cgd_crypto.c revision 1.23
1 1.23 riastrad /* $NetBSD: cgd_crypto.c,v 1.23 2020/06/13 22:15:06 riastradh Exp $ */ 2 1.1 elric 3 1.1 elric /*- 4 1.1 elric * Copyright (c) 2002 The NetBSD Foundation, Inc. 5 1.1 elric * All rights reserved. 6 1.1 elric * 7 1.1 elric * This code is derived from software contributed to The NetBSD Foundation 8 1.1 elric * by Roland C. Dowdeswell. 9 1.1 elric * 10 1.1 elric * Redistribution and use in source and binary forms, with or without 11 1.1 elric * modification, are permitted provided that the following conditions 12 1.1 elric * are met: 13 1.1 elric * 1. Redistributions of source code must retain the above copyright 14 1.1 elric * notice, this list of conditions and the following disclaimer. 15 1.1 elric * 2. Redistributions in binary form must reproduce the above copyright 16 1.1 elric * notice, this list of conditions and the following disclaimer in the 17 1.1 elric * documentation and/or other materials provided with the distribution. 18 1.1 elric * 19 1.1 elric * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 1.1 elric * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 1.1 elric * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 1.1 elric * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 1.1 elric * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 1.1 elric * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 1.1 elric * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 1.1 elric * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 1.1 elric * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 1.1 elric * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 1.1 elric * POSSIBILITY OF SUCH DAMAGE. 30 1.1 elric */ 31 1.1 elric 32 1.1 elric /* 33 1.1 elric * Crypto Framework For cgd.c 34 1.1 elric * 35 1.1 elric * This framework is temporary and awaits a more complete 36 1.1 elric * kernel wide crypto implementation. 37 1.1 elric */ 38 1.1 elric 39 1.1 elric #include <sys/cdefs.h> 40 1.23 riastrad __KERNEL_RCSID(0, "$NetBSD: cgd_crypto.c,v 1.23 2020/06/13 22:15:06 riastradh Exp $"); 41 1.1 elric 42 1.1 elric #include <sys/param.h> 43 1.21 riastrad #include <sys/kmem.h> 44 1.1 elric #include <sys/systm.h> 45 1.1 elric 46 1.1 elric #include <dev/cgd_crypto.h> 47 1.1 elric 48 1.19 riastrad #include <crypto/blowfish/blowfish.h> 49 1.19 riastrad #include <crypto/des/des.h> 50 1.11 christos #include <crypto/rijndael/rijndael-api-fst.h> 51 1.11 christos 52 1.1 elric /* 53 1.1 elric * The general framework provides only one generic function. 54 1.16 gutterid * It takes the name of an algorithm and returns a struct cryptfuncs * 55 1.1 elric * for it. It is up to the initialisation routines of the algorithm 56 1.1 elric * to check key size and block size. 57 1.1 elric */ 58 1.1 elric 59 1.14 alnsn static cfunc_init cgd_cipher_aes_cbc_init; 60 1.14 alnsn static cfunc_destroy cgd_cipher_aes_cbc_destroy; 61 1.14 alnsn static cfunc_cipher cgd_cipher_aes_cbc; 62 1.14 alnsn 63 1.14 alnsn static cfunc_init cgd_cipher_aes_xts_init; 64 1.14 alnsn static cfunc_destroy cgd_cipher_aes_xts_destroy; 65 1.14 alnsn static cfunc_cipher cgd_cipher_aes_xts; 66 1.14 alnsn 67 1.14 alnsn static cfunc_init cgd_cipher_3des_init; 68 1.14 alnsn static cfunc_destroy cgd_cipher_3des_destroy; 69 1.14 alnsn static cfunc_cipher cgd_cipher_3des_cbc; 70 1.14 alnsn 71 1.14 alnsn static cfunc_init cgd_cipher_bf_init; 72 1.14 alnsn static cfunc_destroy cgd_cipher_bf_destroy; 73 1.14 alnsn static cfunc_cipher cgd_cipher_bf_cbc; 74 1.11 christos 75 1.11 christos static const struct cryptfuncs cf[] = { 76 1.11 christos { 77 1.14 alnsn .cf_name = "aes-xts", 78 1.14 alnsn .cf_init = cgd_cipher_aes_xts_init, 79 1.14 alnsn .cf_destroy = cgd_cipher_aes_xts_destroy, 80 1.14 alnsn .cf_cipher = cgd_cipher_aes_xts, 81 1.14 alnsn }, 82 1.14 alnsn { 83 1.11 christos .cf_name = "aes-cbc", 84 1.14 alnsn .cf_init = cgd_cipher_aes_cbc_init, 85 1.14 alnsn .cf_destroy = cgd_cipher_aes_cbc_destroy, 86 1.11 christos .cf_cipher = cgd_cipher_aes_cbc, 87 1.11 christos }, 88 1.11 christos { 89 1.11 christos .cf_name = "3des-cbc", 90 1.11 christos .cf_init = cgd_cipher_3des_init, 91 1.11 christos .cf_destroy = cgd_cipher_3des_destroy, 92 1.11 christos .cf_cipher = cgd_cipher_3des_cbc, 93 1.11 christos }, 94 1.11 christos { 95 1.11 christos .cf_name = "blowfish-cbc", 96 1.11 christos .cf_init = cgd_cipher_bf_init, 97 1.11 christos .cf_destroy = cgd_cipher_bf_destroy, 98 1.11 christos .cf_cipher = cgd_cipher_bf_cbc, 99 1.11 christos }, 100 1.11 christos }; 101 1.11 christos const struct cryptfuncs * 102 1.6 christos cryptfuncs_find(const char *alg) 103 1.1 elric { 104 1.1 elric 105 1.11 christos for (size_t i = 0; i < __arraycount(cf); i++) 106 1.11 christos if (strcmp(cf[i].cf_name, alg) == 0) 107 1.11 christos return &cf[i]; 108 1.11 christos 109 1.1 elric return NULL; 110 1.1 elric } 111 1.1 elric 112 1.1 elric /* 113 1.1 elric * AES Framework 114 1.1 elric */ 115 1.1 elric 116 1.1 elric struct aes_privdata { 117 1.1 elric keyInstance ap_enckey; 118 1.1 elric keyInstance ap_deckey; 119 1.1 elric }; 120 1.1 elric 121 1.11 christos static void * 122 1.14 alnsn cgd_cipher_aes_cbc_init(size_t keylen, const void *key, size_t *blocksize) 123 1.1 elric { 124 1.1 elric struct aes_privdata *ap; 125 1.1 elric 126 1.1 elric if (!blocksize) 127 1.1 elric return NULL; 128 1.1 elric if (keylen != 128 && keylen != 192 && keylen != 256) 129 1.1 elric return NULL; 130 1.6 christos if (*blocksize == (size_t)-1) 131 1.1 elric *blocksize = 128; 132 1.1 elric if (*blocksize != 128) 133 1.1 elric return NULL; 134 1.21 riastrad ap = kmem_zalloc(sizeof(*ap), KM_SLEEP); 135 1.1 elric rijndael_makeKey(&ap->ap_enckey, DIR_ENCRYPT, keylen, key); 136 1.1 elric rijndael_makeKey(&ap->ap_deckey, DIR_DECRYPT, keylen, key); 137 1.6 christos return ap; 138 1.1 elric } 139 1.1 elric 140 1.11 christos static void 141 1.14 alnsn cgd_cipher_aes_cbc_destroy(void *data) 142 1.1 elric { 143 1.6 christos struct aes_privdata *apd = data; 144 1.1 elric 145 1.12 riastrad explicit_memset(apd, 0, sizeof(*apd)); 146 1.21 riastrad kmem_free(apd, sizeof(*apd)); 147 1.1 elric } 148 1.1 elric 149 1.11 christos static void 150 1.23 riastrad cgd_cipher_aes_cbc(void *privdata, void *dst, const void *src, size_t nbytes, 151 1.23 riastrad const void *blkno, int dir) 152 1.1 elric { 153 1.6 christos struct aes_privdata *apd = privdata; 154 1.23 riastrad uint8_t iv[CGD_AES_BLOCK_SIZE] = {0}; 155 1.18 riastrad cipherInstance cipher; 156 1.18 riastrad int cipher_ok __diagused; 157 1.18 riastrad 158 1.23 riastrad /* Compute the CBC IV as AES_k(blkno). */ 159 1.18 riastrad cipher_ok = rijndael_cipherInit(&cipher, MODE_ECB, NULL); 160 1.18 riastrad KASSERT(cipher_ok > 0); 161 1.23 riastrad rijndael_blockEncrypt(&cipher, &apd->ap_enckey, blkno, /*nbits*/128, 162 1.23 riastrad iv); 163 1.1 elric 164 1.23 riastrad cipher_ok = rijndael_cipherInit(&cipher, MODE_CBC, iv); 165 1.23 riastrad KASSERT(cipher_ok > 0); 166 1.1 elric switch (dir) { 167 1.1 elric case CGD_CIPHER_ENCRYPT: 168 1.23 riastrad rijndael_blockEncrypt(&cipher, &apd->ap_enckey, src, 169 1.23 riastrad /*nbits*/nbytes * 8, dst); 170 1.1 elric break; 171 1.1 elric case CGD_CIPHER_DECRYPT: 172 1.23 riastrad rijndael_blockDecrypt(&cipher, &apd->ap_deckey, src, 173 1.23 riastrad /*nbits*/nbytes * 8, dst); 174 1.14 alnsn break; 175 1.14 alnsn default: 176 1.17 riastrad panic("%s: unrecognised direction %d", __func__, dir); 177 1.14 alnsn } 178 1.14 alnsn } 179 1.14 alnsn 180 1.22 riastrad /* 181 1.22 riastrad * AES-XTS 182 1.22 riastrad */ 183 1.22 riastrad 184 1.22 riastrad struct aesxts { 185 1.22 riastrad keyInstance ax_enckey; 186 1.22 riastrad keyInstance ax_deckey; 187 1.22 riastrad keyInstance ax_tweakkey; 188 1.22 riastrad }; 189 1.22 riastrad 190 1.14 alnsn static void * 191 1.14 alnsn cgd_cipher_aes_xts_init(size_t keylen, const void *xtskey, size_t *blocksize) 192 1.14 alnsn { 193 1.22 riastrad struct aesxts *ax; 194 1.14 alnsn const char *key, *key2; /* XTS key is made of two AES keys. */ 195 1.14 alnsn 196 1.14 alnsn if (!blocksize) 197 1.14 alnsn return NULL; 198 1.14 alnsn if (keylen != 256 && keylen != 512) 199 1.14 alnsn return NULL; 200 1.14 alnsn if (*blocksize == (size_t)-1) 201 1.14 alnsn *blocksize = 128; 202 1.14 alnsn if (*blocksize != 128) 203 1.14 alnsn return NULL; 204 1.14 alnsn 205 1.22 riastrad ax = kmem_zalloc(sizeof(*ax), KM_SLEEP); 206 1.14 alnsn keylen /= 2; 207 1.14 alnsn key = xtskey; 208 1.14 alnsn key2 = key + keylen / CHAR_BIT; 209 1.14 alnsn 210 1.22 riastrad rijndael_makeKey(&ax->ax_enckey, DIR_ENCRYPT, keylen, key); 211 1.22 riastrad rijndael_makeKey(&ax->ax_deckey, DIR_DECRYPT, keylen, key); 212 1.22 riastrad rijndael_makeKey(&ax->ax_tweakkey, DIR_ENCRYPT, keylen, key2); 213 1.14 alnsn 214 1.22 riastrad return ax; 215 1.14 alnsn } 216 1.14 alnsn 217 1.14 alnsn static void 218 1.22 riastrad cgd_cipher_aes_xts_destroy(void *cookie) 219 1.14 alnsn { 220 1.22 riastrad struct aesxts *ax = cookie; 221 1.14 alnsn 222 1.22 riastrad explicit_memset(ax, 0, sizeof(*ax)); 223 1.22 riastrad kmem_free(ax, sizeof(*ax)); 224 1.14 alnsn } 225 1.14 alnsn 226 1.14 alnsn static void 227 1.23 riastrad cgd_cipher_aes_xts(void *cookie, void *dst, const void *src, size_t nbytes, 228 1.23 riastrad const void *blkno, int dir) 229 1.14 alnsn { 230 1.22 riastrad struct aesxts *ax = cookie; 231 1.23 riastrad uint8_t tweak[CGD_AES_BLOCK_SIZE]; 232 1.22 riastrad cipherInstance cipher; 233 1.22 riastrad int cipher_ok __diagused; 234 1.18 riastrad 235 1.23 riastrad /* Compute the initial tweak as AES_k(blkno). */ 236 1.18 riastrad cipher_ok = rijndael_cipherInit(&cipher, MODE_ECB, NULL); 237 1.18 riastrad KASSERT(cipher_ok > 0); 238 1.23 riastrad rijndael_blockEncrypt(&cipher, &ax->ax_tweakkey, blkno, /*nbits*/128, 239 1.23 riastrad tweak); 240 1.14 alnsn 241 1.23 riastrad cipher_ok = rijndael_cipherInit(&cipher, MODE_XTS, tweak); 242 1.23 riastrad KASSERT(cipher_ok > 0); 243 1.14 alnsn switch (dir) { 244 1.14 alnsn case CGD_CIPHER_ENCRYPT: 245 1.23 riastrad rijndael_blockEncrypt(&cipher, &ax->ax_enckey, src, 246 1.23 riastrad /*nbits*/nbytes * 8, dst); 247 1.14 alnsn break; 248 1.14 alnsn case CGD_CIPHER_DECRYPT: 249 1.23 riastrad rijndael_blockDecrypt(&cipher, &ax->ax_deckey, src, 250 1.23 riastrad /*nbits*/nbytes * 8, dst); 251 1.1 elric break; 252 1.1 elric default: 253 1.17 riastrad panic("%s: unrecognised direction %d", __func__, dir); 254 1.1 elric } 255 1.1 elric } 256 1.1 elric 257 1.1 elric /* 258 1.1 elric * 3DES Framework 259 1.1 elric */ 260 1.1 elric 261 1.1 elric struct c3des_privdata { 262 1.1 elric des_key_schedule cp_key1; 263 1.1 elric des_key_schedule cp_key2; 264 1.1 elric des_key_schedule cp_key3; 265 1.1 elric }; 266 1.1 elric 267 1.11 christos static void * 268 1.7 cbiere cgd_cipher_3des_init(size_t keylen, const void *key, size_t *blocksize) 269 1.1 elric { 270 1.1 elric struct c3des_privdata *cp; 271 1.1 elric int error = 0; 272 1.7 cbiere des_cblock *block; 273 1.1 elric 274 1.1 elric if (!blocksize) 275 1.1 elric return NULL; 276 1.6 christos if (*blocksize == (size_t)-1) 277 1.1 elric *blocksize = 64; 278 1.1 elric if (keylen != (DES_KEY_SZ * 3 * 8) || *blocksize != 64) 279 1.1 elric return NULL; 280 1.21 riastrad cp = kmem_zalloc(sizeof(*cp), KM_SLEEP); 281 1.7 cbiere block = __UNCONST(key); 282 1.7 cbiere error = des_key_sched(block, cp->cp_key1); 283 1.7 cbiere error |= des_key_sched(block + 1, cp->cp_key2); 284 1.7 cbiere error |= des_key_sched(block + 2, cp->cp_key3); 285 1.1 elric if (error) { 286 1.12 riastrad explicit_memset(cp, 0, sizeof(*cp)); 287 1.21 riastrad kmem_free(cp, sizeof(*cp)); 288 1.1 elric return NULL; 289 1.1 elric } 290 1.6 christos return cp; 291 1.1 elric } 292 1.1 elric 293 1.11 christos static void 294 1.6 christos cgd_cipher_3des_destroy(void *data) 295 1.1 elric { 296 1.6 christos struct c3des_privdata *cp = data; 297 1.1 elric 298 1.12 riastrad explicit_memset(cp, 0, sizeof(*cp)); 299 1.21 riastrad kmem_free(cp, sizeof(*cp)); 300 1.1 elric } 301 1.1 elric 302 1.1 elric static void 303 1.23 riastrad cgd_cipher_3des_cbc(void *privdata, void *dst, const void *src, size_t nbytes, 304 1.23 riastrad const void *blkno, int dir) 305 1.1 elric { 306 1.6 christos struct c3des_privdata *cp = privdata; 307 1.18 riastrad des_cblock zero; 308 1.23 riastrad uint8_t iv[CGD_3DES_BLOCK_SIZE]; 309 1.18 riastrad 310 1.23 riastrad /* Compute the CBC IV as 3DES_k(blkno) = 3DES-CBC_k(iv=blkno, 0). */ 311 1.18 riastrad memset(&zero, 0, sizeof(zero)); 312 1.23 riastrad des_ede3_cbc_encrypt(blkno, iv, CGD_3DES_BLOCK_SIZE, 313 1.18 riastrad cp->cp_key1, cp->cp_key2, cp->cp_key3, &zero, /*encrypt*/1); 314 1.1 elric 315 1.1 elric switch (dir) { 316 1.1 elric case CGD_CIPHER_ENCRYPT: 317 1.23 riastrad des_ede3_cbc_encrypt(src, dst, nbytes, 318 1.23 riastrad cp->cp_key1, cp->cp_key2, cp->cp_key3, 319 1.23 riastrad (des_cblock *)iv, /*encrypt*/1); 320 1.1 elric break; 321 1.1 elric case CGD_CIPHER_DECRYPT: 322 1.23 riastrad des_ede3_cbc_encrypt(src, dst, nbytes, 323 1.23 riastrad cp->cp_key1, cp->cp_key2, cp->cp_key3, 324 1.23 riastrad (des_cblock *)iv, /*encrypt*/0); 325 1.1 elric break; 326 1.1 elric default: 327 1.17 riastrad panic("%s: unrecognised direction %d", __func__, dir); 328 1.1 elric } 329 1.1 elric } 330 1.1 elric 331 1.1 elric /* 332 1.1 elric * Blowfish Framework 333 1.1 elric */ 334 1.1 elric 335 1.1 elric struct bf_privdata { 336 1.1 elric BF_KEY bp_key; 337 1.1 elric }; 338 1.1 elric 339 1.1 elric struct bf_encdata { 340 1.1 elric BF_KEY *be_key; 341 1.18 riastrad uint8_t be_iv[CGD_BF_BLOCK_SIZE]; 342 1.1 elric }; 343 1.1 elric 344 1.11 christos static void * 345 1.7 cbiere cgd_cipher_bf_init(size_t keylen, const void *key, size_t *blocksize) 346 1.1 elric { 347 1.1 elric struct bf_privdata *bp; 348 1.1 elric 349 1.1 elric if (!blocksize) 350 1.1 elric return NULL; 351 1.3 dan if (keylen < 40 || keylen > 448 || (keylen % 8 != 0)) 352 1.1 elric return NULL; 353 1.6 christos if (*blocksize == (size_t)-1) 354 1.1 elric *blocksize = 64; 355 1.1 elric if (*blocksize != 64) 356 1.1 elric return NULL; 357 1.21 riastrad bp = kmem_zalloc(sizeof(*bp), KM_SLEEP); 358 1.1 elric if (!bp) 359 1.1 elric return NULL; 360 1.3 dan BF_set_key(&bp->bp_key, keylen / 8, key); 361 1.6 christos return bp; 362 1.1 elric } 363 1.1 elric 364 1.11 christos static void 365 1.6 christos cgd_cipher_bf_destroy(void *data) 366 1.1 elric { 367 1.6 christos struct bf_privdata *bp = data; 368 1.1 elric 369 1.12 riastrad explicit_memset(bp, 0, sizeof(*bp)); 370 1.21 riastrad kmem_free(bp, sizeof(*bp)); 371 1.1 elric } 372 1.1 elric 373 1.11 christos static void 374 1.23 riastrad cgd_cipher_bf_cbc(void *privdata, void *dst, const void *src, size_t nbytes, 375 1.23 riastrad const void *blkno, int dir) 376 1.1 elric { 377 1.6 christos struct bf_privdata *bp = privdata; 378 1.23 riastrad uint8_t zero[CGD_BF_BLOCK_SIZE], iv[CGD_BF_BLOCK_SIZE]; 379 1.18 riastrad 380 1.23 riastrad /* Compute the CBC IV as Blowfish_k(blkno) = BF_CBC_k(blkno, 0). */ 381 1.23 riastrad memset(zero, 0, sizeof(zero)); 382 1.23 riastrad BF_cbc_encrypt(blkno, iv, CGD_BF_BLOCK_SIZE, &bp->bp_key, zero, 383 1.18 riastrad /*encrypt*/1); 384 1.1 elric 385 1.1 elric switch (dir) { 386 1.1 elric case CGD_CIPHER_ENCRYPT: 387 1.23 riastrad BF_cbc_encrypt(src, dst, nbytes, &bp->bp_key, iv, 388 1.23 riastrad /*encrypt*/1); 389 1.1 elric break; 390 1.1 elric case CGD_CIPHER_DECRYPT: 391 1.23 riastrad BF_cbc_encrypt(src, dst, nbytes, &bp->bp_key, iv, 392 1.23 riastrad /*encrypt*/0); 393 1.1 elric break; 394 1.1 elric default: 395 1.17 riastrad panic("%s: unrecognised direction %d", __func__, dir); 396 1.1 elric } 397 1.1 elric } 398
Indexes created Wed Sep 24 15:09:51 GMT 2025