cryptosoft_xform.c revision 1.18
1 /* $NetBSD: cryptosoft_xform.c,v 1.18 2011/05/23 13:51:10 drochner Exp $ */ 2 /* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */ 3 /* $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */ 4 5 /* 6 * The authors of this code are John Ioannidis (ji (at) tla.org), 7 * Angelos D. Keromytis (kermit (at) csd.uch.gr) and 8 * Niels Provos (provos (at) physnet.uni-hamburg.de). 9 * 10 * This code was written by John Ioannidis for BSD/OS in Athens, Greece, 11 * in November 1995. 12 * 13 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 14 * by Angelos D. Keromytis. 15 * 16 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis 17 * and Niels Provos. 18 * 19 * Additional features in 1999 by Angelos D. Keromytis. 20 * 21 * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, 22 * Angelos D. Keromytis and Niels Provos. 23 * 24 * Copyright (C) 2001, Angelos D. Keromytis. 25 * 26 * Permission to use, copy, and modify this software with or without fee 27 * is hereby granted, provided that this entire notice is included in 28 * all copies of any software which is or includes a copy or 29 * modification of this software. 30 * You may use this code under the GNU public license if you so wish. Please 31 * contribute changes back to the authors under this freer than GPL license 32 * so that we may further the use of strong encryption without limitations to 33 * all. 34 * 35 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 36 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 37 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 38 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 39 * PURPOSE. 40 */ 41 42 #include <sys/cdefs.h> 43 __KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.18 2011/05/23 13:51:10 drochner Exp $"); 44 45 #include <crypto/blowfish/blowfish.h> 46 #include <crypto/cast128/cast128.h> 47 #include <crypto/des/des.h> 48 #include <crypto/rijndael/rijndael.h> 49 #include <crypto/skipjack/skipjack.h> 50 #include <crypto/camellia/camellia.h> 51 52 #include <opencrypto/deflate.h> 53 54 #include <sys/md5.h> 55 #include <sys/rmd160.h> 56 #include <sys/sha1.h> 57 58 struct swcr_auth_hash { 59 const struct auth_hash *auth_hash; 60 void (*Init)(void *); 61 int (*Update)(void *, const uint8_t *, uint16_t); 62 void (*Final)(uint8_t *, void *); 63 }; 64 65 struct swcr_enc_xform { 66 const struct enc_xform *enc_xform; 67 void (*encrypt)(void *, uint8_t *); 68 void (*decrypt)(void *, uint8_t *); 69 int (*setkey)(uint8_t **, const uint8_t *, int); 70 void (*zerokey)(uint8_t **); 71 void (*reinit)(void *, const uint8_t *); 72 }; 73 74 struct swcr_comp_algo { 75 const struct comp_algo *unused_comp_algo; 76 uint32_t (*compress)(uint8_t *, uint32_t, uint8_t **); 77 uint32_t (*decompress)(uint8_t *, uint32_t, uint8_t **, int); 78 }; 79 80 static void null_encrypt(void *, u_int8_t *); 81 static void null_decrypt(void *, u_int8_t *); 82 static int null_setkey(u_int8_t **, const u_int8_t *, int); 83 static void null_zerokey(u_int8_t **); 84 85 static int des1_setkey(u_int8_t **, const u_int8_t *, int); 86 static int des3_setkey(u_int8_t **, const u_int8_t *, int); 87 static int blf_setkey(u_int8_t **, const u_int8_t *, int); 88 static int cast5_setkey(u_int8_t **, const u_int8_t *, int); 89 static int skipjack_setkey(u_int8_t **, const u_int8_t *, int); 90 static int rijndael128_setkey(u_int8_t **, const u_int8_t *, int); 91 static int cml_setkey(u_int8_t **, const u_int8_t *, int); 92 static int aes_ctr_setkey(u_int8_t **, const u_int8_t *, int); 93 static void des1_encrypt(void *, u_int8_t *); 94 static void des3_encrypt(void *, u_int8_t *); 95 static void blf_encrypt(void *, u_int8_t *); 96 static void cast5_encrypt(void *, u_int8_t *); 97 static void skipjack_encrypt(void *, u_int8_t *); 98 static void rijndael128_encrypt(void *, u_int8_t *); 99 static void cml_encrypt(void *, u_int8_t *); 100 static void des1_decrypt(void *, u_int8_t *); 101 static void des3_decrypt(void *, u_int8_t *); 102 static void blf_decrypt(void *, u_int8_t *); 103 static void cast5_decrypt(void *, u_int8_t *); 104 static void skipjack_decrypt(void *, u_int8_t *); 105 static void rijndael128_decrypt(void *, u_int8_t *); 106 static void cml_decrypt(void *, u_int8_t *); 107 static void aes_ctr_crypt(void *, u_int8_t *); 108 static void des1_zerokey(u_int8_t **); 109 static void des3_zerokey(u_int8_t **); 110 static void blf_zerokey(u_int8_t **); 111 static void cast5_zerokey(u_int8_t **); 112 static void skipjack_zerokey(u_int8_t **); 113 static void rijndael128_zerokey(u_int8_t **); 114 static void cml_zerokey(u_int8_t **); 115 static void aes_ctr_zerokey(u_int8_t **); 116 static void aes_ctr_reinit(void *, const u_int8_t *); 117 118 static void null_init(void *); 119 static int null_update(void *, const u_int8_t *, u_int16_t); 120 static void null_final(u_int8_t *, void *); 121 122 static int MD5Update_int(void *, const u_int8_t *, u_int16_t); 123 static void SHA1Init_int(void *); 124 static int SHA1Update_int(void *, const u_int8_t *, u_int16_t); 125 static void SHA1Final_int(u_int8_t *, void *); 126 127 128 static int RMD160Update_int(void *, const u_int8_t *, u_int16_t); 129 static int SHA1Update_int(void *, const u_int8_t *, u_int16_t); 130 static void SHA1Final_int(u_int8_t *, void *); 131 static int RMD160Update_int(void *, const u_int8_t *, u_int16_t); 132 static int SHA256Update_int(void *, const u_int8_t *, u_int16_t); 133 static int SHA384Update_int(void *, const u_int8_t *, u_int16_t); 134 static int SHA512Update_int(void *, const u_int8_t *, u_int16_t); 135 136 static u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **); 137 static u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **, int); 138 static u_int32_t gzip_compress(u_int8_t *, u_int32_t, u_int8_t **); 139 static u_int32_t gzip_decompress(u_int8_t *, u_int32_t, u_int8_t **, int); 140 141 /* Encryption instances */ 142 static const struct swcr_enc_xform swcr_enc_xform_null = { 143 &enc_xform_null, 144 null_encrypt, 145 null_decrypt, 146 null_setkey, 147 null_zerokey, 148 NULL 149 }; 150 151 static const struct swcr_enc_xform swcr_enc_xform_des = { 152 &enc_xform_des, 153 des1_encrypt, 154 des1_decrypt, 155 des1_setkey, 156 des1_zerokey, 157 NULL 158 }; 159 160 static const struct swcr_enc_xform swcr_enc_xform_3des = { 161 &enc_xform_3des, 162 des3_encrypt, 163 des3_decrypt, 164 des3_setkey, 165 des3_zerokey, 166 NULL 167 }; 168 169 static const struct swcr_enc_xform swcr_enc_xform_blf = { 170 &enc_xform_blf, 171 blf_encrypt, 172 blf_decrypt, 173 blf_setkey, 174 blf_zerokey, 175 NULL 176 }; 177 178 static const struct swcr_enc_xform swcr_enc_xform_cast5 = { 179 &enc_xform_cast5, 180 cast5_encrypt, 181 cast5_decrypt, 182 cast5_setkey, 183 cast5_zerokey, 184 NULL 185 }; 186 187 static const struct swcr_enc_xform swcr_enc_xform_skipjack = { 188 &enc_xform_skipjack, 189 skipjack_encrypt, 190 skipjack_decrypt, 191 skipjack_setkey, 192 skipjack_zerokey, 193 NULL 194 }; 195 196 static const struct swcr_enc_xform swcr_enc_xform_rijndael128 = { 197 &enc_xform_rijndael128, 198 rijndael128_encrypt, 199 rijndael128_decrypt, 200 rijndael128_setkey, 201 rijndael128_zerokey, 202 NULL 203 }; 204 205 static const struct swcr_enc_xform swcr_enc_xform_aes_ctr = { 206 &enc_xform_aes_ctr, 207 aes_ctr_crypt, 208 aes_ctr_crypt, 209 aes_ctr_setkey, 210 aes_ctr_zerokey, 211 aes_ctr_reinit 212 }; 213 214 static const struct swcr_enc_xform swcr_enc_xform_arc4 = { 215 &enc_xform_arc4, 216 NULL, 217 NULL, 218 NULL, 219 NULL, 220 NULL 221 }; 222 223 static const struct swcr_enc_xform swcr_enc_xform_camellia = { 224 &enc_xform_camellia, 225 cml_encrypt, 226 cml_decrypt, 227 cml_setkey, 228 cml_zerokey, 229 NULL 230 }; 231 232 /* Authentication instances */ 233 static const struct swcr_auth_hash swcr_auth_hash_null = { 234 &auth_hash_null, 235 null_init, null_update, null_final 236 }; 237 238 static const struct swcr_auth_hash swcr_auth_hash_hmac_md5 = { 239 &auth_hash_hmac_md5, 240 (void (*) (void *)) MD5Init, MD5Update_int, 241 (void (*) (u_int8_t *, void *)) MD5Final 242 }; 243 244 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1 = { 245 &auth_hash_hmac_sha1, 246 SHA1Init_int, SHA1Update_int, SHA1Final_int 247 }; 248 249 static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160 = { 250 &auth_hash_hmac_ripemd_160, 251 (void (*)(void *)) RMD160Init, RMD160Update_int, 252 (void (*)(u_int8_t *, void *)) RMD160Final 253 }; 254 static const struct swcr_auth_hash swcr_auth_hash_hmac_md5_96 = { 255 &auth_hash_hmac_md5_96, 256 (void (*) (void *)) MD5Init, MD5Update_int, 257 (void (*) (u_int8_t *, void *)) MD5Final 258 }; 259 260 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1_96 = { 261 &auth_hash_hmac_sha1_96, 262 SHA1Init_int, SHA1Update_int, SHA1Final_int 263 }; 264 265 static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160_96 = { 266 &auth_hash_hmac_ripemd_160_96, 267 (void (*)(void *)) RMD160Init, RMD160Update_int, 268 (void (*)(u_int8_t *, void *)) RMD160Final 269 }; 270 271 static const struct swcr_auth_hash swcr_auth_hash_key_md5 = { 272 &auth_hash_key_md5, 273 (void (*)(void *)) MD5Init, MD5Update_int, 274 (void (*)(u_int8_t *, void *)) MD5Final 275 }; 276 277 static const struct swcr_auth_hash swcr_auth_hash_key_sha1 = { 278 &auth_hash_key_sha1, 279 SHA1Init_int, SHA1Update_int, SHA1Final_int 280 }; 281 282 static const struct swcr_auth_hash swcr_auth_hash_md5 = { 283 &auth_hash_md5, 284 (void (*) (void *)) MD5Init, MD5Update_int, 285 (void (*) (u_int8_t *, void *)) MD5Final 286 }; 287 288 static const struct swcr_auth_hash swcr_auth_hash_sha1 = { 289 &auth_hash_sha1, 290 (void (*)(void *)) SHA1Init, SHA1Update_int, 291 (void (*)(u_int8_t *, void *)) SHA1Final 292 }; 293 294 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_256 = { 295 &auth_hash_hmac_sha2_256, 296 (void (*)(void *)) SHA256_Init, SHA256Update_int, 297 (void (*)(u_int8_t *, void *)) SHA256_Final 298 }; 299 300 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_384 = { 301 &auth_hash_hmac_sha2_384, 302 (void (*)(void *)) SHA384_Init, SHA384Update_int, 303 (void (*)(u_int8_t *, void *)) SHA384_Final 304 }; 305 306 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_512 = { 307 &auth_hash_hmac_sha2_384, 308 (void (*)(void *)) SHA512_Init, SHA512Update_int, 309 (void (*)(u_int8_t *, void *)) SHA512_Final 310 }; 311 312 /* Compression instance */ 313 static const struct swcr_comp_algo swcr_comp_algo_deflate = { 314 &comp_algo_deflate, 315 deflate_compress, 316 deflate_decompress 317 }; 318 319 static const struct swcr_comp_algo swcr_comp_algo_deflate_nogrow = { 320 &comp_algo_deflate_nogrow, 321 deflate_compress, 322 deflate_decompress 323 }; 324 325 static const struct swcr_comp_algo swcr_comp_algo_gzip = { 326 &comp_algo_deflate, 327 gzip_compress, 328 gzip_decompress 329 }; 330 331 /* 332 * Encryption wrapper routines. 333 */ 334 static void 335 null_encrypt(void *key, u_int8_t *blk) 336 { 337 } 338 static void 339 null_decrypt(void *key, u_int8_t *blk) 340 { 341 } 342 static int 343 null_setkey(u_int8_t **sched, const u_int8_t *key, int len) 344 { 345 *sched = NULL; 346 return 0; 347 } 348 static void 349 null_zerokey(u_int8_t **sched) 350 { 351 *sched = NULL; 352 } 353 354 static void 355 des1_encrypt(void *key, u_int8_t *blk) 356 { 357 des_cblock *cb = (des_cblock *) blk; 358 des_key_schedule *p = (des_key_schedule *) key; 359 360 des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT); 361 } 362 363 static void 364 des1_decrypt(void *key, u_int8_t *blk) 365 { 366 des_cblock *cb = (des_cblock *) blk; 367 des_key_schedule *p = (des_key_schedule *) key; 368 369 des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT); 370 } 371 372 static int 373 des1_setkey(u_int8_t **sched, const u_int8_t *key, int len) 374 { 375 des_key_schedule *p; 376 int err; 377 378 p = malloc(sizeof (des_key_schedule), 379 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 380 if (p != NULL) { 381 des_set_key((des_cblock *)__UNCONST(key), p[0]); 382 err = 0; 383 } else 384 err = ENOMEM; 385 *sched = (u_int8_t *) p; 386 return err; 387 } 388 389 static void 390 des1_zerokey(u_int8_t **sched) 391 { 392 memset(*sched, 0, sizeof (des_key_schedule)); 393 free(*sched, M_CRYPTO_DATA); 394 *sched = NULL; 395 } 396 397 static void 398 des3_encrypt(void *key, u_int8_t *blk) 399 { 400 des_cblock *cb = (des_cblock *) blk; 401 des_key_schedule *p = (des_key_schedule *) key; 402 403 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT); 404 } 405 406 static void 407 des3_decrypt(void *key, u_int8_t *blk) 408 { 409 des_cblock *cb = (des_cblock *) blk; 410 des_key_schedule *p = (des_key_schedule *) key; 411 412 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT); 413 } 414 415 static int 416 des3_setkey(u_int8_t **sched, const u_int8_t *key, int len) 417 { 418 des_key_schedule *p; 419 int err; 420 421 p = malloc(3*sizeof (des_key_schedule), 422 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 423 if (p != NULL) { 424 des_set_key((des_cblock *)__UNCONST(key + 0), p[0]); 425 des_set_key((des_cblock *)__UNCONST(key + 8), p[1]); 426 des_set_key((des_cblock *)__UNCONST(key + 16), p[2]); 427 err = 0; 428 } else 429 err = ENOMEM; 430 *sched = (u_int8_t *) p; 431 return err; 432 } 433 434 static void 435 des3_zerokey(u_int8_t **sched) 436 { 437 memset(*sched, 0, 3*sizeof (des_key_schedule)); 438 free(*sched, M_CRYPTO_DATA); 439 *sched = NULL; 440 } 441 442 static void 443 blf_encrypt(void *key, u_int8_t *blk) 444 { 445 446 BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 1); 447 } 448 449 static void 450 blf_decrypt(void *key, u_int8_t *blk) 451 { 452 453 BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 0); 454 } 455 456 static int 457 blf_setkey(u_int8_t **sched, const u_int8_t *key, int len) 458 { 459 int err; 460 461 *sched = malloc(sizeof(BF_KEY), 462 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 463 if (*sched != NULL) { 464 BF_set_key((BF_KEY *) *sched, len, key); 465 err = 0; 466 } else 467 err = ENOMEM; 468 return err; 469 } 470 471 static void 472 blf_zerokey(u_int8_t **sched) 473 { 474 memset(*sched, 0, sizeof(BF_KEY)); 475 free(*sched, M_CRYPTO_DATA); 476 *sched = NULL; 477 } 478 479 static void 480 cast5_encrypt(void *key, u_int8_t *blk) 481 { 482 cast128_encrypt((cast128_key *) key, blk, blk); 483 } 484 485 static void 486 cast5_decrypt(void *key, u_int8_t *blk) 487 { 488 cast128_decrypt((cast128_key *) key, blk, blk); 489 } 490 491 static int 492 cast5_setkey(u_int8_t **sched, const u_int8_t *key, int len) 493 { 494 int err; 495 496 *sched = malloc(sizeof(cast128_key), M_CRYPTO_DATA, 497 M_NOWAIT|M_ZERO); 498 if (*sched != NULL) { 499 cast128_setkey((cast128_key *)*sched, key, len); 500 err = 0; 501 } else 502 err = ENOMEM; 503 return err; 504 } 505 506 static void 507 cast5_zerokey(u_int8_t **sched) 508 { 509 memset(*sched, 0, sizeof(cast128_key)); 510 free(*sched, M_CRYPTO_DATA); 511 *sched = NULL; 512 } 513 514 static void 515 skipjack_encrypt(void *key, u_int8_t *blk) 516 { 517 skipjack_forwards(blk, blk, (u_int8_t **) key); 518 } 519 520 static void 521 skipjack_decrypt(void *key, u_int8_t *blk) 522 { 523 skipjack_backwards(blk, blk, (u_int8_t **) key); 524 } 525 526 static int 527 skipjack_setkey(u_int8_t **sched, const u_int8_t *key, int len) 528 { 529 int err; 530 531 /* NB: allocate all the memory that's needed at once */ 532 /* XXX assumes bytes are aligned on sizeof(u_char) == 1 boundaries. 533 * Will this break a pdp-10, Cray-1, or GE-645 port? 534 */ 535 *sched = malloc(10 * (sizeof(u_int8_t *) + 0x100), 536 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 537 538 if (*sched != NULL) { 539 540 u_int8_t** key_tables = (u_int8_t**) *sched; 541 u_int8_t* table = (u_int8_t*) &key_tables[10]; 542 int k; 543 544 for (k = 0; k < 10; k++) { 545 key_tables[k] = table; 546 table += 0x100; 547 } 548 subkey_table_gen(key, (u_int8_t **) *sched); 549 err = 0; 550 } else 551 err = ENOMEM; 552 return err; 553 } 554 555 static void 556 skipjack_zerokey(u_int8_t **sched) 557 { 558 memset(*sched, 0, 10 * (sizeof(u_int8_t *) + 0x100)); 559 free(*sched, M_CRYPTO_DATA); 560 *sched = NULL; 561 } 562 563 static void 564 rijndael128_encrypt(void *key, u_int8_t *blk) 565 { 566 rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk); 567 } 568 569 static void 570 rijndael128_decrypt(void *key, u_int8_t *blk) 571 { 572 rijndael_decrypt((rijndael_ctx *) key, (u_char *) blk, 573 (u_char *) blk); 574 } 575 576 static int 577 rijndael128_setkey(u_int8_t **sched, const u_int8_t *key, int len) 578 { 579 int err; 580 581 if (len != 16 && len != 24 && len != 32) 582 return EINVAL; 583 *sched = malloc(sizeof(rijndael_ctx), M_CRYPTO_DATA, 584 M_NOWAIT|M_ZERO); 585 if (*sched != NULL) { 586 rijndael_set_key((rijndael_ctx *) *sched, key, len * 8); 587 err = 0; 588 } else 589 err = ENOMEM; 590 return err; 591 } 592 593 static void 594 rijndael128_zerokey(u_int8_t **sched) 595 { 596 memset(*sched, 0, sizeof(rijndael_ctx)); 597 free(*sched, M_CRYPTO_DATA); 598 *sched = NULL; 599 } 600 601 static void 602 cml_encrypt(void *key, u_int8_t *blk) 603 { 604 605 camellia_encrypt(key, blk, blk); 606 } 607 608 static void 609 cml_decrypt(void *key, u_int8_t *blk) 610 { 611 612 camellia_decrypt(key, blk, blk); 613 } 614 615 static int 616 cml_setkey(u_int8_t **sched, const u_int8_t *key, int len) 617 { 618 int err; 619 620 if (len != 16 && len != 24 && len != 32) 621 return (EINVAL); 622 *sched = malloc(sizeof(camellia_ctx), M_CRYPTO_DATA, 623 M_NOWAIT|M_ZERO); 624 if (*sched != NULL) { 625 camellia_set_key((camellia_ctx *) *sched, key, len * 8); 626 err = 0; 627 } else 628 err = ENOMEM; 629 return err; 630 } 631 632 static void 633 cml_zerokey(u_int8_t **sched) 634 { 635 636 memset(*sched, 0, sizeof(camellia_ctx)); 637 free(*sched, M_CRYPTO_DATA); 638 *sched = NULL; 639 } 640 641 #define AESCTR_NONCESIZE 4 642 #define AESCTR_IVSIZE 8 643 #define AESCTR_BLOCKSIZE 16 644 645 struct aes_ctr_ctx { 646 /* need only encryption half */ 647 u_int32_t ac_ek[4*(RIJNDAEL_MAXNR + 1)]; 648 u_int8_t ac_block[AESCTR_BLOCKSIZE]; 649 int ac_nr; 650 }; 651 652 static void 653 aes_ctr_crypt(void *key, u_int8_t *blk) 654 { 655 struct aes_ctr_ctx *ctx; 656 u_int8_t keystream[AESCTR_BLOCKSIZE]; 657 int i; 658 659 ctx = key; 660 /* increment counter */ 661 for (i = AESCTR_BLOCKSIZE - 1; 662 i >= AESCTR_NONCESIZE + AESCTR_IVSIZE; i--) 663 if (++ctx->ac_block[i]) /* continue on overflow */ 664 break; 665 rijndaelEncrypt(ctx->ac_ek, ctx->ac_nr, ctx->ac_block, keystream); 666 for (i = 0; i < AESCTR_BLOCKSIZE; i++) 667 blk[i] ^= keystream[i]; 668 memset(keystream, 0, sizeof(keystream)); 669 } 670 671 int 672 aes_ctr_setkey(u_int8_t **sched, const u_int8_t *key, int len) 673 { 674 struct aes_ctr_ctx *ctx; 675 676 if (len < AESCTR_NONCESIZE) 677 return EINVAL; 678 679 ctx = malloc(sizeof(struct aes_ctr_ctx), M_CRYPTO_DATA, 680 M_NOWAIT|M_ZERO); 681 if (!ctx) 682 return ENOMEM; 683 ctx->ac_nr = rijndaelKeySetupEnc(ctx->ac_ek, (const u_char *)key, 684 (len - AESCTR_NONCESIZE) * 8); 685 if (!ctx->ac_nr) { /* wrong key len */ 686 aes_ctr_zerokey((u_int8_t **)&ctx); 687 return EINVAL; 688 } 689 memcpy(ctx->ac_block, key + len - AESCTR_NONCESIZE, AESCTR_NONCESIZE); 690 *sched = (void *)ctx; 691 return 0; 692 } 693 694 void 695 aes_ctr_zerokey(u_int8_t **sched) 696 { 697 698 memset(*sched, 0, sizeof(struct aes_ctr_ctx)); 699 free(*sched, M_CRYPTO_DATA); 700 *sched = NULL; 701 } 702 703 void 704 aes_ctr_reinit(void *key, const u_int8_t *iv) 705 { 706 struct aes_ctr_ctx *ctx = key; 707 708 memcpy(ctx->ac_block + AESCTR_NONCESIZE, iv, AESCTR_IVSIZE); 709 /* reset counter */ 710 memset(ctx->ac_block + AESCTR_NONCESIZE + AESCTR_IVSIZE, 0, 4); 711 } 712 713 /* 714 * And now for auth. 715 */ 716 717 static void 718 null_init(void *ctx) 719 { 720 } 721 722 static int 723 null_update(void *ctx, const u_int8_t *buf, 724 u_int16_t len) 725 { 726 return 0; 727 } 728 729 static void 730 null_final(u_int8_t *buf, void *ctx) 731 { 732 if (buf != (u_int8_t *) 0) 733 memset(buf, 0, 12); 734 } 735 736 static int 737 RMD160Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 738 { 739 RMD160Update(ctx, buf, len); 740 return 0; 741 } 742 743 static int 744 MD5Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 745 { 746 MD5Update(ctx, buf, len); 747 return 0; 748 } 749 750 static void 751 SHA1Init_int(void *ctx) 752 { 753 SHA1Init(ctx); 754 } 755 756 static int 757 SHA1Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 758 { 759 SHA1Update(ctx, buf, len); 760 return 0; 761 } 762 763 static void 764 SHA1Final_int(u_int8_t *blk, void *ctx) 765 { 766 SHA1Final(blk, ctx); 767 } 768 769 static int 770 SHA256Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 771 { 772 SHA256_Update(ctx, buf, len); 773 return 0; 774 } 775 776 static int 777 SHA384Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 778 { 779 SHA384_Update(ctx, buf, len); 780 return 0; 781 } 782 783 static int 784 SHA512Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 785 { 786 SHA512_Update(ctx, buf, len); 787 return 0; 788 } 789 790 /* 791 * And compression 792 */ 793 794 static u_int32_t 795 deflate_compress(u_int8_t *data, u_int32_t size, u_int8_t **out) 796 { 797 return deflate_global(data, size, 0, out, 0); 798 } 799 800 static u_int32_t 801 deflate_decompress(u_int8_t *data, u_int32_t size, u_int8_t **out, 802 int size_hint) 803 { 804 return deflate_global(data, size, 1, out, size_hint); 805 } 806 807 static u_int32_t 808 gzip_compress(u_int8_t *data, u_int32_t size, u_int8_t **out) 809 { 810 return gzip_global(data, size, 0, out, 0); 811 } 812 813 static u_int32_t 814 gzip_decompress(u_int8_t *data, u_int32_t size, u_int8_t **out, 815 int size_hint) 816 { 817 return gzip_global(data, size, 1, out, size_hint); 818 } 819
Indexes created Thu Sep 25 16:09:42 GMT 2025