cryptosoft_xform.c revision 1.10
1 /* $NetBSD: cryptosoft_xform.c,v 1.10 2009/03/14 15:36:24 dsl Exp $ */ 2 /* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */ 3 /* $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */ 4 5 /* 6 * The authors of this code are John Ioannidis (ji (at) tla.org), 7 * Angelos D. Keromytis (kermit (at) csd.uch.gr) and 8 * Niels Provos (provos (at) physnet.uni-hamburg.de). 9 * 10 * This code was written by John Ioannidis for BSD/OS in Athens, Greece, 11 * in November 1995. 12 * 13 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 14 * by Angelos D. Keromytis. 15 * 16 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis 17 * and Niels Provos. 18 * 19 * Additional features in 1999 by Angelos D. Keromytis. 20 * 21 * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, 22 * Angelos D. Keromytis and Niels Provos. 23 * 24 * Copyright (C) 2001, Angelos D. Keromytis. 25 * 26 * Permission to use, copy, and modify this software with or without fee 27 * is hereby granted, provided that this entire notice is included in 28 * all copies of any software which is or includes a copy or 29 * modification of this software. 30 * You may use this code under the GNU public license if you so wish. Please 31 * contribute changes back to the authors under this freer than GPL license 32 * so that we may further the use of strong encryption without limitations to 33 * all. 34 * 35 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 36 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 37 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 38 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 39 * PURPOSE. 40 */ 41 42 #include <sys/cdefs.h> 43 __KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.10 2009/03/14 15:36:24 dsl Exp $"); 44 45 #include <crypto/blowfish/blowfish.h> 46 #include <crypto/cast128/cast128.h> 47 #include <crypto/des/des.h> 48 #include <crypto/rijndael/rijndael.h> 49 #include <crypto/skipjack/skipjack.h> 50 51 #include <opencrypto/deflate.h> 52 53 #include <sys/md5.h> 54 #include <sys/rmd160.h> 55 #include <sys/sha1.h> 56 57 struct swcr_auth_hash { 58 struct auth_hash *auth_hash; 59 void (*Init)(void *); 60 int (*Update)(void *, const uint8_t *, uint16_t); 61 void (*Final)(uint8_t *, void *); 62 }; 63 64 struct swcr_enc_xform { 65 struct enc_xform *enc_xform; 66 void (*encrypt)(void *, uint8_t *); 67 void (*decrypt)(void *, uint8_t *); 68 int (*setkey)(uint8_t **, const uint8_t *, int len); 69 void (*zerokey)(uint8_t **); 70 }; 71 72 struct swcr_comp_algo { 73 struct comp_algo *comp_algo; 74 uint32_t (*compress)(uint8_t *, uint32_t, uint8_t **); 75 uint32_t (*decompress)(uint8_t *, uint32_t, uint8_t **); 76 }; 77 78 static void null_encrypt(void *, u_int8_t *); 79 static void null_decrypt(void *, u_int8_t *); 80 static int null_setkey(u_int8_t **, const u_int8_t *, int); 81 static void null_zerokey(u_int8_t **); 82 83 static int des1_setkey(u_int8_t **, const u_int8_t *, int); 84 static int des3_setkey(u_int8_t **, const u_int8_t *, int); 85 static int blf_setkey(u_int8_t **, const u_int8_t *, int); 86 static int cast5_setkey(u_int8_t **, const u_int8_t *, int); 87 static int skipjack_setkey(u_int8_t **, const u_int8_t *, int); 88 static int rijndael128_setkey(u_int8_t **, const u_int8_t *, int); 89 static void des1_encrypt(void *, u_int8_t *); 90 static void des3_encrypt(void *, u_int8_t *); 91 static void blf_encrypt(void *, u_int8_t *); 92 static void cast5_encrypt(void *, u_int8_t *); 93 static void skipjack_encrypt(void *, u_int8_t *); 94 static void rijndael128_encrypt(void *, u_int8_t *); 95 static void des1_decrypt(void *, u_int8_t *); 96 static void des3_decrypt(void *, u_int8_t *); 97 static void blf_decrypt(void *, u_int8_t *); 98 static void cast5_decrypt(void *, u_int8_t *); 99 static void skipjack_decrypt(void *, u_int8_t *); 100 static void rijndael128_decrypt(void *, u_int8_t *); 101 static void des1_zerokey(u_int8_t **); 102 static void des3_zerokey(u_int8_t **); 103 static void blf_zerokey(u_int8_t **); 104 static void cast5_zerokey(u_int8_t **); 105 static void skipjack_zerokey(u_int8_t **); 106 static void rijndael128_zerokey(u_int8_t **); 107 108 static void null_init(void *); 109 static int null_update(void *, const u_int8_t *, u_int16_t); 110 static void null_final(u_int8_t *, void *); 111 112 static int MD5Update_int(void *, const u_int8_t *, u_int16_t); 113 static void SHA1Init_int(void *); 114 static int SHA1Update_int(void *, const u_int8_t *, u_int16_t); 115 static void SHA1Final_int(u_int8_t *, void *); 116 117 118 static int RMD160Update_int(void *, const u_int8_t *, u_int16_t); 119 static int SHA1Update_int(void *, const u_int8_t *, u_int16_t); 120 static void SHA1Final_int(u_int8_t *, void *); 121 static int RMD160Update_int(void *, const u_int8_t *, u_int16_t); 122 static int SHA256Update_int(void *, const u_int8_t *, u_int16_t); 123 static int SHA384Update_int(void *, const u_int8_t *, u_int16_t); 124 static int SHA512Update_int(void *, const u_int8_t *, u_int16_t); 125 126 static u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **); 127 static u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **); 128 129 /* Encryption instances */ 130 static const struct swcr_enc_xform swcr_enc_xform_null = { 131 &enc_xform_null, 132 null_encrypt, 133 null_decrypt, 134 null_setkey, 135 null_zerokey, 136 }; 137 138 static const struct swcr_enc_xform swcr_enc_xform_des = { 139 &enc_xform_des, 140 des1_encrypt, 141 des1_decrypt, 142 des1_setkey, 143 des1_zerokey, 144 }; 145 146 static const struct swcr_enc_xform swcr_enc_xform_3des = { 147 &enc_xform_3des, 148 des3_encrypt, 149 des3_decrypt, 150 des3_setkey, 151 des3_zerokey 152 }; 153 154 static const struct swcr_enc_xform swcr_enc_xform_blf = { 155 &enc_xform_blf, 156 blf_encrypt, 157 blf_decrypt, 158 blf_setkey, 159 blf_zerokey 160 }; 161 162 static const struct swcr_enc_xform swcr_enc_xform_cast5 = { 163 &enc_xform_cast5, 164 cast5_encrypt, 165 cast5_decrypt, 166 cast5_setkey, 167 cast5_zerokey 168 }; 169 170 static const struct swcr_enc_xform swcr_enc_xform_skipjack = { 171 &enc_xform_skipjack, 172 skipjack_encrypt, 173 skipjack_decrypt, 174 skipjack_setkey, 175 skipjack_zerokey 176 }; 177 178 static const struct swcr_enc_xform swcr_enc_xform_rijndael128 = { 179 &enc_xform_rijndael128, 180 rijndael128_encrypt, 181 rijndael128_decrypt, 182 rijndael128_setkey, 183 rijndael128_zerokey, 184 }; 185 186 static const struct swcr_enc_xform swcr_enc_xform_arc4 = { 187 &enc_xform_arc4, 188 NULL, 189 NULL, 190 NULL, 191 NULL, 192 }; 193 194 /* Authentication instances */ 195 static const struct swcr_auth_hash swcr_auth_hash_null = { 196 &auth_hash_null, 197 null_init, null_update, null_final 198 }; 199 200 static const struct swcr_auth_hash swcr_auth_hash_hmac_md5 = { 201 &auth_hash_hmac_md5, 202 (void (*) (void *)) MD5Init, MD5Update_int, 203 (void (*) (u_int8_t *, void *)) MD5Final 204 }; 205 206 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1 = { 207 &auth_hash_hmac_sha1, 208 SHA1Init_int, SHA1Update_int, SHA1Final_int 209 }; 210 211 static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160 = { 212 &auth_hash_hmac_ripemd_160, 213 (void (*)(void *)) RMD160Init, RMD160Update_int, 214 (void (*)(u_int8_t *, void *)) RMD160Final 215 }; 216 static const struct swcr_auth_hash swcr_auth_hash_hmac_md5_96 = { 217 &auth_hash_hmac_md5_96, 218 (void (*) (void *)) MD5Init, MD5Update_int, 219 (void (*) (u_int8_t *, void *)) MD5Final 220 }; 221 222 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1_96 = { 223 &auth_hash_hmac_sha1_96, 224 SHA1Init_int, SHA1Update_int, SHA1Final_int 225 }; 226 227 static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160_96 = { 228 &auth_hash_hmac_ripemd_160_96, 229 (void (*)(void *)) RMD160Init, RMD160Update_int, 230 (void (*)(u_int8_t *, void *)) RMD160Final 231 }; 232 233 static const struct swcr_auth_hash swcr_auth_hash_key_md5 = { 234 &auth_hash_key_md5, 235 (void (*)(void *)) MD5Init, MD5Update_int, 236 (void (*)(u_int8_t *, void *)) MD5Final 237 }; 238 239 static const struct swcr_auth_hash swcr_auth_hash_key_sha1 = { 240 &auth_hash_key_sha1, 241 SHA1Init_int, SHA1Update_int, SHA1Final_int 242 }; 243 244 static const struct swcr_auth_hash swcr_auth_hash_md5 = { 245 &auth_hash_md5, 246 (void (*) (void *)) MD5Init, MD5Update_int, 247 (void (*) (u_int8_t *, void *)) MD5Final 248 }; 249 250 static const struct swcr_auth_hash swcr_auth_hash_sha1 = { 251 &auth_hash_sha1, 252 (void (*)(void *)) SHA1Init, SHA1Update_int, 253 (void (*)(u_int8_t *, void *)) SHA1Final 254 }; 255 256 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_256 = { 257 &auth_hash_hmac_sha2_256, 258 (void (*)(void *)) SHA256_Init, SHA256Update_int, 259 (void (*)(u_int8_t *, void *)) SHA256_Final 260 }; 261 262 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_384 = { 263 &auth_hash_hmac_sha2_384, 264 (void (*)(void *)) SHA384_Init, SHA384Update_int, 265 (void (*)(u_int8_t *, void *)) SHA384_Final 266 }; 267 268 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_512 = { 269 &auth_hash_hmac_sha2_384, 270 (void (*)(void *)) SHA512_Init, SHA512Update_int, 271 (void (*)(u_int8_t *, void *)) SHA512_Final 272 }; 273 274 /* Compression instance */ 275 static const struct swcr_comp_algo swcr_comp_algo_deflate = { 276 &comp_algo_deflate, 277 deflate_compress, 278 deflate_decompress 279 }; 280 281 /* 282 * Encryption wrapper routines. 283 */ 284 static void 285 null_encrypt(void *key, u_int8_t *blk) 286 { 287 } 288 static void 289 null_decrypt(void *key, u_int8_t *blk) 290 { 291 } 292 static int 293 null_setkey(u_int8_t **sched, const u_int8_t *key, int len) 294 { 295 *sched = NULL; 296 return 0; 297 } 298 static void 299 null_zerokey(u_int8_t **sched) 300 { 301 *sched = NULL; 302 } 303 304 static void 305 des1_encrypt(void *key, u_int8_t *blk) 306 { 307 des_cblock *cb = (des_cblock *) blk; 308 des_key_schedule *p = (des_key_schedule *) key; 309 310 des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT); 311 } 312 313 static void 314 des1_decrypt(void *key, u_int8_t *blk) 315 { 316 des_cblock *cb = (des_cblock *) blk; 317 des_key_schedule *p = (des_key_schedule *) key; 318 319 des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT); 320 } 321 322 static int 323 des1_setkey(u_int8_t **sched, const u_int8_t *key, int len) 324 { 325 des_key_schedule *p; 326 int err; 327 328 p = malloc(sizeof (des_key_schedule), 329 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 330 if (p != NULL) { 331 des_set_key((des_cblock *)__UNCONST(key), p[0]); 332 err = 0; 333 } else 334 err = ENOMEM; 335 *sched = (u_int8_t *) p; 336 return err; 337 } 338 339 static void 340 des1_zerokey(u_int8_t **sched) 341 { 342 bzero(*sched, sizeof (des_key_schedule)); 343 free(*sched, M_CRYPTO_DATA); 344 *sched = NULL; 345 } 346 347 static void 348 des3_encrypt(void *key, u_int8_t *blk) 349 { 350 des_cblock *cb = (des_cblock *) blk; 351 des_key_schedule *p = (des_key_schedule *) key; 352 353 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT); 354 } 355 356 static void 357 des3_decrypt(void *key, u_int8_t *blk) 358 { 359 des_cblock *cb = (des_cblock *) blk; 360 des_key_schedule *p = (des_key_schedule *) key; 361 362 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT); 363 } 364 365 static int 366 des3_setkey(u_int8_t **sched, const u_int8_t *key, int len) 367 { 368 des_key_schedule *p; 369 int err; 370 371 p = malloc(3*sizeof (des_key_schedule), 372 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 373 if (p != NULL) { 374 des_set_key((des_cblock *)__UNCONST(key + 0), p[0]); 375 des_set_key((des_cblock *)__UNCONST(key + 8), p[1]); 376 des_set_key((des_cblock *)__UNCONST(key + 16), p[2]); 377 err = 0; 378 } else 379 err = ENOMEM; 380 *sched = (u_int8_t *) p; 381 return err; 382 } 383 384 static void 385 des3_zerokey(u_int8_t **sched) 386 { 387 bzero(*sched, 3*sizeof (des_key_schedule)); 388 free(*sched, M_CRYPTO_DATA); 389 *sched = NULL; 390 } 391 392 static void 393 blf_encrypt(void *key, u_int8_t *blk) 394 { 395 396 BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 1); 397 } 398 399 static void 400 blf_decrypt(void *key, u_int8_t *blk) 401 { 402 403 BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 0); 404 } 405 406 static int 407 blf_setkey(u_int8_t **sched, const u_int8_t *key, int len) 408 { 409 int err; 410 411 *sched = malloc(sizeof(BF_KEY), 412 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 413 if (*sched != NULL) { 414 BF_set_key((BF_KEY *) *sched, len, key); 415 err = 0; 416 } else 417 err = ENOMEM; 418 return err; 419 } 420 421 static void 422 blf_zerokey(u_int8_t **sched) 423 { 424 bzero(*sched, sizeof(BF_KEY)); 425 free(*sched, M_CRYPTO_DATA); 426 *sched = NULL; 427 } 428 429 static void 430 cast5_encrypt(void *key, u_int8_t *blk) 431 { 432 cast128_encrypt((cast128_key *) key, blk, blk); 433 } 434 435 static void 436 cast5_decrypt(void *key, u_int8_t *blk) 437 { 438 cast128_decrypt((cast128_key *) key, blk, blk); 439 } 440 441 static int 442 cast5_setkey(u_int8_t **sched, const u_int8_t *key, int len) 443 { 444 int err; 445 446 *sched = malloc(sizeof(cast128_key), M_CRYPTO_DATA, 447 M_NOWAIT|M_ZERO); 448 if (*sched != NULL) { 449 cast128_setkey((cast128_key *)*sched, key, len); 450 err = 0; 451 } else 452 err = ENOMEM; 453 return err; 454 } 455 456 static void 457 cast5_zerokey(u_int8_t **sched) 458 { 459 bzero(*sched, sizeof(cast128_key)); 460 free(*sched, M_CRYPTO_DATA); 461 *sched = NULL; 462 } 463 464 static void 465 skipjack_encrypt(void *key, u_int8_t *blk) 466 { 467 skipjack_forwards(blk, blk, (u_int8_t **) key); 468 } 469 470 static void 471 skipjack_decrypt(void *key, u_int8_t *blk) 472 { 473 skipjack_backwards(blk, blk, (u_int8_t **) key); 474 } 475 476 static int 477 skipjack_setkey(u_int8_t **sched, const u_int8_t *key, int len) 478 { 479 int err; 480 481 /* NB: allocate all the memory that's needed at once */ 482 /* XXX assumes bytes are aligned on sizeof(u_char) == 1 boundaries. 483 * Will this break a pdp-10, Cray-1, or GE-645 port? 484 */ 485 *sched = malloc(10 * (sizeof(u_int8_t *) + 0x100), 486 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 487 488 if (*sched != NULL) { 489 490 u_int8_t** key_tables = (u_int8_t**) *sched; 491 u_int8_t* table = (u_int8_t*) &key_tables[10]; 492 int k; 493 494 for (k = 0; k < 10; k++) { 495 key_tables[k] = table; 496 table += 0x100; 497 } 498 subkey_table_gen(key, (u_int8_t **) *sched); 499 err = 0; 500 } else 501 err = ENOMEM; 502 return err; 503 } 504 505 static void 506 skipjack_zerokey(u_int8_t **sched) 507 { 508 bzero(*sched, 10 * (sizeof(u_int8_t *) + 0x100)); 509 free(*sched, M_CRYPTO_DATA); 510 *sched = NULL; 511 } 512 513 static void 514 rijndael128_encrypt(void *key, u_int8_t *blk) 515 { 516 rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk); 517 } 518 519 static void 520 rijndael128_decrypt(void *key, u_int8_t *blk) 521 { 522 rijndael_decrypt((rijndael_ctx *) key, (u_char *) blk, 523 (u_char *) blk); 524 } 525 526 static int 527 rijndael128_setkey(u_int8_t **sched, const u_int8_t *key, int len) 528 { 529 int err; 530 531 *sched = malloc(sizeof(rijndael_ctx), M_CRYPTO_DATA, 532 M_NOWAIT|M_ZERO); 533 if (*sched != NULL) { 534 rijndael_set_key((rijndael_ctx *) *sched, key, len * 8); 535 err = 0; 536 } else 537 err = ENOMEM; 538 return err; 539 } 540 541 static void 542 rijndael128_zerokey(u_int8_t **sched) 543 { 544 bzero(*sched, sizeof(rijndael_ctx)); 545 free(*sched, M_CRYPTO_DATA); 546 *sched = NULL; 547 } 548 549 /* 550 * And now for auth. 551 */ 552 553 static void 554 null_init(void *ctx) 555 { 556 } 557 558 static int 559 null_update(void *ctx, const u_int8_t *buf, 560 u_int16_t len) 561 { 562 return 0; 563 } 564 565 static void 566 null_final(u_int8_t *buf, void *ctx) 567 { 568 if (buf != (u_int8_t *) 0) 569 bzero(buf, 12); 570 } 571 572 static int 573 RMD160Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 574 { 575 RMD160Update(ctx, buf, len); 576 return 0; 577 } 578 579 static int 580 MD5Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 581 { 582 MD5Update(ctx, buf, len); 583 return 0; 584 } 585 586 static void 587 SHA1Init_int(void *ctx) 588 { 589 SHA1Init(ctx); 590 } 591 592 static int 593 SHA1Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 594 { 595 SHA1Update(ctx, buf, len); 596 return 0; 597 } 598 599 static void 600 SHA1Final_int(u_int8_t *blk, void *ctx) 601 { 602 SHA1Final(blk, ctx); 603 } 604 605 static int 606 SHA256Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 607 { 608 SHA256_Update(ctx, buf, len); 609 return 0; 610 } 611 612 static int 613 SHA384Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 614 { 615 SHA384_Update(ctx, buf, len); 616 return 0; 617 } 618 619 static int 620 SHA512Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 621 { 622 SHA512_Update(ctx, buf, len); 623 return 0; 624 } 625 626 /* 627 * And compression 628 */ 629 630 static u_int32_t 631 deflate_compress(u_int8_t *data, u_int32_t size, u_int8_t **out) 632 { 633 return deflate_global(data, size, 0, out); 634 } 635 636 static u_int32_t 637 deflate_decompress(u_int8_t *data, u_int32_t size, u_int8_t **out) 638 { 639 return deflate_global(data, size, 1, out); 640 } 641
Indexes created Wed Sep 24 05:09:52 GMT 2025