cgd_crypto.c revision 1.27 1 1.27 riastrad /* $NetBSD: cgd_crypto.c,v 1.27 2020/07/25 22:14:35 riastradh Exp $ */
2 1.1 elric
3 1.1 elric /*-
4 1.1 elric * Copyright (c) 2002 The NetBSD Foundation, Inc.
5 1.1 elric * All rights reserved.
6 1.1 elric *
7 1.1 elric * This code is derived from software contributed to The NetBSD Foundation
8 1.1 elric * by Roland C. Dowdeswell.
9 1.1 elric *
10 1.1 elric * Redistribution and use in source and binary forms, with or without
11 1.1 elric * modification, are permitted provided that the following conditions
12 1.1 elric * are met:
13 1.1 elric * 1. Redistributions of source code must retain the above copyright
14 1.1 elric * notice, this list of conditions and the following disclaimer.
15 1.1 elric * 2. Redistributions in binary form must reproduce the above copyright
16 1.1 elric * notice, this list of conditions and the following disclaimer in the
17 1.1 elric * documentation and/or other materials provided with the distribution.
18 1.1 elric *
19 1.1 elric * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20 1.1 elric * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21 1.1 elric * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22 1.1 elric * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23 1.1 elric * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 1.1 elric * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 1.1 elric * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 1.1 elric * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 1.1 elric * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 1.1 elric * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 1.1 elric * POSSIBILITY OF SUCH DAMAGE.
30 1.1 elric */
31 1.1 elric
32 1.1 elric /*
33 1.1 elric * Crypto Framework For cgd.c
34 1.1 elric *
35 1.1 elric * This framework is temporary and awaits a more complete
36 1.1 elric * kernel wide crypto implementation.
37 1.1 elric */
38 1.1 elric
39 1.1 elric #include <sys/cdefs.h>
40 1.27 riastrad __KERNEL_RCSID(0, "$NetBSD: cgd_crypto.c,v 1.27 2020/07/25 22:14:35 riastradh Exp $");
41 1.1 elric
42 1.1 elric #include <sys/param.h>
43 1.21 riastrad #include <sys/kmem.h>
44 1.1 elric #include <sys/systm.h>
45 1.1 elric
46 1.1 elric #include <dev/cgd_crypto.h>
47 1.1 elric
48 1.26 riastrad #include <crypto/adiantum/adiantum.h>
49 1.24 riastrad #include <crypto/aes/aes.h>
50 1.27 riastrad #include <crypto/aes/aes_cbc.h>
51 1.27 riastrad #include <crypto/aes/aes_xts.h>
52 1.19 riastrad #include <crypto/blowfish/blowfish.h>
53 1.19 riastrad #include <crypto/des/des.h>
54 1.11 christos
55 1.1 elric /*
56 1.1 elric * The general framework provides only one generic function.
57 1.16 gutterid * It takes the name of an algorithm and returns a struct cryptfuncs *
58 1.1 elric * for it. It is up to the initialisation routines of the algorithm
59 1.1 elric * to check key size and block size.
60 1.1 elric */
61 1.1 elric
62 1.14 alnsn static cfunc_init cgd_cipher_aes_cbc_init;
63 1.14 alnsn static cfunc_destroy cgd_cipher_aes_cbc_destroy;
64 1.14 alnsn static cfunc_cipher cgd_cipher_aes_cbc;
65 1.14 alnsn
66 1.14 alnsn static cfunc_init cgd_cipher_aes_xts_init;
67 1.14 alnsn static cfunc_destroy cgd_cipher_aes_xts_destroy;
68 1.14 alnsn static cfunc_cipher cgd_cipher_aes_xts;
69 1.14 alnsn
70 1.14 alnsn static cfunc_init cgd_cipher_3des_init;
71 1.14 alnsn static cfunc_destroy cgd_cipher_3des_destroy;
72 1.14 alnsn static cfunc_cipher cgd_cipher_3des_cbc;
73 1.14 alnsn
74 1.14 alnsn static cfunc_init cgd_cipher_bf_init;
75 1.14 alnsn static cfunc_destroy cgd_cipher_bf_destroy;
76 1.14 alnsn static cfunc_cipher cgd_cipher_bf_cbc;
77 1.11 christos
78 1.26 riastrad static cfunc_init cgd_cipher_adiantum_init;
79 1.26 riastrad static cfunc_destroy cgd_cipher_adiantum_destroy;
80 1.26 riastrad static cfunc_cipher cgd_cipher_adiantum_crypt;
81 1.26 riastrad
82 1.11 christos static const struct cryptfuncs cf[] = {
83 1.11 christos {
84 1.14 alnsn .cf_name = "aes-xts",
85 1.14 alnsn .cf_init = cgd_cipher_aes_xts_init,
86 1.14 alnsn .cf_destroy = cgd_cipher_aes_xts_destroy,
87 1.14 alnsn .cf_cipher = cgd_cipher_aes_xts,
88 1.14 alnsn },
89 1.14 alnsn {
90 1.11 christos .cf_name = "aes-cbc",
91 1.14 alnsn .cf_init = cgd_cipher_aes_cbc_init,
92 1.14 alnsn .cf_destroy = cgd_cipher_aes_cbc_destroy,
93 1.11 christos .cf_cipher = cgd_cipher_aes_cbc,
94 1.11 christos },
95 1.11 christos {
96 1.11 christos .cf_name = "3des-cbc",
97 1.11 christos .cf_init = cgd_cipher_3des_init,
98 1.11 christos .cf_destroy = cgd_cipher_3des_destroy,
99 1.11 christos .cf_cipher = cgd_cipher_3des_cbc,
100 1.11 christos },
101 1.11 christos {
102 1.11 christos .cf_name = "blowfish-cbc",
103 1.11 christos .cf_init = cgd_cipher_bf_init,
104 1.11 christos .cf_destroy = cgd_cipher_bf_destroy,
105 1.11 christos .cf_cipher = cgd_cipher_bf_cbc,
106 1.11 christos },
107 1.26 riastrad {
108 1.26 riastrad .cf_name = "adiantum",
109 1.26 riastrad .cf_init = cgd_cipher_adiantum_init,
110 1.26 riastrad .cf_destroy = cgd_cipher_adiantum_destroy,
111 1.26 riastrad .cf_cipher = cgd_cipher_adiantum_crypt,
112 1.26 riastrad },
113 1.11 christos };
114 1.11 christos const struct cryptfuncs *
115 1.6 christos cryptfuncs_find(const char *alg)
116 1.1 elric {
117 1.1 elric
118 1.11 christos for (size_t i = 0; i < __arraycount(cf); i++)
119 1.11 christos if (strcmp(cf[i].cf_name, alg) == 0)
120 1.11 christos return &cf[i];
121 1.11 christos
122 1.1 elric return NULL;
123 1.1 elric }
124 1.1 elric
125 1.1 elric /*
126 1.1 elric * AES Framework
127 1.1 elric */
128 1.1 elric
129 1.1 elric struct aes_privdata {
130 1.24 riastrad struct aesenc ap_enckey;
131 1.24 riastrad struct aesdec ap_deckey;
132 1.24 riastrad uint32_t ap_nrounds;
133 1.1 elric };
134 1.1 elric
135 1.11 christos static void *
136 1.14 alnsn cgd_cipher_aes_cbc_init(size_t keylen, const void *key, size_t *blocksize)
137 1.1 elric {
138 1.1 elric struct aes_privdata *ap;
139 1.1 elric
140 1.1 elric if (!blocksize)
141 1.1 elric return NULL;
142 1.1 elric if (keylen != 128 && keylen != 192 && keylen != 256)
143 1.1 elric return NULL;
144 1.6 christos if (*blocksize == (size_t)-1)
145 1.1 elric *blocksize = 128;
146 1.1 elric if (*blocksize != 128)
147 1.1 elric return NULL;
148 1.21 riastrad ap = kmem_zalloc(sizeof(*ap), KM_SLEEP);
149 1.24 riastrad switch (keylen) {
150 1.24 riastrad case 128:
151 1.24 riastrad aes_setenckey128(&ap->ap_enckey, key);
152 1.24 riastrad aes_setdeckey128(&ap->ap_deckey, key);
153 1.24 riastrad ap->ap_nrounds = AES_128_NROUNDS;
154 1.24 riastrad break;
155 1.24 riastrad case 192:
156 1.24 riastrad aes_setenckey192(&ap->ap_enckey, key);
157 1.24 riastrad aes_setdeckey192(&ap->ap_deckey, key);
158 1.24 riastrad ap->ap_nrounds = AES_192_NROUNDS;
159 1.24 riastrad break;
160 1.24 riastrad case 256:
161 1.24 riastrad aes_setenckey256(&ap->ap_enckey, key);
162 1.24 riastrad aes_setdeckey256(&ap->ap_deckey, key);
163 1.24 riastrad ap->ap_nrounds = AES_256_NROUNDS;
164 1.24 riastrad break;
165 1.24 riastrad }
166 1.6 christos return ap;
167 1.1 elric }
168 1.1 elric
169 1.11 christos static void
170 1.14 alnsn cgd_cipher_aes_cbc_destroy(void *data)
171 1.1 elric {
172 1.6 christos struct aes_privdata *apd = data;
173 1.1 elric
174 1.12 riastrad explicit_memset(apd, 0, sizeof(*apd));
175 1.21 riastrad kmem_free(apd, sizeof(*apd));
176 1.1 elric }
177 1.1 elric
178 1.11 christos static void
179 1.23 riastrad cgd_cipher_aes_cbc(void *privdata, void *dst, const void *src, size_t nbytes,
180 1.23 riastrad const void *blkno, int dir)
181 1.1 elric {
182 1.6 christos struct aes_privdata *apd = privdata;
183 1.25 riastrad uint8_t iv[CGD_AES_BLOCK_SIZE] __aligned(CGD_AES_BLOCK_SIZE) = {0};
184 1.18 riastrad
185 1.23 riastrad /* Compute the CBC IV as AES_k(blkno). */
186 1.24 riastrad aes_enc(&apd->ap_enckey, blkno, iv, apd->ap_nrounds);
187 1.1 elric
188 1.1 elric switch (dir) {
189 1.1 elric case CGD_CIPHER_ENCRYPT:
190 1.24 riastrad aes_cbc_enc(&apd->ap_enckey, src, dst, nbytes, iv,
191 1.24 riastrad apd->ap_nrounds);
192 1.1 elric break;
193 1.1 elric case CGD_CIPHER_DECRYPT:
194 1.24 riastrad aes_cbc_dec(&apd->ap_deckey, src, dst, nbytes, iv,
195 1.24 riastrad apd->ap_nrounds);
196 1.14 alnsn break;
197 1.14 alnsn default:
198 1.17 riastrad panic("%s: unrecognised direction %d", __func__, dir);
199 1.14 alnsn }
200 1.14 alnsn }
201 1.14 alnsn
202 1.22 riastrad /*
203 1.22 riastrad * AES-XTS
204 1.22 riastrad */
205 1.22 riastrad
206 1.22 riastrad struct aesxts {
207 1.24 riastrad struct aesenc ax_enckey;
208 1.24 riastrad struct aesdec ax_deckey;
209 1.24 riastrad struct aesenc ax_tweakkey;
210 1.24 riastrad uint32_t ax_nrounds;
211 1.22 riastrad };
212 1.22 riastrad
213 1.14 alnsn static void *
214 1.14 alnsn cgd_cipher_aes_xts_init(size_t keylen, const void *xtskey, size_t *blocksize)
215 1.14 alnsn {
216 1.22 riastrad struct aesxts *ax;
217 1.14 alnsn const char *key, *key2; /* XTS key is made of two AES keys. */
218 1.14 alnsn
219 1.14 alnsn if (!blocksize)
220 1.14 alnsn return NULL;
221 1.14 alnsn if (keylen != 256 && keylen != 512)
222 1.14 alnsn return NULL;
223 1.14 alnsn if (*blocksize == (size_t)-1)
224 1.14 alnsn *blocksize = 128;
225 1.14 alnsn if (*blocksize != 128)
226 1.14 alnsn return NULL;
227 1.14 alnsn
228 1.22 riastrad ax = kmem_zalloc(sizeof(*ax), KM_SLEEP);
229 1.14 alnsn keylen /= 2;
230 1.14 alnsn key = xtskey;
231 1.14 alnsn key2 = key + keylen / CHAR_BIT;
232 1.14 alnsn
233 1.24 riastrad switch (keylen) {
234 1.24 riastrad case 128:
235 1.24 riastrad aes_setenckey128(&ax->ax_enckey, key);
236 1.24 riastrad aes_setdeckey128(&ax->ax_deckey, key);
237 1.24 riastrad aes_setenckey128(&ax->ax_tweakkey, key2);
238 1.24 riastrad ax->ax_nrounds = AES_128_NROUNDS;
239 1.24 riastrad break;
240 1.24 riastrad case 256:
241 1.24 riastrad aes_setenckey256(&ax->ax_enckey, key);
242 1.24 riastrad aes_setdeckey256(&ax->ax_deckey, key);
243 1.24 riastrad aes_setenckey256(&ax->ax_tweakkey, key2);
244 1.24 riastrad ax->ax_nrounds = AES_256_NROUNDS;
245 1.24 riastrad break;
246 1.24 riastrad }
247 1.14 alnsn
248 1.22 riastrad return ax;
249 1.14 alnsn }
250 1.14 alnsn
251 1.14 alnsn static void
252 1.22 riastrad cgd_cipher_aes_xts_destroy(void *cookie)
253 1.14 alnsn {
254 1.22 riastrad struct aesxts *ax = cookie;
255 1.14 alnsn
256 1.22 riastrad explicit_memset(ax, 0, sizeof(*ax));
257 1.22 riastrad kmem_free(ax, sizeof(*ax));
258 1.14 alnsn }
259 1.14 alnsn
260 1.14 alnsn static void
261 1.23 riastrad cgd_cipher_aes_xts(void *cookie, void *dst, const void *src, size_t nbytes,
262 1.23 riastrad const void *blkno, int dir)
263 1.14 alnsn {
264 1.22 riastrad struct aesxts *ax = cookie;
265 1.23 riastrad uint8_t tweak[CGD_AES_BLOCK_SIZE];
266 1.18 riastrad
267 1.23 riastrad /* Compute the initial tweak as AES_k(blkno). */
268 1.24 riastrad aes_enc(&ax->ax_tweakkey, blkno, tweak, ax->ax_nrounds);
269 1.14 alnsn
270 1.14 alnsn switch (dir) {
271 1.14 alnsn case CGD_CIPHER_ENCRYPT:
272 1.24 riastrad aes_xts_enc(&ax->ax_enckey, src, dst, nbytes, tweak,
273 1.24 riastrad ax->ax_nrounds);
274 1.14 alnsn break;
275 1.14 alnsn case CGD_CIPHER_DECRYPT:
276 1.24 riastrad aes_xts_dec(&ax->ax_deckey, src, dst, nbytes, tweak,
277 1.24 riastrad ax->ax_nrounds);
278 1.1 elric break;
279 1.1 elric default:
280 1.17 riastrad panic("%s: unrecognised direction %d", __func__, dir);
281 1.1 elric }
282 1.1 elric }
283 1.1 elric
284 1.1 elric /*
285 1.1 elric * 3DES Framework
286 1.1 elric */
287 1.1 elric
288 1.1 elric struct c3des_privdata {
289 1.1 elric des_key_schedule cp_key1;
290 1.1 elric des_key_schedule cp_key2;
291 1.1 elric des_key_schedule cp_key3;
292 1.1 elric };
293 1.1 elric
294 1.11 christos static void *
295 1.7 cbiere cgd_cipher_3des_init(size_t keylen, const void *key, size_t *blocksize)
296 1.1 elric {
297 1.1 elric struct c3des_privdata *cp;
298 1.1 elric int error = 0;
299 1.7 cbiere des_cblock *block;
300 1.1 elric
301 1.1 elric if (!blocksize)
302 1.1 elric return NULL;
303 1.6 christos if (*blocksize == (size_t)-1)
304 1.1 elric *blocksize = 64;
305 1.1 elric if (keylen != (DES_KEY_SZ * 3 * 8) || *blocksize != 64)
306 1.1 elric return NULL;
307 1.21 riastrad cp = kmem_zalloc(sizeof(*cp), KM_SLEEP);
308 1.7 cbiere block = __UNCONST(key);
309 1.7 cbiere error = des_key_sched(block, cp->cp_key1);
310 1.7 cbiere error |= des_key_sched(block + 1, cp->cp_key2);
311 1.7 cbiere error |= des_key_sched(block + 2, cp->cp_key3);
312 1.1 elric if (error) {
313 1.12 riastrad explicit_memset(cp, 0, sizeof(*cp));
314 1.21 riastrad kmem_free(cp, sizeof(*cp));
315 1.1 elric return NULL;
316 1.1 elric }
317 1.6 christos return cp;
318 1.1 elric }
319 1.1 elric
320 1.11 christos static void
321 1.6 christos cgd_cipher_3des_destroy(void *data)
322 1.1 elric {
323 1.6 christos struct c3des_privdata *cp = data;
324 1.1 elric
325 1.12 riastrad explicit_memset(cp, 0, sizeof(*cp));
326 1.21 riastrad kmem_free(cp, sizeof(*cp));
327 1.1 elric }
328 1.1 elric
329 1.1 elric static void
330 1.23 riastrad cgd_cipher_3des_cbc(void *privdata, void *dst, const void *src, size_t nbytes,
331 1.23 riastrad const void *blkno, int dir)
332 1.1 elric {
333 1.6 christos struct c3des_privdata *cp = privdata;
334 1.18 riastrad des_cblock zero;
335 1.23 riastrad uint8_t iv[CGD_3DES_BLOCK_SIZE];
336 1.18 riastrad
337 1.23 riastrad /* Compute the CBC IV as 3DES_k(blkno) = 3DES-CBC_k(iv=blkno, 0). */
338 1.18 riastrad memset(&zero, 0, sizeof(zero));
339 1.23 riastrad des_ede3_cbc_encrypt(blkno, iv, CGD_3DES_BLOCK_SIZE,
340 1.18 riastrad cp->cp_key1, cp->cp_key2, cp->cp_key3, &zero, /*encrypt*/1);
341 1.1 elric
342 1.1 elric switch (dir) {
343 1.1 elric case CGD_CIPHER_ENCRYPT:
344 1.23 riastrad des_ede3_cbc_encrypt(src, dst, nbytes,
345 1.23 riastrad cp->cp_key1, cp->cp_key2, cp->cp_key3,
346 1.23 riastrad (des_cblock *)iv, /*encrypt*/1);
347 1.1 elric break;
348 1.1 elric case CGD_CIPHER_DECRYPT:
349 1.23 riastrad des_ede3_cbc_encrypt(src, dst, nbytes,
350 1.23 riastrad cp->cp_key1, cp->cp_key2, cp->cp_key3,
351 1.23 riastrad (des_cblock *)iv, /*encrypt*/0);
352 1.1 elric break;
353 1.1 elric default:
354 1.17 riastrad panic("%s: unrecognised direction %d", __func__, dir);
355 1.1 elric }
356 1.1 elric }
357 1.1 elric
358 1.1 elric /*
359 1.1 elric * Blowfish Framework
360 1.1 elric */
361 1.1 elric
362 1.1 elric struct bf_privdata {
363 1.1 elric BF_KEY bp_key;
364 1.1 elric };
365 1.1 elric
366 1.1 elric struct bf_encdata {
367 1.1 elric BF_KEY *be_key;
368 1.18 riastrad uint8_t be_iv[CGD_BF_BLOCK_SIZE];
369 1.1 elric };
370 1.1 elric
371 1.11 christos static void *
372 1.7 cbiere cgd_cipher_bf_init(size_t keylen, const void *key, size_t *blocksize)
373 1.1 elric {
374 1.1 elric struct bf_privdata *bp;
375 1.1 elric
376 1.1 elric if (!blocksize)
377 1.1 elric return NULL;
378 1.3 dan if (keylen < 40 || keylen > 448 || (keylen % 8 != 0))
379 1.1 elric return NULL;
380 1.6 christos if (*blocksize == (size_t)-1)
381 1.1 elric *blocksize = 64;
382 1.1 elric if (*blocksize != 64)
383 1.1 elric return NULL;
384 1.21 riastrad bp = kmem_zalloc(sizeof(*bp), KM_SLEEP);
385 1.1 elric if (!bp)
386 1.1 elric return NULL;
387 1.3 dan BF_set_key(&bp->bp_key, keylen / 8, key);
388 1.6 christos return bp;
389 1.1 elric }
390 1.1 elric
391 1.11 christos static void
392 1.6 christos cgd_cipher_bf_destroy(void *data)
393 1.1 elric {
394 1.6 christos struct bf_privdata *bp = data;
395 1.1 elric
396 1.12 riastrad explicit_memset(bp, 0, sizeof(*bp));
397 1.21 riastrad kmem_free(bp, sizeof(*bp));
398 1.1 elric }
399 1.1 elric
400 1.11 christos static void
401 1.23 riastrad cgd_cipher_bf_cbc(void *privdata, void *dst, const void *src, size_t nbytes,
402 1.23 riastrad const void *blkno, int dir)
403 1.1 elric {
404 1.6 christos struct bf_privdata *bp = privdata;
405 1.23 riastrad uint8_t zero[CGD_BF_BLOCK_SIZE], iv[CGD_BF_BLOCK_SIZE];
406 1.18 riastrad
407 1.23 riastrad /* Compute the CBC IV as Blowfish_k(blkno) = BF_CBC_k(blkno, 0). */
408 1.23 riastrad memset(zero, 0, sizeof(zero));
409 1.23 riastrad BF_cbc_encrypt(blkno, iv, CGD_BF_BLOCK_SIZE, &bp->bp_key, zero,
410 1.18 riastrad /*encrypt*/1);
411 1.1 elric
412 1.1 elric switch (dir) {
413 1.1 elric case CGD_CIPHER_ENCRYPT:
414 1.23 riastrad BF_cbc_encrypt(src, dst, nbytes, &bp->bp_key, iv,
415 1.23 riastrad /*encrypt*/1);
416 1.1 elric break;
417 1.1 elric case CGD_CIPHER_DECRYPT:
418 1.23 riastrad BF_cbc_encrypt(src, dst, nbytes, &bp->bp_key, iv,
419 1.23 riastrad /*encrypt*/0);
420 1.1 elric break;
421 1.1 elric default:
422 1.17 riastrad panic("%s: unrecognised direction %d", __func__, dir);
423 1.1 elric }
424 1.1 elric }
425 1.26 riastrad
426 1.26 riastrad /*
427 1.26 riastrad * Adiantum
428 1.26 riastrad */
429 1.26 riastrad
430 1.26 riastrad static void *
431 1.26 riastrad cgd_cipher_adiantum_init(size_t keylen, const void *key, size_t *blocksize)
432 1.26 riastrad {
433 1.26 riastrad struct adiantum *A;
434 1.26 riastrad
435 1.26 riastrad if (!blocksize)
436 1.26 riastrad return NULL;
437 1.26 riastrad if (keylen != 256)
438 1.26 riastrad return NULL;
439 1.26 riastrad if (*blocksize == (size_t)-1)
440 1.26 riastrad *blocksize = 128;
441 1.26 riastrad if (*blocksize != 128)
442 1.26 riastrad return NULL;
443 1.26 riastrad
444 1.26 riastrad A = kmem_zalloc(sizeof(*A), KM_SLEEP);
445 1.26 riastrad adiantum_init(A, key);
446 1.26 riastrad
447 1.26 riastrad return A;
448 1.26 riastrad }
449 1.26 riastrad
450 1.26 riastrad static void
451 1.26 riastrad cgd_cipher_adiantum_destroy(void *cookie)
452 1.26 riastrad {
453 1.26 riastrad struct adiantum *A = cookie;
454 1.26 riastrad
455 1.26 riastrad explicit_memset(A, 0, sizeof(*A));
456 1.26 riastrad kmem_free(A, sizeof(*A));
457 1.26 riastrad }
458 1.26 riastrad
459 1.26 riastrad static void
460 1.26 riastrad cgd_cipher_adiantum_crypt(void *cookie, void *dst, const void *src,
461 1.26 riastrad size_t nbytes, const void *blkno, int dir)
462 1.26 riastrad {
463 1.26 riastrad /*
464 1.26 riastrad * Treat the block number as a 128-bit block. This is more
465 1.26 riastrad * than twice as big as the largest number of reasonable
466 1.26 riastrad * blocks, but it doesn't hurt (it would be rounded up to a
467 1.26 riastrad * 128-bit input anyway).
468 1.26 riastrad */
469 1.26 riastrad const unsigned tweaklen = 16;
470 1.26 riastrad struct adiantum *A = cookie;
471 1.26 riastrad
472 1.26 riastrad switch (dir) {
473 1.26 riastrad case CGD_CIPHER_ENCRYPT:
474 1.26 riastrad adiantum_enc(dst, src, nbytes, blkno, tweaklen, A);
475 1.26 riastrad break;
476 1.26 riastrad case CGD_CIPHER_DECRYPT:
477 1.26 riastrad adiantum_dec(dst, src, nbytes, blkno, tweaklen, A);
478 1.26 riastrad break;
479 1.26 riastrad default:
480 1.26 riastrad panic("%s: unrecognised direction %d", __func__, dir);
481 1.26 riastrad }
482 1.26 riastrad }
483