cryptosoft_xform.c revision 1.7
1 /* $NetBSD: cryptosoft_xform.c,v 1.7 2008/02/02 02:39:00 tls Exp $ */ 2 /* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */ 3 /* $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */ 4 5 /* 6 * The authors of this code are John Ioannidis (ji (at) tla.org), 7 * Angelos D. Keromytis (kermit (at) csd.uch.gr) and 8 * Niels Provos (provos (at) physnet.uni-hamburg.de). 9 * 10 * This code was written by John Ioannidis for BSD/OS in Athens, Greece, 11 * in November 1995. 12 * 13 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 14 * by Angelos D. Keromytis. 15 * 16 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis 17 * and Niels Provos. 18 * 19 * Additional features in 1999 by Angelos D. Keromytis. 20 * 21 * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, 22 * Angelos D. Keromytis and Niels Provos. 23 * 24 * Copyright (C) 2001, Angelos D. Keromytis. 25 * 26 * Permission to use, copy, and modify this software with or without fee 27 * is hereby granted, provided that this entire notice is included in 28 * all copies of any software which is or includes a copy or 29 * modification of this software. 30 * You may use this code under the GNU public license if you so wish. Please 31 * contribute changes back to the authors under this freer than GPL license 32 * so that we may further the use of strong encryption without limitations to 33 * all. 34 * 35 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 36 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 37 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 38 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 39 * PURPOSE. 40 */ 41 42 #include <sys/cdefs.h> 43 __KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.7 2008/02/02 02:39:00 tls Exp $"); 44 45 #include <crypto/blowfish/blowfish.h> 46 #include <crypto/cast128/cast128.h> 47 #include <crypto/des/des.h> 48 #include <crypto/rijndael/rijndael.h> 49 #include <crypto/skipjack/skipjack.h> 50 51 #include <opencrypto/deflate.h> 52 53 #include <sys/md5.h> 54 #include <sys/rmd160.h> 55 #include <sys/sha1.h> 56 57 struct swcr_auth_hash { 58 struct auth_hash *auth_hash; 59 void (*Init)(void *); 60 int (*Update)(void *, const uint8_t *, uint16_t); 61 void (*Final)(uint8_t *, void *); 62 }; 63 64 struct swcr_enc_xform { 65 struct enc_xform *enc_xform; 66 void (*encrypt)(void *, uint8_t *); 67 void (*decrypt)(void *, uint8_t *); 68 int (*setkey)(uint8_t **, const uint8_t *, int len); 69 void (*zerokey)(uint8_t **); 70 }; 71 72 struct swcr_comp_algo { 73 struct comp_algo *comp_algo; 74 uint32_t (*compress)(uint8_t *, uint32_t, uint8_t **); 75 uint32_t (*decompress)(uint8_t *, uint32_t, uint8_t **); 76 }; 77 78 static void null_encrypt(void *, u_int8_t *); 79 static void null_decrypt(void *, u_int8_t *); 80 static int null_setkey(u_int8_t **, const u_int8_t *, int); 81 static void null_zerokey(u_int8_t **); 82 83 static int des1_setkey(u_int8_t **, const u_int8_t *, int); 84 static int des3_setkey(u_int8_t **, const u_int8_t *, int); 85 static int blf_setkey(u_int8_t **, const u_int8_t *, int); 86 static int cast5_setkey(u_int8_t **, const u_int8_t *, int); 87 static int skipjack_setkey(u_int8_t **, const u_int8_t *, int); 88 static int rijndael128_setkey(u_int8_t **, const u_int8_t *, int); 89 static void des1_encrypt(void *, u_int8_t *); 90 static void des3_encrypt(void *, u_int8_t *); 91 static void blf_encrypt(void *, u_int8_t *); 92 static void cast5_encrypt(void *, u_int8_t *); 93 static void skipjack_encrypt(void *, u_int8_t *); 94 static void rijndael128_encrypt(void *, u_int8_t *); 95 static void des1_decrypt(void *, u_int8_t *); 96 static void des3_decrypt(void *, u_int8_t *); 97 static void blf_decrypt(void *, u_int8_t *); 98 static void cast5_decrypt(void *, u_int8_t *); 99 static void skipjack_decrypt(void *, u_int8_t *); 100 static void rijndael128_decrypt(void *, u_int8_t *); 101 static void des1_zerokey(u_int8_t **); 102 static void des3_zerokey(u_int8_t **); 103 static void blf_zerokey(u_int8_t **); 104 static void cast5_zerokey(u_int8_t **); 105 static void skipjack_zerokey(u_int8_t **); 106 static void rijndael128_zerokey(u_int8_t **); 107 108 static void null_init(void *); 109 static int null_update(void *, const u_int8_t *, u_int16_t); 110 static void null_final(u_int8_t *, void *); 111 112 static int MD5Update_int(void *, const u_int8_t *, u_int16_t); 113 static void SHA1Init_int(void *); 114 static int SHA1Update_int(void *, const u_int8_t *, u_int16_t); 115 static void SHA1Final_int(u_int8_t *, void *); 116 117 118 static int RMD160Update_int(void *, const u_int8_t *, u_int16_t); 119 static int SHA1Update_int(void *, const u_int8_t *, u_int16_t); 120 static void SHA1Final_int(u_int8_t *, void *); 121 static int RMD160Update_int(void *, const u_int8_t *, u_int16_t); 122 static int SHA256Update_int(void *, const u_int8_t *, u_int16_t); 123 static int SHA384Update_int(void *, const u_int8_t *, u_int16_t); 124 static int SHA512Update_int(void *, const u_int8_t *, u_int16_t); 125 126 static u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **); 127 static u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **); 128 129 /* Encryption instances */ 130 static const struct swcr_enc_xform swcr_enc_xform_null = { 131 &enc_xform_null, 132 null_encrypt, 133 null_decrypt, 134 null_setkey, 135 null_zerokey, 136 }; 137 138 static const struct swcr_enc_xform swcr_enc_xform_des = { 139 &enc_xform_des, 140 des1_encrypt, 141 des1_decrypt, 142 des1_setkey, 143 des1_zerokey, 144 }; 145 146 static const struct swcr_enc_xform swcr_enc_xform_3des = { 147 &enc_xform_3des, 148 des3_encrypt, 149 des3_decrypt, 150 des3_setkey, 151 des3_zerokey 152 }; 153 154 static const struct swcr_enc_xform swcr_enc_xform_blf = { 155 &enc_xform_blf, 156 blf_encrypt, 157 blf_decrypt, 158 blf_setkey, 159 blf_zerokey 160 }; 161 162 static const struct swcr_enc_xform swcr_enc_xform_cast5 = { 163 &enc_xform_cast5, 164 cast5_encrypt, 165 cast5_decrypt, 166 cast5_setkey, 167 cast5_zerokey 168 }; 169 170 static const struct swcr_enc_xform swcr_enc_xform_skipjack = { 171 &enc_xform_skipjack, 172 skipjack_encrypt, 173 skipjack_decrypt, 174 skipjack_setkey, 175 skipjack_zerokey 176 }; 177 178 static const struct swcr_enc_xform swcr_enc_xform_rijndael128 = { 179 &enc_xform_rijndael128, 180 rijndael128_encrypt, 181 rijndael128_decrypt, 182 rijndael128_setkey, 183 rijndael128_zerokey, 184 }; 185 186 static const struct swcr_enc_xform swcr_enc_xform_arc4 = { 187 &enc_xform_arc4, 188 NULL, 189 NULL, 190 NULL, 191 NULL, 192 }; 193 194 /* Authentication instances */ 195 static const struct swcr_auth_hash swcr_auth_hash_null = { 196 &auth_hash_null, 197 null_init, null_update, null_final 198 }; 199 200 static const struct swcr_auth_hash swcr_auth_hash_hmac_md5 = { 201 &auth_hash_hmac_md5, 202 (void (*) (void *)) MD5Init, MD5Update_int, 203 (void (*) (u_int8_t *, void *)) MD5Final 204 }; 205 206 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1 = { 207 &auth_hash_hmac_sha1, 208 SHA1Init_int, SHA1Update_int, SHA1Final_int 209 }; 210 211 static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160 = { 212 &auth_hash_hmac_ripemd_160, 213 (void (*)(void *)) RMD160Init, RMD160Update_int, 214 (void (*)(u_int8_t *, void *)) RMD160Final 215 }; 216 static const struct swcr_auth_hash swcr_auth_hash_hmac_md5_96 = { 217 &auth_hash_hmac_md5_96, 218 (void (*) (void *)) MD5Init, MD5Update_int, 219 (void (*) (u_int8_t *, void *)) MD5Final 220 }; 221 222 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1_96 = { 223 &auth_hash_hmac_sha1_96, 224 SHA1Init_int, SHA1Update_int, SHA1Final_int 225 }; 226 227 static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160_96 = { 228 &auth_hash_hmac_ripemd_160_96, 229 (void (*)(void *)) RMD160Init, RMD160Update_int, 230 (void (*)(u_int8_t *, void *)) RMD160Final 231 }; 232 233 static const struct swcr_auth_hash swcr_auth_hash_key_md5 = { 234 &auth_hash_key_md5, 235 (void (*)(void *)) MD5Init, MD5Update_int, 236 (void (*)(u_int8_t *, void *)) MD5Final 237 }; 238 239 static const struct swcr_auth_hash swcr_auth_hash_key_sha1 = { 240 &auth_hash_key_sha1, 241 SHA1Init_int, SHA1Update_int, SHA1Final_int 242 }; 243 244 static const struct swcr_auth_hash swcr_auth_hash_md5 = { 245 &auth_hash_md5, 246 (void (*) (void *)) MD5Init, MD5Update_int, 247 (void (*) (u_int8_t *, void *)) MD5Final 248 }; 249 250 static const struct swcr_auth_hash swcr_auth_hash_sha1 = { 251 &auth_hash_sha1, 252 (void (*)(void *)) SHA1Init, SHA1Update_int, 253 (void (*)(u_int8_t *, void *)) SHA1Final 254 }; 255 256 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_256 = { 257 &auth_hash_hmac_sha2_256, 258 (void (*)(void *)) SHA256_Init, SHA256Update_int, 259 (void (*)(u_int8_t *, void *)) SHA256_Final 260 }; 261 262 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_384 = { 263 &auth_hash_hmac_sha2_384, 264 (void (*)(void *)) SHA384_Init, SHA384Update_int, 265 (void (*)(u_int8_t *, void *)) SHA384_Final 266 }; 267 268 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_512 = { 269 &auth_hash_hmac_sha2_384, 270 (void (*)(void *)) SHA512_Init, SHA512Update_int, 271 (void (*)(u_int8_t *, void *)) SHA512_Final 272 }; 273 274 /* Compression instance */ 275 static const struct swcr_comp_algo swcr_comp_algo_deflate = { 276 &comp_algo_deflate, 277 deflate_compress, 278 deflate_decompress 279 }; 280 281 /* 282 * Encryption wrapper routines. 283 */ 284 static void 285 null_encrypt(void *key, u_int8_t *blk) 286 { 287 } 288 static void 289 null_decrypt(void *key, u_int8_t *blk) 290 { 291 } 292 static int 293 null_setkey(u_int8_t **sched, const u_int8_t *key, int len) 294 { 295 *sched = NULL; 296 return 0; 297 } 298 static void 299 null_zerokey(u_int8_t **sched) 300 { 301 *sched = NULL; 302 } 303 304 static void 305 des1_encrypt(void *key, u_int8_t *blk) 306 { 307 des_cblock *cb = (des_cblock *) blk; 308 des_key_schedule *p = (des_key_schedule *) key; 309 310 des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT); 311 } 312 313 static void 314 des1_decrypt(void *key, u_int8_t *blk) 315 { 316 des_cblock *cb = (des_cblock *) blk; 317 des_key_schedule *p = (des_key_schedule *) key; 318 319 des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT); 320 } 321 322 static int 323 des1_setkey(u_int8_t **sched, const u_int8_t *key, int len) 324 { 325 des_key_schedule *p; 326 int err; 327 328 MALLOC(p, des_key_schedule *, sizeof (des_key_schedule), 329 M_CRYPTO_DATA, M_NOWAIT); 330 if (p != NULL) { 331 bzero(p, sizeof(des_key_schedule)); 332 des_set_key((des_cblock *)__UNCONST(key), p[0]); 333 err = 0; 334 } else 335 err = ENOMEM; 336 *sched = (u_int8_t *) p; 337 return err; 338 } 339 340 static void 341 des1_zerokey(u_int8_t **sched) 342 { 343 bzero(*sched, sizeof (des_key_schedule)); 344 FREE(*sched, M_CRYPTO_DATA); 345 *sched = NULL; 346 } 347 348 static void 349 des3_encrypt(void *key, u_int8_t *blk) 350 { 351 des_cblock *cb = (des_cblock *) blk; 352 des_key_schedule *p = (des_key_schedule *) key; 353 354 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT); 355 } 356 357 static void 358 des3_decrypt(void *key, u_int8_t *blk) 359 { 360 des_cblock *cb = (des_cblock *) blk; 361 des_key_schedule *p = (des_key_schedule *) key; 362 363 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT); 364 } 365 366 static int 367 des3_setkey(u_int8_t **sched, const u_int8_t *key, int len) 368 { 369 des_key_schedule *p; 370 int err; 371 372 MALLOC(p, des_key_schedule *, 3*sizeof (des_key_schedule), 373 M_CRYPTO_DATA, M_NOWAIT); 374 if (p != NULL) { 375 bzero(p, 3*sizeof(des_key_schedule)); 376 des_set_key((des_cblock *)__UNCONST(key + 0), p[0]); 377 des_set_key((des_cblock *)__UNCONST(key + 8), p[1]); 378 des_set_key((des_cblock *)__UNCONST(key + 16), p[2]); 379 err = 0; 380 } else 381 err = ENOMEM; 382 *sched = (u_int8_t *) p; 383 return err; 384 } 385 386 static void 387 des3_zerokey(u_int8_t **sched) 388 { 389 bzero(*sched, 3*sizeof (des_key_schedule)); 390 FREE(*sched, M_CRYPTO_DATA); 391 *sched = NULL; 392 } 393 394 static void 395 blf_encrypt(void *key, u_int8_t *blk) 396 { 397 398 #if defined(__NetBSD__) 399 BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 1); 400 #else 401 blf_ecb_encrypt((blf_ctx *) key, blk, 8); 402 #endif 403 } 404 405 static void 406 blf_decrypt(void *key, u_int8_t *blk) 407 { 408 409 #if defined(__NetBSD__) 410 BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 0); 411 #else 412 blf_ecb_decrypt((blf_ctx *) key, blk, 8); 413 #endif 414 } 415 416 static int 417 blf_setkey(u_int8_t **sched, const u_int8_t *key, int len) 418 { 419 int err; 420 421 #if defined(__FreeBSD__) || defined(__NetBSD__) 422 #define BLF_SIZ sizeof(BF_KEY) 423 #else 424 #define BLF_SIZ sizeof(blf_ctx) 425 #endif 426 427 MALLOC(*sched, u_int8_t *, BLF_SIZ, 428 M_CRYPTO_DATA, M_NOWAIT); 429 if (*sched != NULL) { 430 bzero(*sched, BLF_SIZ); 431 #if defined(__FreeBSD__) || defined(__NetBSD__) 432 BF_set_key((BF_KEY *) *sched, len, key); 433 #else 434 blf_key((blf_ctx *)*sched, key, len); 435 #endif 436 err = 0; 437 } else 438 err = ENOMEM; 439 return err; 440 } 441 442 static void 443 blf_zerokey(u_int8_t **sched) 444 { 445 bzero(*sched, BLF_SIZ); 446 FREE(*sched, M_CRYPTO_DATA); 447 *sched = NULL; 448 } 449 450 static void 451 cast5_encrypt(void *key, u_int8_t *blk) 452 { 453 cast128_encrypt((cast128_key *) key, blk, blk); 454 } 455 456 static void 457 cast5_decrypt(void *key, u_int8_t *blk) 458 { 459 cast128_decrypt((cast128_key *) key, blk, blk); 460 } 461 462 static int 463 cast5_setkey(u_int8_t **sched, const u_int8_t *key, int len) 464 { 465 int err; 466 467 MALLOC(*sched, u_int8_t *, sizeof(cast128_key), M_CRYPTO_DATA, 468 M_NOWAIT); 469 if (*sched != NULL) { 470 bzero(*sched, sizeof(cast128_key)); 471 cast128_setkey((cast128_key *)*sched, key, len); 472 err = 0; 473 } else 474 err = ENOMEM; 475 return err; 476 } 477 478 static void 479 cast5_zerokey(u_int8_t **sched) 480 { 481 bzero(*sched, sizeof(cast128_key)); 482 FREE(*sched, M_CRYPTO_DATA); 483 *sched = NULL; 484 } 485 486 static void 487 skipjack_encrypt(void *key, u_int8_t *blk) 488 { 489 skipjack_forwards(blk, blk, (u_int8_t **) key); 490 } 491 492 static void 493 skipjack_decrypt(void *key, u_int8_t *blk) 494 { 495 skipjack_backwards(blk, blk, (u_int8_t **) key); 496 } 497 498 static int 499 skipjack_setkey(u_int8_t **sched, const u_int8_t *key, int len) 500 { 501 int err; 502 503 /* NB: allocate all the memory that's needed at once */ 504 /* XXX assumes bytes are aligned on sizeof(u_char) == 1 boundaries. 505 * Will this break a pdp-10, Cray-1, or GE-645 port? 506 */ 507 MALLOC(*sched, u_int8_t *, 10 * (sizeof(u_int8_t *) + 0x100), 508 M_CRYPTO_DATA, M_NOWAIT); 509 510 if (*sched != NULL) { 511 512 u_int8_t** key_tables = (u_int8_t**) *sched; 513 u_int8_t* table = (u_int8_t*) &key_tables[10]; 514 int k; 515 516 bzero(*sched, 10 * sizeof(u_int8_t *)+0x100); 517 518 for (k = 0; k < 10; k++) { 519 key_tables[k] = table; 520 table += 0x100; 521 } 522 subkey_table_gen(key, (u_int8_t **) *sched); 523 err = 0; 524 } else 525 err = ENOMEM; 526 return err; 527 } 528 529 static void 530 skipjack_zerokey(u_int8_t **sched) 531 { 532 bzero(*sched, 10 * (sizeof(u_int8_t *) + 0x100)); 533 FREE(*sched, M_CRYPTO_DATA); 534 *sched = NULL; 535 } 536 537 static void 538 rijndael128_encrypt(void *key, u_int8_t *blk) 539 { 540 rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk); 541 } 542 543 static void 544 rijndael128_decrypt(void *key, u_int8_t *blk) 545 { 546 rijndael_decrypt((rijndael_ctx *) key, (u_char *) blk, 547 (u_char *) blk); 548 } 549 550 static int 551 rijndael128_setkey(u_int8_t **sched, const u_int8_t *key, int len) 552 { 553 int err; 554 555 MALLOC(*sched, u_int8_t *, sizeof(rijndael_ctx), M_CRYPTO_DATA, 556 M_NOWAIT); 557 if (*sched != NULL) { 558 bzero(*sched, sizeof(rijndael_ctx)); 559 rijndael_set_key((rijndael_ctx *) *sched, key, len * 8); 560 err = 0; 561 } else 562 err = ENOMEM; 563 return err; 564 } 565 566 static void 567 rijndael128_zerokey(u_int8_t **sched) 568 { 569 bzero(*sched, sizeof(rijndael_ctx)); 570 FREE(*sched, M_CRYPTO_DATA); 571 *sched = NULL; 572 } 573 574 /* 575 * And now for auth. 576 */ 577 578 static void 579 null_init(void *ctx) 580 { 581 } 582 583 static int 584 null_update(void *ctx, const u_int8_t *buf, 585 u_int16_t len) 586 { 587 return 0; 588 } 589 590 static void 591 null_final(u_int8_t *buf, void *ctx) 592 { 593 if (buf != (u_int8_t *) 0) 594 bzero(buf, 12); 595 } 596 597 static int 598 RMD160Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 599 { 600 RMD160Update(ctx, buf, len); 601 return 0; 602 } 603 604 static int 605 MD5Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 606 { 607 MD5Update(ctx, buf, len); 608 return 0; 609 } 610 611 static void 612 SHA1Init_int(void *ctx) 613 { 614 SHA1Init(ctx); 615 } 616 617 static int 618 SHA1Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 619 { 620 SHA1Update(ctx, buf, len); 621 return 0; 622 } 623 624 static void 625 SHA1Final_int(u_int8_t *blk, void *ctx) 626 { 627 SHA1Final(blk, ctx); 628 } 629 630 static int 631 SHA256Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 632 { 633 SHA256_Update(ctx, buf, len); 634 return 0; 635 } 636 637 static int 638 SHA384Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 639 { 640 SHA384_Update(ctx, buf, len); 641 return 0; 642 } 643 644 static int 645 SHA512Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 646 { 647 SHA512_Update(ctx, buf, len); 648 return 0; 649 } 650 651 /* 652 * And compression 653 */ 654 655 static u_int32_t 656 deflate_compress(data, size, out) 657 u_int8_t *data; 658 u_int32_t size; 659 u_int8_t **out; 660 { 661 return deflate_global(data, size, 0, out); 662 } 663 664 static u_int32_t 665 deflate_decompress(data, size, out) 666 u_int8_t *data; 667 u_int32_t size; 668 u_int8_t **out; 669 { 670 return deflate_global(data, size, 1, out); 671 } 672
Indexes created Mon Sep 22 10:09:38 GMT 2025