cgd_crypto.c revision 1.24
1 1.24 riastrad /* $NetBSD: cgd_crypto.c,v 1.24 2020/06/29 23:33:05 riastradh Exp $ */ 2 1.1 elric 3 1.1 elric /*- 4 1.1 elric * Copyright (c) 2002 The NetBSD Foundation, Inc. 5 1.1 elric * All rights reserved. 6 1.1 elric * 7 1.1 elric * This code is derived from software contributed to The NetBSD Foundation 8 1.1 elric * by Roland C. Dowdeswell. 9 1.1 elric * 10 1.1 elric * Redistribution and use in source and binary forms, with or without 11 1.1 elric * modification, are permitted provided that the following conditions 12 1.1 elric * are met: 13 1.1 elric * 1. Redistributions of source code must retain the above copyright 14 1.1 elric * notice, this list of conditions and the following disclaimer. 15 1.1 elric * 2. Redistributions in binary form must reproduce the above copyright 16 1.1 elric * notice, this list of conditions and the following disclaimer in the 17 1.1 elric * documentation and/or other materials provided with the distribution. 18 1.1 elric * 19 1.1 elric * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 1.1 elric * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 1.1 elric * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 1.1 elric * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 1.1 elric * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 1.1 elric * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 1.1 elric * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 1.1 elric * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 1.1 elric * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 1.1 elric * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 1.1 elric * POSSIBILITY OF SUCH DAMAGE. 30 1.1 elric */ 31 1.1 elric 32 1.1 elric /* 33 1.1 elric * Crypto Framework For cgd.c 34 1.1 elric * 35 1.1 elric * This framework is temporary and awaits a more complete 36 1.1 elric * kernel wide crypto implementation. 37 1.1 elric */ 38 1.1 elric 39 1.1 elric #include <sys/cdefs.h> 40 1.24 riastrad __KERNEL_RCSID(0, "$NetBSD: cgd_crypto.c,v 1.24 2020/06/29 23:33:05 riastradh Exp $"); 41 1.1 elric 42 1.1 elric #include <sys/param.h> 43 1.21 riastrad #include <sys/kmem.h> 44 1.1 elric #include <sys/systm.h> 45 1.1 elric 46 1.1 elric #include <dev/cgd_crypto.h> 47 1.1 elric 48 1.24 riastrad #include <crypto/aes/aes.h> 49 1.19 riastrad #include <crypto/blowfish/blowfish.h> 50 1.19 riastrad #include <crypto/des/des.h> 51 1.11 christos 52 1.1 elric /* 53 1.1 elric * The general framework provides only one generic function. 54 1.16 gutterid * It takes the name of an algorithm and returns a struct cryptfuncs * 55 1.1 elric * for it. It is up to the initialisation routines of the algorithm 56 1.1 elric * to check key size and block size. 57 1.1 elric */ 58 1.1 elric 59 1.14 alnsn static cfunc_init cgd_cipher_aes_cbc_init; 60 1.14 alnsn static cfunc_destroy cgd_cipher_aes_cbc_destroy; 61 1.14 alnsn static cfunc_cipher cgd_cipher_aes_cbc; 62 1.14 alnsn 63 1.14 alnsn static cfunc_init cgd_cipher_aes_xts_init; 64 1.14 alnsn static cfunc_destroy cgd_cipher_aes_xts_destroy; 65 1.14 alnsn static cfunc_cipher cgd_cipher_aes_xts; 66 1.14 alnsn 67 1.14 alnsn static cfunc_init cgd_cipher_3des_init; 68 1.14 alnsn static cfunc_destroy cgd_cipher_3des_destroy; 69 1.14 alnsn static cfunc_cipher cgd_cipher_3des_cbc; 70 1.14 alnsn 71 1.14 alnsn static cfunc_init cgd_cipher_bf_init; 72 1.14 alnsn static cfunc_destroy cgd_cipher_bf_destroy; 73 1.14 alnsn static cfunc_cipher cgd_cipher_bf_cbc; 74 1.11 christos 75 1.11 christos static const struct cryptfuncs cf[] = { 76 1.11 christos { 77 1.14 alnsn .cf_name = "aes-xts", 78 1.14 alnsn .cf_init = cgd_cipher_aes_xts_init, 79 1.14 alnsn .cf_destroy = cgd_cipher_aes_xts_destroy, 80 1.14 alnsn .cf_cipher = cgd_cipher_aes_xts, 81 1.14 alnsn }, 82 1.14 alnsn { 83 1.11 christos .cf_name = "aes-cbc", 84 1.14 alnsn .cf_init = cgd_cipher_aes_cbc_init, 85 1.14 alnsn .cf_destroy = cgd_cipher_aes_cbc_destroy, 86 1.11 christos .cf_cipher = cgd_cipher_aes_cbc, 87 1.11 christos }, 88 1.11 christos { 89 1.11 christos .cf_name = "3des-cbc", 90 1.11 christos .cf_init = cgd_cipher_3des_init, 91 1.11 christos .cf_destroy = cgd_cipher_3des_destroy, 92 1.11 christos .cf_cipher = cgd_cipher_3des_cbc, 93 1.11 christos }, 94 1.11 christos { 95 1.11 christos .cf_name = "blowfish-cbc", 96 1.11 christos .cf_init = cgd_cipher_bf_init, 97 1.11 christos .cf_destroy = cgd_cipher_bf_destroy, 98 1.11 christos .cf_cipher = cgd_cipher_bf_cbc, 99 1.11 christos }, 100 1.11 christos }; 101 1.11 christos const struct cryptfuncs * 102 1.6 christos cryptfuncs_find(const char *alg) 103 1.1 elric { 104 1.1 elric 105 1.11 christos for (size_t i = 0; i < __arraycount(cf); i++) 106 1.11 christos if (strcmp(cf[i].cf_name, alg) == 0) 107 1.11 christos return &cf[i]; 108 1.11 christos 109 1.1 elric return NULL; 110 1.1 elric } 111 1.1 elric 112 1.1 elric /* 113 1.1 elric * AES Framework 114 1.1 elric */ 115 1.1 elric 116 1.1 elric struct aes_privdata { 117 1.24 riastrad struct aesenc ap_enckey; 118 1.24 riastrad struct aesdec ap_deckey; 119 1.24 riastrad uint32_t ap_nrounds; 120 1.1 elric }; 121 1.1 elric 122 1.11 christos static void * 123 1.14 alnsn cgd_cipher_aes_cbc_init(size_t keylen, const void *key, size_t *blocksize) 124 1.1 elric { 125 1.1 elric struct aes_privdata *ap; 126 1.1 elric 127 1.1 elric if (!blocksize) 128 1.1 elric return NULL; 129 1.1 elric if (keylen != 128 && keylen != 192 && keylen != 256) 130 1.1 elric return NULL; 131 1.6 christos if (*blocksize == (size_t)-1) 132 1.1 elric *blocksize = 128; 133 1.1 elric if (*blocksize != 128) 134 1.1 elric return NULL; 135 1.21 riastrad ap = kmem_zalloc(sizeof(*ap), KM_SLEEP); 136 1.24 riastrad switch (keylen) { 137 1.24 riastrad case 128: 138 1.24 riastrad aes_setenckey128(&ap->ap_enckey, key); 139 1.24 riastrad aes_setdeckey128(&ap->ap_deckey, key); 140 1.24 riastrad ap->ap_nrounds = AES_128_NROUNDS; 141 1.24 riastrad break; 142 1.24 riastrad case 192: 143 1.24 riastrad aes_setenckey192(&ap->ap_enckey, key); 144 1.24 riastrad aes_setdeckey192(&ap->ap_deckey, key); 145 1.24 riastrad ap->ap_nrounds = AES_192_NROUNDS; 146 1.24 riastrad break; 147 1.24 riastrad case 256: 148 1.24 riastrad aes_setenckey256(&ap->ap_enckey, key); 149 1.24 riastrad aes_setdeckey256(&ap->ap_deckey, key); 150 1.24 riastrad ap->ap_nrounds = AES_256_NROUNDS; 151 1.24 riastrad break; 152 1.24 riastrad } 153 1.6 christos return ap; 154 1.1 elric } 155 1.1 elric 156 1.11 christos static void 157 1.14 alnsn cgd_cipher_aes_cbc_destroy(void *data) 158 1.1 elric { 159 1.6 christos struct aes_privdata *apd = data; 160 1.1 elric 161 1.12 riastrad explicit_memset(apd, 0, sizeof(*apd)); 162 1.21 riastrad kmem_free(apd, sizeof(*apd)); 163 1.1 elric } 164 1.1 elric 165 1.11 christos static void 166 1.23 riastrad cgd_cipher_aes_cbc(void *privdata, void *dst, const void *src, size_t nbytes, 167 1.23 riastrad const void *blkno, int dir) 168 1.1 elric { 169 1.6 christos struct aes_privdata *apd = privdata; 170 1.23 riastrad uint8_t iv[CGD_AES_BLOCK_SIZE] = {0}; 171 1.18 riastrad 172 1.23 riastrad /* Compute the CBC IV as AES_k(blkno). */ 173 1.24 riastrad aes_enc(&apd->ap_enckey, blkno, iv, apd->ap_nrounds); 174 1.1 elric 175 1.1 elric switch (dir) { 176 1.1 elric case CGD_CIPHER_ENCRYPT: 177 1.24 riastrad aes_cbc_enc(&apd->ap_enckey, src, dst, nbytes, iv, 178 1.24 riastrad apd->ap_nrounds); 179 1.1 elric break; 180 1.1 elric case CGD_CIPHER_DECRYPT: 181 1.24 riastrad aes_cbc_dec(&apd->ap_deckey, src, dst, nbytes, iv, 182 1.24 riastrad apd->ap_nrounds); 183 1.14 alnsn break; 184 1.14 alnsn default: 185 1.17 riastrad panic("%s: unrecognised direction %d", __func__, dir); 186 1.14 alnsn } 187 1.14 alnsn } 188 1.14 alnsn 189 1.22 riastrad /* 190 1.22 riastrad * AES-XTS 191 1.22 riastrad */ 192 1.22 riastrad 193 1.22 riastrad struct aesxts { 194 1.24 riastrad struct aesenc ax_enckey; 195 1.24 riastrad struct aesdec ax_deckey; 196 1.24 riastrad struct aesenc ax_tweakkey; 197 1.24 riastrad uint32_t ax_nrounds; 198 1.22 riastrad }; 199 1.22 riastrad 200 1.14 alnsn static void * 201 1.14 alnsn cgd_cipher_aes_xts_init(size_t keylen, const void *xtskey, size_t *blocksize) 202 1.14 alnsn { 203 1.22 riastrad struct aesxts *ax; 204 1.14 alnsn const char *key, *key2; /* XTS key is made of two AES keys. */ 205 1.14 alnsn 206 1.14 alnsn if (!blocksize) 207 1.14 alnsn return NULL; 208 1.14 alnsn if (keylen != 256 && keylen != 512) 209 1.14 alnsn return NULL; 210 1.14 alnsn if (*blocksize == (size_t)-1) 211 1.14 alnsn *blocksize = 128; 212 1.14 alnsn if (*blocksize != 128) 213 1.14 alnsn return NULL; 214 1.14 alnsn 215 1.22 riastrad ax = kmem_zalloc(sizeof(*ax), KM_SLEEP); 216 1.14 alnsn keylen /= 2; 217 1.14 alnsn key = xtskey; 218 1.14 alnsn key2 = key + keylen / CHAR_BIT; 219 1.14 alnsn 220 1.24 riastrad switch (keylen) { 221 1.24 riastrad case 128: 222 1.24 riastrad aes_setenckey128(&ax->ax_enckey, key); 223 1.24 riastrad aes_setdeckey128(&ax->ax_deckey, key); 224 1.24 riastrad aes_setenckey128(&ax->ax_tweakkey, key2); 225 1.24 riastrad ax->ax_nrounds = AES_128_NROUNDS; 226 1.24 riastrad break; 227 1.24 riastrad case 256: 228 1.24 riastrad aes_setenckey256(&ax->ax_enckey, key); 229 1.24 riastrad aes_setdeckey256(&ax->ax_deckey, key); 230 1.24 riastrad aes_setenckey256(&ax->ax_tweakkey, key2); 231 1.24 riastrad ax->ax_nrounds = AES_256_NROUNDS; 232 1.24 riastrad break; 233 1.24 riastrad } 234 1.14 alnsn 235 1.22 riastrad return ax; 236 1.14 alnsn } 237 1.14 alnsn 238 1.14 alnsn static void 239 1.22 riastrad cgd_cipher_aes_xts_destroy(void *cookie) 240 1.14 alnsn { 241 1.22 riastrad struct aesxts *ax = cookie; 242 1.14 alnsn 243 1.22 riastrad explicit_memset(ax, 0, sizeof(*ax)); 244 1.22 riastrad kmem_free(ax, sizeof(*ax)); 245 1.14 alnsn } 246 1.14 alnsn 247 1.14 alnsn static void 248 1.23 riastrad cgd_cipher_aes_xts(void *cookie, void *dst, const void *src, size_t nbytes, 249 1.23 riastrad const void *blkno, int dir) 250 1.14 alnsn { 251 1.22 riastrad struct aesxts *ax = cookie; 252 1.23 riastrad uint8_t tweak[CGD_AES_BLOCK_SIZE]; 253 1.18 riastrad 254 1.23 riastrad /* Compute the initial tweak as AES_k(blkno). */ 255 1.24 riastrad aes_enc(&ax->ax_tweakkey, blkno, tweak, ax->ax_nrounds); 256 1.14 alnsn 257 1.14 alnsn switch (dir) { 258 1.14 alnsn case CGD_CIPHER_ENCRYPT: 259 1.24 riastrad aes_xts_enc(&ax->ax_enckey, src, dst, nbytes, tweak, 260 1.24 riastrad ax->ax_nrounds); 261 1.14 alnsn break; 262 1.14 alnsn case CGD_CIPHER_DECRYPT: 263 1.24 riastrad aes_xts_dec(&ax->ax_deckey, src, dst, nbytes, tweak, 264 1.24 riastrad ax->ax_nrounds); 265 1.1 elric break; 266 1.1 elric default: 267 1.17 riastrad panic("%s: unrecognised direction %d", __func__, dir); 268 1.1 elric } 269 1.1 elric } 270 1.1 elric 271 1.1 elric /* 272 1.1 elric * 3DES Framework 273 1.1 elric */ 274 1.1 elric 275 1.1 elric struct c3des_privdata { 276 1.1 elric des_key_schedule cp_key1; 277 1.1 elric des_key_schedule cp_key2; 278 1.1 elric des_key_schedule cp_key3; 279 1.1 elric }; 280 1.1 elric 281 1.11 christos static void * 282 1.7 cbiere cgd_cipher_3des_init(size_t keylen, const void *key, size_t *blocksize) 283 1.1 elric { 284 1.1 elric struct c3des_privdata *cp; 285 1.1 elric int error = 0; 286 1.7 cbiere des_cblock *block; 287 1.1 elric 288 1.1 elric if (!blocksize) 289 1.1 elric return NULL; 290 1.6 christos if (*blocksize == (size_t)-1) 291 1.1 elric *blocksize = 64; 292 1.1 elric if (keylen != (DES_KEY_SZ * 3 * 8) || *blocksize != 64) 293 1.1 elric return NULL; 294 1.21 riastrad cp = kmem_zalloc(sizeof(*cp), KM_SLEEP); 295 1.7 cbiere block = __UNCONST(key); 296 1.7 cbiere error = des_key_sched(block, cp->cp_key1); 297 1.7 cbiere error |= des_key_sched(block + 1, cp->cp_key2); 298 1.7 cbiere error |= des_key_sched(block + 2, cp->cp_key3); 299 1.1 elric if (error) { 300 1.12 riastrad explicit_memset(cp, 0, sizeof(*cp)); 301 1.21 riastrad kmem_free(cp, sizeof(*cp)); 302 1.1 elric return NULL; 303 1.1 elric } 304 1.6 christos return cp; 305 1.1 elric } 306 1.1 elric 307 1.11 christos static void 308 1.6 christos cgd_cipher_3des_destroy(void *data) 309 1.1 elric { 310 1.6 christos struct c3des_privdata *cp = data; 311 1.1 elric 312 1.12 riastrad explicit_memset(cp, 0, sizeof(*cp)); 313 1.21 riastrad kmem_free(cp, sizeof(*cp)); 314 1.1 elric } 315 1.1 elric 316 1.1 elric static void 317 1.23 riastrad cgd_cipher_3des_cbc(void *privdata, void *dst, const void *src, size_t nbytes, 318 1.23 riastrad const void *blkno, int dir) 319 1.1 elric { 320 1.6 christos struct c3des_privdata *cp = privdata; 321 1.18 riastrad des_cblock zero; 322 1.23 riastrad uint8_t iv[CGD_3DES_BLOCK_SIZE]; 323 1.18 riastrad 324 1.23 riastrad /* Compute the CBC IV as 3DES_k(blkno) = 3DES-CBC_k(iv=blkno, 0). */ 325 1.18 riastrad memset(&zero, 0, sizeof(zero)); 326 1.23 riastrad des_ede3_cbc_encrypt(blkno, iv, CGD_3DES_BLOCK_SIZE, 327 1.18 riastrad cp->cp_key1, cp->cp_key2, cp->cp_key3, &zero, /*encrypt*/1); 328 1.1 elric 329 1.1 elric switch (dir) { 330 1.1 elric case CGD_CIPHER_ENCRYPT: 331 1.23 riastrad des_ede3_cbc_encrypt(src, dst, nbytes, 332 1.23 riastrad cp->cp_key1, cp->cp_key2, cp->cp_key3, 333 1.23 riastrad (des_cblock *)iv, /*encrypt*/1); 334 1.1 elric break; 335 1.1 elric case CGD_CIPHER_DECRYPT: 336 1.23 riastrad des_ede3_cbc_encrypt(src, dst, nbytes, 337 1.23 riastrad cp->cp_key1, cp->cp_key2, cp->cp_key3, 338 1.23 riastrad (des_cblock *)iv, /*encrypt*/0); 339 1.1 elric break; 340 1.1 elric default: 341 1.17 riastrad panic("%s: unrecognised direction %d", __func__, dir); 342 1.1 elric } 343 1.1 elric } 344 1.1 elric 345 1.1 elric /* 346 1.1 elric * Blowfish Framework 347 1.1 elric */ 348 1.1 elric 349 1.1 elric struct bf_privdata { 350 1.1 elric BF_KEY bp_key; 351 1.1 elric }; 352 1.1 elric 353 1.1 elric struct bf_encdata { 354 1.1 elric BF_KEY *be_key; 355 1.18 riastrad uint8_t be_iv[CGD_BF_BLOCK_SIZE]; 356 1.1 elric }; 357 1.1 elric 358 1.11 christos static void * 359 1.7 cbiere cgd_cipher_bf_init(size_t keylen, const void *key, size_t *blocksize) 360 1.1 elric { 361 1.1 elric struct bf_privdata *bp; 362 1.1 elric 363 1.1 elric if (!blocksize) 364 1.1 elric return NULL; 365 1.3 dan if (keylen < 40 || keylen > 448 || (keylen % 8 != 0)) 366 1.1 elric return NULL; 367 1.6 christos if (*blocksize == (size_t)-1) 368 1.1 elric *blocksize = 64; 369 1.1 elric if (*blocksize != 64) 370 1.1 elric return NULL; 371 1.21 riastrad bp = kmem_zalloc(sizeof(*bp), KM_SLEEP); 372 1.1 elric if (!bp) 373 1.1 elric return NULL; 374 1.3 dan BF_set_key(&bp->bp_key, keylen / 8, key); 375 1.6 christos return bp; 376 1.1 elric } 377 1.1 elric 378 1.11 christos static void 379 1.6 christos cgd_cipher_bf_destroy(void *data) 380 1.1 elric { 381 1.6 christos struct bf_privdata *bp = data; 382 1.1 elric 383 1.12 riastrad explicit_memset(bp, 0, sizeof(*bp)); 384 1.21 riastrad kmem_free(bp, sizeof(*bp)); 385 1.1 elric } 386 1.1 elric 387 1.11 christos static void 388 1.23 riastrad cgd_cipher_bf_cbc(void *privdata, void *dst, const void *src, size_t nbytes, 389 1.23 riastrad const void *blkno, int dir) 390 1.1 elric { 391 1.6 christos struct bf_privdata *bp = privdata; 392 1.23 riastrad uint8_t zero[CGD_BF_BLOCK_SIZE], iv[CGD_BF_BLOCK_SIZE]; 393 1.18 riastrad 394 1.23 riastrad /* Compute the CBC IV as Blowfish_k(blkno) = BF_CBC_k(blkno, 0). */ 395 1.23 riastrad memset(zero, 0, sizeof(zero)); 396 1.23 riastrad BF_cbc_encrypt(blkno, iv, CGD_BF_BLOCK_SIZE, &bp->bp_key, zero, 397 1.18 riastrad /*encrypt*/1); 398 1.1 elric 399 1.1 elric switch (dir) { 400 1.1 elric case CGD_CIPHER_ENCRYPT: 401 1.23 riastrad BF_cbc_encrypt(src, dst, nbytes, &bp->bp_key, iv, 402 1.23 riastrad /*encrypt*/1); 403 1.1 elric break; 404 1.1 elric case CGD_CIPHER_DECRYPT: 405 1.23 riastrad BF_cbc_encrypt(src, dst, nbytes, &bp->bp_key, iv, 406 1.23 riastrad /*encrypt*/0); 407 1.1 elric break; 408 1.1 elric default: 409 1.17 riastrad panic("%s: unrecognised direction %d", __func__, dir); 410 1.1 elric } 411 1.1 elric } 412
Indexes created Tue Sep 23 07:09:52 GMT 2025