cryptosoft_xform.c revision 1.22
1 /* $NetBSD: cryptosoft_xform.c,v 1.22 2011/05/24 19:10:11 drochner Exp $ */ 2 /* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */ 3 /* $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */ 4 5 /* 6 * The authors of this code are John Ioannidis (ji (at) tla.org), 7 * Angelos D. Keromytis (kermit (at) csd.uch.gr) and 8 * Niels Provos (provos (at) physnet.uni-hamburg.de). 9 * 10 * This code was written by John Ioannidis for BSD/OS in Athens, Greece, 11 * in November 1995. 12 * 13 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 14 * by Angelos D. Keromytis. 15 * 16 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis 17 * and Niels Provos. 18 * 19 * Additional features in 1999 by Angelos D. Keromytis. 20 * 21 * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, 22 * Angelos D. Keromytis and Niels Provos. 23 * 24 * Copyright (C) 2001, Angelos D. Keromytis. 25 * 26 * Permission to use, copy, and modify this software with or without fee 27 * is hereby granted, provided that this entire notice is included in 28 * all copies of any software which is or includes a copy or 29 * modification of this software. 30 * You may use this code under the GNU public license if you so wish. Please 31 * contribute changes back to the authors under this freer than GPL license 32 * so that we may further the use of strong encryption without limitations to 33 * all. 34 * 35 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 36 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 37 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 38 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 39 * PURPOSE. 40 */ 41 42 #include <sys/cdefs.h> 43 __KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.22 2011/05/24 19:10:11 drochner Exp $"); 44 45 #include <crypto/blowfish/blowfish.h> 46 #include <crypto/cast128/cast128.h> 47 #include <crypto/des/des.h> 48 #include <crypto/rijndael/rijndael.h> 49 #include <crypto/skipjack/skipjack.h> 50 #include <crypto/camellia/camellia.h> 51 52 #include <opencrypto/deflate.h> 53 54 #include <sys/md5.h> 55 #include <sys/rmd160.h> 56 #include <sys/sha1.h> 57 #include <sys/sha2.h> 58 #include <opencrypto/aesxcbcmac.h> 59 60 struct swcr_auth_hash { 61 const struct auth_hash *auth_hash; 62 int ctxsize; 63 void (*Init)(void *); 64 void (*Setkey)(void *, const uint8_t *, uint16_t); 65 int (*Update)(void *, const uint8_t *, uint16_t); 66 void (*Final)(uint8_t *, void *); 67 }; 68 69 struct swcr_enc_xform { 70 const struct enc_xform *enc_xform; 71 void (*encrypt)(void *, uint8_t *); 72 void (*decrypt)(void *, uint8_t *); 73 int (*setkey)(uint8_t **, const uint8_t *, int); 74 void (*zerokey)(uint8_t **); 75 void (*reinit)(void *, const uint8_t *, uint8_t *); 76 }; 77 78 struct swcr_comp_algo { 79 const struct comp_algo *unused_comp_algo; 80 uint32_t (*compress)(uint8_t *, uint32_t, uint8_t **); 81 uint32_t (*decompress)(uint8_t *, uint32_t, uint8_t **, int); 82 }; 83 84 static void null_encrypt(void *, u_int8_t *); 85 static void null_decrypt(void *, u_int8_t *); 86 static int null_setkey(u_int8_t **, const u_int8_t *, int); 87 static void null_zerokey(u_int8_t **); 88 89 static int des1_setkey(u_int8_t **, const u_int8_t *, int); 90 static int des3_setkey(u_int8_t **, const u_int8_t *, int); 91 static int blf_setkey(u_int8_t **, const u_int8_t *, int); 92 static int cast5_setkey(u_int8_t **, const u_int8_t *, int); 93 static int skipjack_setkey(u_int8_t **, const u_int8_t *, int); 94 static int rijndael128_setkey(u_int8_t **, const u_int8_t *, int); 95 static int cml_setkey(u_int8_t **, const u_int8_t *, int); 96 static int aes_ctr_setkey(u_int8_t **, const u_int8_t *, int); 97 static void des1_encrypt(void *, u_int8_t *); 98 static void des3_encrypt(void *, u_int8_t *); 99 static void blf_encrypt(void *, u_int8_t *); 100 static void cast5_encrypt(void *, u_int8_t *); 101 static void skipjack_encrypt(void *, u_int8_t *); 102 static void rijndael128_encrypt(void *, u_int8_t *); 103 static void cml_encrypt(void *, u_int8_t *); 104 static void des1_decrypt(void *, u_int8_t *); 105 static void des3_decrypt(void *, u_int8_t *); 106 static void blf_decrypt(void *, u_int8_t *); 107 static void cast5_decrypt(void *, u_int8_t *); 108 static void skipjack_decrypt(void *, u_int8_t *); 109 static void rijndael128_decrypt(void *, u_int8_t *); 110 static void cml_decrypt(void *, u_int8_t *); 111 static void aes_ctr_crypt(void *, u_int8_t *); 112 static void des1_zerokey(u_int8_t **); 113 static void des3_zerokey(u_int8_t **); 114 static void blf_zerokey(u_int8_t **); 115 static void cast5_zerokey(u_int8_t **); 116 static void skipjack_zerokey(u_int8_t **); 117 static void rijndael128_zerokey(u_int8_t **); 118 static void cml_zerokey(u_int8_t **); 119 static void aes_ctr_zerokey(u_int8_t **); 120 static void aes_ctr_reinit(void *, const u_int8_t *, u_int8_t *); 121 122 static void null_init(void *); 123 static int null_update(void *, const u_int8_t *, u_int16_t); 124 static void null_final(u_int8_t *, void *); 125 126 static int MD5Update_int(void *, const u_int8_t *, u_int16_t); 127 static void SHA1Init_int(void *); 128 static int SHA1Update_int(void *, const u_int8_t *, u_int16_t); 129 static void SHA1Final_int(u_int8_t *, void *); 130 131 132 static int RMD160Update_int(void *, const u_int8_t *, u_int16_t); 133 static int SHA1Update_int(void *, const u_int8_t *, u_int16_t); 134 static void SHA1Final_int(u_int8_t *, void *); 135 static int RMD160Update_int(void *, const u_int8_t *, u_int16_t); 136 static int SHA256Update_int(void *, const u_int8_t *, u_int16_t); 137 static int SHA384Update_int(void *, const u_int8_t *, u_int16_t); 138 static int SHA512Update_int(void *, const u_int8_t *, u_int16_t); 139 140 static u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **); 141 static u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **, int); 142 static u_int32_t gzip_compress(u_int8_t *, u_int32_t, u_int8_t **); 143 static u_int32_t gzip_decompress(u_int8_t *, u_int32_t, u_int8_t **, int); 144 145 /* Encryption instances */ 146 static const struct swcr_enc_xform swcr_enc_xform_null = { 147 &enc_xform_null, 148 null_encrypt, 149 null_decrypt, 150 null_setkey, 151 null_zerokey, 152 NULL 153 }; 154 155 static const struct swcr_enc_xform swcr_enc_xform_des = { 156 &enc_xform_des, 157 des1_encrypt, 158 des1_decrypt, 159 des1_setkey, 160 des1_zerokey, 161 NULL 162 }; 163 164 static const struct swcr_enc_xform swcr_enc_xform_3des = { 165 &enc_xform_3des, 166 des3_encrypt, 167 des3_decrypt, 168 des3_setkey, 169 des3_zerokey, 170 NULL 171 }; 172 173 static const struct swcr_enc_xform swcr_enc_xform_blf = { 174 &enc_xform_blf, 175 blf_encrypt, 176 blf_decrypt, 177 blf_setkey, 178 blf_zerokey, 179 NULL 180 }; 181 182 static const struct swcr_enc_xform swcr_enc_xform_cast5 = { 183 &enc_xform_cast5, 184 cast5_encrypt, 185 cast5_decrypt, 186 cast5_setkey, 187 cast5_zerokey, 188 NULL 189 }; 190 191 static const struct swcr_enc_xform swcr_enc_xform_skipjack = { 192 &enc_xform_skipjack, 193 skipjack_encrypt, 194 skipjack_decrypt, 195 skipjack_setkey, 196 skipjack_zerokey, 197 NULL 198 }; 199 200 static const struct swcr_enc_xform swcr_enc_xform_rijndael128 = { 201 &enc_xform_rijndael128, 202 rijndael128_encrypt, 203 rijndael128_decrypt, 204 rijndael128_setkey, 205 rijndael128_zerokey, 206 NULL 207 }; 208 209 static const struct swcr_enc_xform swcr_enc_xform_aes_ctr = { 210 &enc_xform_aes_ctr, 211 aes_ctr_crypt, 212 aes_ctr_crypt, 213 aes_ctr_setkey, 214 aes_ctr_zerokey, 215 aes_ctr_reinit 216 }; 217 218 static const struct swcr_enc_xform swcr_enc_xform_camellia = { 219 &enc_xform_camellia, 220 cml_encrypt, 221 cml_decrypt, 222 cml_setkey, 223 cml_zerokey, 224 NULL 225 }; 226 227 /* Authentication instances */ 228 static const struct swcr_auth_hash swcr_auth_hash_null = { 229 &auth_hash_null, sizeof(int), /* NB: context isn't used */ 230 null_init, NULL, null_update, null_final 231 }; 232 233 static const struct swcr_auth_hash swcr_auth_hash_hmac_md5 = { 234 &auth_hash_hmac_md5, sizeof(MD5_CTX), 235 (void (*) (void *)) MD5Init, NULL, MD5Update_int, 236 (void (*) (u_int8_t *, void *)) MD5Final 237 }; 238 239 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1 = { 240 &auth_hash_hmac_sha1, sizeof(SHA1_CTX), 241 SHA1Init_int, NULL, SHA1Update_int, SHA1Final_int 242 }; 243 244 static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160 = { 245 &auth_hash_hmac_ripemd_160, sizeof(RMD160_CTX), 246 (void (*)(void *)) RMD160Init, NULL, RMD160Update_int, 247 (void (*)(u_int8_t *, void *)) RMD160Final 248 }; 249 static const struct swcr_auth_hash swcr_auth_hash_hmac_md5_96 = { 250 &auth_hash_hmac_md5_96, sizeof(MD5_CTX), 251 (void (*) (void *)) MD5Init, NULL, MD5Update_int, 252 (void (*) (u_int8_t *, void *)) MD5Final 253 }; 254 255 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1_96 = { 256 &auth_hash_hmac_sha1_96, sizeof(SHA1_CTX), 257 SHA1Init_int, NULL, SHA1Update_int, SHA1Final_int 258 }; 259 260 static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160_96 = { 261 &auth_hash_hmac_ripemd_160_96, sizeof(RMD160_CTX), 262 (void (*)(void *)) RMD160Init, NULL, RMD160Update_int, 263 (void (*)(u_int8_t *, void *)) RMD160Final 264 }; 265 266 static const struct swcr_auth_hash swcr_auth_hash_key_md5 = { 267 &auth_hash_key_md5, sizeof(MD5_CTX), 268 (void (*)(void *)) MD5Init, NULL, MD5Update_int, 269 (void (*)(u_int8_t *, void *)) MD5Final 270 }; 271 272 static const struct swcr_auth_hash swcr_auth_hash_key_sha1 = { 273 &auth_hash_key_sha1, sizeof(SHA1_CTX), 274 SHA1Init_int, NULL, SHA1Update_int, SHA1Final_int 275 }; 276 277 static const struct swcr_auth_hash swcr_auth_hash_md5 = { 278 &auth_hash_md5, sizeof(MD5_CTX), 279 (void (*) (void *)) MD5Init, NULL, MD5Update_int, 280 (void (*) (u_int8_t *, void *)) MD5Final 281 }; 282 283 static const struct swcr_auth_hash swcr_auth_hash_sha1 = { 284 &auth_hash_sha1, sizeof(SHA1_CTX), 285 (void (*)(void *)) SHA1Init, NULL, SHA1Update_int, 286 (void (*)(u_int8_t *, void *)) SHA1Final 287 }; 288 289 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_256 = { 290 &auth_hash_hmac_sha2_256, sizeof(SHA256_CTX), 291 (void (*)(void *)) SHA256_Init, NULL, SHA256Update_int, 292 (void (*)(u_int8_t *, void *)) SHA256_Final 293 }; 294 295 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_384 = { 296 &auth_hash_hmac_sha2_384, sizeof(SHA384_CTX), 297 (void (*)(void *)) SHA384_Init, NULL, SHA384Update_int, 298 (void (*)(u_int8_t *, void *)) SHA384_Final 299 }; 300 301 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_512 = { 302 &auth_hash_hmac_sha2_512, sizeof(SHA512_CTX), 303 (void (*)(void *)) SHA512_Init, NULL, SHA512Update_int, 304 (void (*)(u_int8_t *, void *)) SHA512_Final 305 }; 306 307 static const struct swcr_auth_hash swcr_auth_hash_aes_xcbc_mac = { 308 &auth_hash_aes_xcbc_mac_96, sizeof(aesxcbc_ctx), 309 null_init, 310 (void (*)(void *, const u_int8_t *, u_int16_t))aes_xcbc_mac_init, 311 aes_xcbc_mac_loop, aes_xcbc_mac_result 312 }; 313 314 /* Compression instance */ 315 static const struct swcr_comp_algo swcr_comp_algo_deflate = { 316 &comp_algo_deflate, 317 deflate_compress, 318 deflate_decompress 319 }; 320 321 static const struct swcr_comp_algo swcr_comp_algo_deflate_nogrow = { 322 &comp_algo_deflate_nogrow, 323 deflate_compress, 324 deflate_decompress 325 }; 326 327 static const struct swcr_comp_algo swcr_comp_algo_gzip = { 328 &comp_algo_deflate, 329 gzip_compress, 330 gzip_decompress 331 }; 332 333 /* 334 * Encryption wrapper routines. 335 */ 336 static void 337 null_encrypt(void *key, u_int8_t *blk) 338 { 339 } 340 static void 341 null_decrypt(void *key, u_int8_t *blk) 342 { 343 } 344 static int 345 null_setkey(u_int8_t **sched, const u_int8_t *key, int len) 346 { 347 *sched = NULL; 348 return 0; 349 } 350 static void 351 null_zerokey(u_int8_t **sched) 352 { 353 *sched = NULL; 354 } 355 356 static void 357 des1_encrypt(void *key, u_int8_t *blk) 358 { 359 des_cblock *cb = (des_cblock *) blk; 360 des_key_schedule *p = (des_key_schedule *) key; 361 362 des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT); 363 } 364 365 static void 366 des1_decrypt(void *key, u_int8_t *blk) 367 { 368 des_cblock *cb = (des_cblock *) blk; 369 des_key_schedule *p = (des_key_schedule *) key; 370 371 des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT); 372 } 373 374 static int 375 des1_setkey(u_int8_t **sched, const u_int8_t *key, int len) 376 { 377 des_key_schedule *p; 378 int err; 379 380 p = malloc(sizeof (des_key_schedule), 381 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 382 if (p != NULL) { 383 des_set_key((des_cblock *)__UNCONST(key), p[0]); 384 err = 0; 385 } else 386 err = ENOMEM; 387 *sched = (u_int8_t *) p; 388 return err; 389 } 390 391 static void 392 des1_zerokey(u_int8_t **sched) 393 { 394 memset(*sched, 0, sizeof (des_key_schedule)); 395 free(*sched, M_CRYPTO_DATA); 396 *sched = NULL; 397 } 398 399 static void 400 des3_encrypt(void *key, u_int8_t *blk) 401 { 402 des_cblock *cb = (des_cblock *) blk; 403 des_key_schedule *p = (des_key_schedule *) key; 404 405 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT); 406 } 407 408 static void 409 des3_decrypt(void *key, u_int8_t *blk) 410 { 411 des_cblock *cb = (des_cblock *) blk; 412 des_key_schedule *p = (des_key_schedule *) key; 413 414 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT); 415 } 416 417 static int 418 des3_setkey(u_int8_t **sched, const u_int8_t *key, int len) 419 { 420 des_key_schedule *p; 421 int err; 422 423 p = malloc(3*sizeof (des_key_schedule), 424 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 425 if (p != NULL) { 426 des_set_key((des_cblock *)__UNCONST(key + 0), p[0]); 427 des_set_key((des_cblock *)__UNCONST(key + 8), p[1]); 428 des_set_key((des_cblock *)__UNCONST(key + 16), p[2]); 429 err = 0; 430 } else 431 err = ENOMEM; 432 *sched = (u_int8_t *) p; 433 return err; 434 } 435 436 static void 437 des3_zerokey(u_int8_t **sched) 438 { 439 memset(*sched, 0, 3*sizeof (des_key_schedule)); 440 free(*sched, M_CRYPTO_DATA); 441 *sched = NULL; 442 } 443 444 static void 445 blf_encrypt(void *key, u_int8_t *blk) 446 { 447 448 BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 1); 449 } 450 451 static void 452 blf_decrypt(void *key, u_int8_t *blk) 453 { 454 455 BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 0); 456 } 457 458 static int 459 blf_setkey(u_int8_t **sched, const u_int8_t *key, int len) 460 { 461 int err; 462 463 *sched = malloc(sizeof(BF_KEY), 464 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 465 if (*sched != NULL) { 466 BF_set_key((BF_KEY *) *sched, len, key); 467 err = 0; 468 } else 469 err = ENOMEM; 470 return err; 471 } 472 473 static void 474 blf_zerokey(u_int8_t **sched) 475 { 476 memset(*sched, 0, sizeof(BF_KEY)); 477 free(*sched, M_CRYPTO_DATA); 478 *sched = NULL; 479 } 480 481 static void 482 cast5_encrypt(void *key, u_int8_t *blk) 483 { 484 cast128_encrypt((cast128_key *) key, blk, blk); 485 } 486 487 static void 488 cast5_decrypt(void *key, u_int8_t *blk) 489 { 490 cast128_decrypt((cast128_key *) key, blk, blk); 491 } 492 493 static int 494 cast5_setkey(u_int8_t **sched, const u_int8_t *key, int len) 495 { 496 int err; 497 498 *sched = malloc(sizeof(cast128_key), M_CRYPTO_DATA, 499 M_NOWAIT|M_ZERO); 500 if (*sched != NULL) { 501 cast128_setkey((cast128_key *)*sched, key, len); 502 err = 0; 503 } else 504 err = ENOMEM; 505 return err; 506 } 507 508 static void 509 cast5_zerokey(u_int8_t **sched) 510 { 511 memset(*sched, 0, sizeof(cast128_key)); 512 free(*sched, M_CRYPTO_DATA); 513 *sched = NULL; 514 } 515 516 static void 517 skipjack_encrypt(void *key, u_int8_t *blk) 518 { 519 skipjack_forwards(blk, blk, (u_int8_t **) key); 520 } 521 522 static void 523 skipjack_decrypt(void *key, u_int8_t *blk) 524 { 525 skipjack_backwards(blk, blk, (u_int8_t **) key); 526 } 527 528 static int 529 skipjack_setkey(u_int8_t **sched, const u_int8_t *key, int len) 530 { 531 int err; 532 533 /* NB: allocate all the memory that's needed at once */ 534 /* XXX assumes bytes are aligned on sizeof(u_char) == 1 boundaries. 535 * Will this break a pdp-10, Cray-1, or GE-645 port? 536 */ 537 *sched = malloc(10 * (sizeof(u_int8_t *) + 0x100), 538 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 539 540 if (*sched != NULL) { 541 542 u_int8_t** key_tables = (u_int8_t**) *sched; 543 u_int8_t* table = (u_int8_t*) &key_tables[10]; 544 int k; 545 546 for (k = 0; k < 10; k++) { 547 key_tables[k] = table; 548 table += 0x100; 549 } 550 subkey_table_gen(key, (u_int8_t **) *sched); 551 err = 0; 552 } else 553 err = ENOMEM; 554 return err; 555 } 556 557 static void 558 skipjack_zerokey(u_int8_t **sched) 559 { 560 memset(*sched, 0, 10 * (sizeof(u_int8_t *) + 0x100)); 561 free(*sched, M_CRYPTO_DATA); 562 *sched = NULL; 563 } 564 565 static void 566 rijndael128_encrypt(void *key, u_int8_t *blk) 567 { 568 rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk); 569 } 570 571 static void 572 rijndael128_decrypt(void *key, u_int8_t *blk) 573 { 574 rijndael_decrypt((rijndael_ctx *) key, (u_char *) blk, 575 (u_char *) blk); 576 } 577 578 static int 579 rijndael128_setkey(u_int8_t **sched, const u_int8_t *key, int len) 580 { 581 int err; 582 583 if (len != 16 && len != 24 && len != 32) 584 return EINVAL; 585 *sched = malloc(sizeof(rijndael_ctx), M_CRYPTO_DATA, 586 M_NOWAIT|M_ZERO); 587 if (*sched != NULL) { 588 rijndael_set_key((rijndael_ctx *) *sched, key, len * 8); 589 err = 0; 590 } else 591 err = ENOMEM; 592 return err; 593 } 594 595 static void 596 rijndael128_zerokey(u_int8_t **sched) 597 { 598 memset(*sched, 0, sizeof(rijndael_ctx)); 599 free(*sched, M_CRYPTO_DATA); 600 *sched = NULL; 601 } 602 603 static void 604 cml_encrypt(void *key, u_int8_t *blk) 605 { 606 607 camellia_encrypt(key, blk, blk); 608 } 609 610 static void 611 cml_decrypt(void *key, u_int8_t *blk) 612 { 613 614 camellia_decrypt(key, blk, blk); 615 } 616 617 static int 618 cml_setkey(u_int8_t **sched, const u_int8_t *key, int len) 619 { 620 int err; 621 622 if (len != 16 && len != 24 && len != 32) 623 return (EINVAL); 624 *sched = malloc(sizeof(camellia_ctx), M_CRYPTO_DATA, 625 M_NOWAIT|M_ZERO); 626 if (*sched != NULL) { 627 camellia_set_key((camellia_ctx *) *sched, key, len * 8); 628 err = 0; 629 } else 630 err = ENOMEM; 631 return err; 632 } 633 634 static void 635 cml_zerokey(u_int8_t **sched) 636 { 637 638 memset(*sched, 0, sizeof(camellia_ctx)); 639 free(*sched, M_CRYPTO_DATA); 640 *sched = NULL; 641 } 642 643 #define AESCTR_NONCESIZE 4 644 #define AESCTR_IVSIZE 8 645 #define AESCTR_BLOCKSIZE 16 646 647 struct aes_ctr_ctx { 648 /* need only encryption half */ 649 u_int32_t ac_ek[4*(RIJNDAEL_MAXNR + 1)]; 650 u_int8_t ac_block[AESCTR_BLOCKSIZE]; 651 int ac_nr; 652 struct { 653 u_int64_t lastiv; 654 } ivgenctx; 655 }; 656 657 static void 658 aes_ctr_crypt(void *key, u_int8_t *blk) 659 { 660 struct aes_ctr_ctx *ctx; 661 u_int8_t keystream[AESCTR_BLOCKSIZE]; 662 int i; 663 664 ctx = key; 665 /* increment counter */ 666 for (i = AESCTR_BLOCKSIZE - 1; 667 i >= AESCTR_NONCESIZE + AESCTR_IVSIZE; i--) 668 if (++ctx->ac_block[i]) /* continue on overflow */ 669 break; 670 rijndaelEncrypt(ctx->ac_ek, ctx->ac_nr, ctx->ac_block, keystream); 671 for (i = 0; i < AESCTR_BLOCKSIZE; i++) 672 blk[i] ^= keystream[i]; 673 memset(keystream, 0, sizeof(keystream)); 674 } 675 676 int 677 aes_ctr_setkey(u_int8_t **sched, const u_int8_t *key, int len) 678 { 679 struct aes_ctr_ctx *ctx; 680 681 if (len < AESCTR_NONCESIZE) 682 return EINVAL; 683 684 ctx = malloc(sizeof(struct aes_ctr_ctx), M_CRYPTO_DATA, 685 M_NOWAIT|M_ZERO); 686 if (!ctx) 687 return ENOMEM; 688 ctx->ac_nr = rijndaelKeySetupEnc(ctx->ac_ek, (const u_char *)key, 689 (len - AESCTR_NONCESIZE) * 8); 690 if (!ctx->ac_nr) { /* wrong key len */ 691 aes_ctr_zerokey((u_int8_t **)&ctx); 692 return EINVAL; 693 } 694 memcpy(ctx->ac_block, key + len - AESCTR_NONCESIZE, AESCTR_NONCESIZE); 695 /* random start value for simple counter */ 696 arc4randbytes(&ctx->ivgenctx.lastiv, sizeof(ctx->ivgenctx.lastiv)); 697 *sched = (void *)ctx; 698 return 0; 699 } 700 701 void 702 aes_ctr_zerokey(u_int8_t **sched) 703 { 704 705 memset(*sched, 0, sizeof(struct aes_ctr_ctx)); 706 free(*sched, M_CRYPTO_DATA); 707 *sched = NULL; 708 } 709 710 void 711 aes_ctr_reinit(void *key, const u_int8_t *iv, u_int8_t *ivout) 712 { 713 struct aes_ctr_ctx *ctx = key; 714 715 if (!iv) { 716 ctx->ivgenctx.lastiv++; 717 iv = (const u_int8_t *)&ctx->ivgenctx.lastiv; 718 } 719 if (ivout) 720 memcpy(ivout, iv, AESCTR_IVSIZE); 721 memcpy(ctx->ac_block + AESCTR_NONCESIZE, iv, AESCTR_IVSIZE); 722 /* reset counter */ 723 memset(ctx->ac_block + AESCTR_NONCESIZE + AESCTR_IVSIZE, 0, 4); 724 } 725 726 /* 727 * And now for auth. 728 */ 729 730 static void 731 null_init(void *ctx) 732 { 733 } 734 735 static int 736 null_update(void *ctx, const u_int8_t *buf, 737 u_int16_t len) 738 { 739 return 0; 740 } 741 742 static void 743 null_final(u_int8_t *buf, void *ctx) 744 { 745 if (buf != (u_int8_t *) 0) 746 memset(buf, 0, 12); 747 } 748 749 static int 750 RMD160Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 751 { 752 RMD160Update(ctx, buf, len); 753 return 0; 754 } 755 756 static int 757 MD5Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 758 { 759 MD5Update(ctx, buf, len); 760 return 0; 761 } 762 763 static void 764 SHA1Init_int(void *ctx) 765 { 766 SHA1Init(ctx); 767 } 768 769 static int 770 SHA1Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 771 { 772 SHA1Update(ctx, buf, len); 773 return 0; 774 } 775 776 static void 777 SHA1Final_int(u_int8_t *blk, void *ctx) 778 { 779 SHA1Final(blk, ctx); 780 } 781 782 static int 783 SHA256Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 784 { 785 SHA256_Update(ctx, buf, len); 786 return 0; 787 } 788 789 static int 790 SHA384Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 791 { 792 SHA384_Update(ctx, buf, len); 793 return 0; 794 } 795 796 static int 797 SHA512Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 798 { 799 SHA512_Update(ctx, buf, len); 800 return 0; 801 } 802 803 /* 804 * And compression 805 */ 806 807 static u_int32_t 808 deflate_compress(u_int8_t *data, u_int32_t size, u_int8_t **out) 809 { 810 return deflate_global(data, size, 0, out, 0); 811 } 812 813 static u_int32_t 814 deflate_decompress(u_int8_t *data, u_int32_t size, u_int8_t **out, 815 int size_hint) 816 { 817 return deflate_global(data, size, 1, out, size_hint); 818 } 819 820 static u_int32_t 821 gzip_compress(u_int8_t *data, u_int32_t size, u_int8_t **out) 822 { 823 return gzip_global(data, size, 0, out, 0); 824 } 825 826 static u_int32_t 827 gzip_decompress(u_int8_t *data, u_int32_t size, u_int8_t **out, 828 int size_hint) 829 { 830 return gzip_global(data, size, 1, out, size_hint); 831 } 832
Indexes created Thu Sep 25 16:09:42 GMT 2025