des_privdata *cp = privdata; 457 1.1 elric struct c3des_encdata ce; 458 1.18 riastrad des_cblock zero; 459 1.18 riastrad 460 1.18 riastrad /* Compute the CBC IV as 3DES_k(iv) = 3DES-CBC_k(iv, 0). */ 461 1.18 riastrad memset(&zero, 0, sizeof(zero)); 462 1.18 riastrad des_ede3_cbc_encrypt(iv, ce.ce_iv, CGD_3DES_BLOCK_SIZE, 463 1.18 riastrad cp->cp_key1, cp->cp_key2, cp->cp_key3, &zero, /*encrypt*/1); 464 1.1 elric 465 1.1 elric ce.ce_key1 = &cp->cp_key1; 466 1.1 elric ce.ce_key2 = &cp->cp_key2; 467 1.1 elric ce.ce_key3 = &cp->cp_key3; 468 1.1 elric switch (dir) { 469 1.1 elric case CGD_CIPHER_ENCRYPT: 470 1.14 alnsn cgd_cipher_uio(&ce, c3des_cbc_enc_int, dstuio, srcuio); 471 1.1 elric break; 472 1.1 elric case CGD_CIPHER_DECRYPT: 473 1.14 alnsn cgd_cipher_uio(&ce, c3des_cbc_dec_int, dstuio, srcuio); 474 1.1 elric break; 475 1.1 elric default: 476 1.17 riastrad panic("%s: unrecognised direction %d", __func__, dir); 477 1.1 elric } 478 1.1 elric } 479 1.1 elric 480 1.1 elric /* 481 1.1 elric * Blowfish Framework 482 1.1 elric */ 483 1.1 elric 484 1.1 elric struct bf_privdata { 485 1.1 elric BF_KEY bp_key; 486 1.1 elric }; 487 1.1 elric 488 1.1 elric struct bf_encdata { 489 1.1 elric BF_KEY *be_key; 490 1.18 riastrad uint8_t be_iv[CGD_BF_BLOCK_SIZE]; 491 1.1 elric }; 492 1.1 elric 493 1.11 christos static void * 494 1.7 cbiere cgd_cipher_bf_init(size_t keylen, const void *key, size_t *blocksize) 495 1.1 elric { 496 1.1 elric struct bf_privdata *bp; 497 1.1 elric 498 1.1 elric if (!blocksize) 499 1.1 elric return NULL; 500 1.3 dan if (keylen < 40 || keylen > 448 || (keylen % 8 != 0)) 501 1.1 elric return NULL; 502 1.6 christos if (*blocksize == (size_t)-1) 503 1.1 elric *blocksize = 64; 504 1.1 elric if (*blocksize != 64) 505 1.1 elric return NULL; 506 1.21 riastrad bp = kmem_zalloc(sizeof(*bp), KM_SLEEP); 507 1.1 elric if (!bp) 508 1.1 elric return NULL; 509 1.3 dan BF_set_key(&bp->bp_key, keylen / 8, key); 510 1.6 christos return bp; 511 1.1 elric } 512 1.1 elric 513 1.11 christos static void 514 1.6 christos cgd_cipher_bf_destroy(void *data) 515 1.1 elric { 516 1.6 christos struct bf_privdata *bp = data; 517 1.1 elric 518 1.12 riastrad explicit_memset(bp, 0, sizeof(*bp)); 519 1.21 riastrad kmem_free(bp, sizeof(*bp)); 520 1.1 elric } 521 1.1 elric 522 1.11 christos static void 523 1.7 cbiere bf_cbc_enc_int(void *privdata, void *dst, const void *src, size_t len) 524 1.1 elric { 525 1.6 christos struct bf_encdata *be = privdata; 526 1.1 elric 527 1.18 riastrad BF_cbc_encrypt(src, dst, len, be->be_key, be->be_iv, /*encrypt*/1); 528 1.18 riastrad (void)memcpy(be->be_iv, (uint8_t *)dst + 529 1.15 alnsn (len - CGD_BF_BLOCK_SIZE), CGD_BF_BLOCK_SIZE); 530 1.1 elric } 531 1.1 elric 532 1.11 christos static void 533 1.7 cbiere bf_cbc_dec_int(void *privdata, void *dst, const void *src, size_t len) 534 1.1 elric { 535 1.6 christos struct bf_encdata *be = privdata; 536 1.1 elric 537 1.18 riastrad BF_cbc_encrypt(src, dst, len, be->be_key, be->be_iv, /*encrypt*/0); 538 1.18 riastrad (void)memcpy(be->be_iv, (const uint8_t *)src + 539 1.15 alnsn (len - CGD_BF_BLOCK_SIZE), CGD_BF_BLOCK_SIZE); 540 1.1 elric } 541 1.1 elric 542 1.11 christos static void 543 1.6 christos cgd_cipher_bf_cbc(void *privdata, struct uio *dstuio, 544 1.13 riastrad struct uio *srcuio, const void *iv, int dir) 545 1.1 elric { 546 1.6 christos struct bf_privdata *bp = privdata; 547 1.1 elric struct bf_encdata be; 548 1.18 riastrad char zero_iv[CGD_BF_BLOCK_SIZE]; 549 1.18 riastrad 550 1.18 riastrad /* Compute the CBC IV as Blowfish_k(iv) = BF_CBC_k(iv, 0). */ 551 1.18 riastrad memset(zero_iv, 0, sizeof(zero_iv)); 552 1.18 riastrad BF_cbc_encrypt(iv, be.be_iv, CGD_BF_BLOCK_SIZE, &bp->bp_key, zero_iv, 553 1.18 riastrad /*encrypt*/1); 554 1.1 elric 555 1.1 elric be.be_key = &bp->bp_key; 556 1.1 elric switch (dir) { 557 1.1 elric case CGD_CIPHER_ENCRYPT: 558 1.14 alnsn cgd_cipher_uio(&be, bf_cbc_enc_int, dstuio, srcuio); 559 1.1 elric break; 560 1.1 elric case CGD_CIPHER_DECRYPT: 561 1.14 alnsn cgd_cipher_uio(&be, bf_cbc_dec_int, dstuio, srcuio); 562 1.1 elric break; 563 1.1 elric default: 564 1.17 riastrad panic("%s: unrecognised direction %d", __func__, dir); 565 1.1 elric } 566 1.1 elric 567 1.1 elric } 568
Indexes created Wed Sep 24 05:09:52 GMT 2025