xform.c revision 1.1 1 /* $NetBSD: xform.c,v 1.1 2003/07/25 21:12:49 jonathan Exp $ */
2 /* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */
3 /* $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */
4
5 /*
6 * The authors of this code are John Ioannidis (ji (at) tla.org),
7 * Angelos D. Keromytis (kermit (at) csd.uch.gr) and
8 * Niels Provos (provos (at) physnet.uni-hamburg.de).
9 *
10 * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
11 * in November 1995.
12 *
13 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
14 * by Angelos D. Keromytis.
15 *
16 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
17 * and Niels Provos.
18 *
19 * Additional features in 1999 by Angelos D. Keromytis.
20 *
21 * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
22 * Angelos D. Keromytis and Niels Provos.
23 *
24 * Copyright (C) 2001, Angelos D. Keromytis.
25 *
26 * Permission to use, copy, and modify this software with or without fee
27 * is hereby granted, provided that this entire notice is included in
28 * all copies of any software which is or includes a copy or
29 * modification of this software.
30 * You may use this code under the GNU public license if you so wish. Please
31 * contribute changes back to the authors under this freer than GPL license
32 * so that we may further the use of strong encryption without limitations to
33 * all.
34 *
35 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
36 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
37 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
38 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
39 * PURPOSE.
40 */
41
42 #include <sys/cdefs.h>
43 __KERNEL_RCSID(0, "$NetBSD: xform.c,v 1.1 2003/07/25 21:12:49 jonathan Exp $");
44
45 #include <sys/param.h>
46 #include <sys/systm.h>
47 #include <sys/malloc.h>
48 #include <sys/sysctl.h>
49 #include <sys/errno.h>
50 #include <sys/time.h>
51 #include <sys/kernel.h>
52 #include <machine/cpu.h>
53
54 #include <crypto/blowfish/blowfish.h>
55 #include <crypto/des/des.h>
56
57 #include <opencrypto/rmd160.h>
58 #include <opencrypto/blf.h>
59 #include <opencrypto/cast.h>
60 #include <opencrypto/deflate.h>
61 #include <opencrypto/rijndael.h>
62 #include <opencrypto/skipjack.h>
63
64 #include <sys/md5k.h>
65 #include <sys/sha1.h>
66
67 #include <opencrypto/cryptodev.h>
68 #include <opencrypto/xform.h>
69
70 static void null_encrypt(caddr_t, u_int8_t *);
71 static void null_decrypt(caddr_t, u_int8_t *);
72 static int null_setkey(u_int8_t **, u_int8_t *, int);
73 static void null_zerokey(u_int8_t **);
74
75 static int des1_setkey(u_int8_t **, u_int8_t *, int);
76 static int des3_setkey(u_int8_t **, u_int8_t *, int);
77 static int blf_setkey(u_int8_t **, u_int8_t *, int);
78 static int cast5_setkey(u_int8_t **, u_int8_t *, int);
79 static int skipjack_setkey(u_int8_t **, u_int8_t *, int);
80 static int rijndael128_setkey(u_int8_t **, u_int8_t *, int);
81 static void des1_encrypt(caddr_t, u_int8_t *);
82 static void des3_encrypt(caddr_t, u_int8_t *);
83 static void blf_encrypt(caddr_t, u_int8_t *);
84 static void cast5_encrypt(caddr_t, u_int8_t *);
85 static void skipjack_encrypt(caddr_t, u_int8_t *);
86 static void rijndael128_encrypt(caddr_t, u_int8_t *);
87 static void des1_decrypt(caddr_t, u_int8_t *);
88 static void des3_decrypt(caddr_t, u_int8_t *);
89 static void blf_decrypt(caddr_t, u_int8_t *);
90 static void cast5_decrypt(caddr_t, u_int8_t *);
91 static void skipjack_decrypt(caddr_t, u_int8_t *);
92 static void rijndael128_decrypt(caddr_t, u_int8_t *);
93 static void des1_zerokey(u_int8_t **);
94 static void des3_zerokey(u_int8_t **);
95 static void blf_zerokey(u_int8_t **);
96 static void cast5_zerokey(u_int8_t **);
97 static void skipjack_zerokey(u_int8_t **);
98 static void rijndael128_zerokey(u_int8_t **);
99
100 static void null_init(void *);
101 static int null_update(void *, u_int8_t *, u_int16_t);
102 static void null_final(u_int8_t *, void *);
103
104 static int MD5Update_int(void *, u_int8_t *, u_int16_t);
105 static void SHA1Init_int(void *);
106 static int SHA1Update_int(void *, u_int8_t *, u_int16_t);
107 static void SHA1Final_int(u_int8_t *, void *);
108
109
110 static int RMD160Update_int(void *, u_int8_t *, u_int16_t);
111 static int SHA1Update_int(void *, u_int8_t *, u_int16_t);
112 static void SHA1Final_int(u_int8_t *, void *);
113 static int RMD160Update_int(void *, u_int8_t *, u_int16_t);
114 static int SHA256Update_int(void *, u_int8_t *, u_int16_t);
115 static int SHA384Update_int(void *, u_int8_t *, u_int16_t);
116 static int SHA512Update_int(void *, u_int8_t *, u_int16_t);
117
118 static u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **);
119 static u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **);
120
121 MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers");
122
123 /* Encryption instances */
124 struct enc_xform enc_xform_null = {
125 CRYPTO_NULL_CBC, "NULL",
126 /* NB: blocksize of 4 is to generate a properly aligned ESP header */
127 4, 0, 256, /* 2048 bits, max key */
128 null_encrypt,
129 null_decrypt,
130 null_setkey,
131 null_zerokey,
132 };
133
134 struct enc_xform enc_xform_des = {
135 CRYPTO_DES_CBC, "DES",
136 8, 8, 8,
137 des1_encrypt,
138 des1_decrypt,
139 des1_setkey,
140 des1_zerokey,
141 };
142
143 struct enc_xform enc_xform_3des = {
144 CRYPTO_3DES_CBC, "3DES",
145 8, 24, 24,
146 des3_encrypt,
147 des3_decrypt,
148 des3_setkey,
149 des3_zerokey
150 };
151
152 struct enc_xform enc_xform_blf = {
153 CRYPTO_BLF_CBC, "Blowfish",
154 8, 5, 56 /* 448 bits, max key */,
155 blf_encrypt,
156 blf_decrypt,
157 blf_setkey,
158 blf_zerokey
159 };
160
161 struct enc_xform enc_xform_cast5 = {
162 CRYPTO_CAST_CBC, "CAST-128",
163 8, 5, 16,
164 cast5_encrypt,
165 cast5_decrypt,
166 cast5_setkey,
167 cast5_zerokey
168 };
169
170 struct enc_xform enc_xform_skipjack = {
171 CRYPTO_SKIPJACK_CBC, "Skipjack",
172 8, 10, 10,
173 skipjack_encrypt,
174 skipjack_decrypt,
175 skipjack_setkey,
176 skipjack_zerokey
177 };
178
179 struct enc_xform enc_xform_rijndael128 = {
180 CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES",
181 16, 8, 32,
182 rijndael128_encrypt,
183 rijndael128_decrypt,
184 rijndael128_setkey,
185 rijndael128_zerokey,
186 };
187
188 struct enc_xform enc_xform_arc4 = {
189 CRYPTO_ARC4, "ARC4",
190 1, 1, 32,
191 NULL,
192 NULL,
193 NULL,
194 NULL,
195 };
196
197 /* Authentication instances */
198 struct auth_hash auth_hash_null = {
199 CRYPTO_NULL_HMAC, "NULL-HMAC",
200 0, 0, 12, sizeof(int), /* NB: context isn't used */
201 null_init, null_update, null_final
202 };
203
204 struct auth_hash auth_hash_hmac_md5_96 = {
205 CRYPTO_MD5_HMAC, "HMAC-MD5",
206 16, 16, 12, sizeof(MD5_CTX),
207 (void (*) (void *)) MD5Init, MD5Update_int,
208 (void (*) (u_int8_t *, void *)) MD5Final
209 };
210
211 struct auth_hash auth_hash_hmac_sha1_96 = {
212 CRYPTO_SHA1_HMAC, "HMAC-SHA1",
213 20, 20, 12, sizeof(SHA1_CTX),
214 SHA1Init_int, SHA1Update_int, SHA1Final_int
215 };
216
217 struct auth_hash auth_hash_hmac_ripemd_160_96 = {
218 CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
219 20, 20, 12, sizeof(RMD160_CTX),
220 (void (*)(void *)) RMD160Init, RMD160Update_int,
221 (void (*)(u_int8_t *, void *)) RMD160Final
222 };
223
224 struct auth_hash auth_hash_key_md5 = {
225 CRYPTO_MD5_KPDK, "Keyed MD5",
226 0, 16, 12, sizeof(MD5_CTX),
227 (void (*)(void *)) MD5Init, MD5Update_int,
228 (void (*)(u_int8_t *, void *)) MD5Final
229 };
230
231 struct auth_hash auth_hash_key_sha1 = {
232 CRYPTO_SHA1_KPDK, "Keyed SHA1",
233 0, 20, 12, sizeof(SHA1_CTX),
234 SHA1Init_int, SHA1Update_int, SHA1Final_int
235 };
236
237 struct auth_hash auth_hash_md5 = {
238 CRYPTO_MD5, "MD5",
239 0, 16, 16, sizeof(MD5_CTX),
240 (void (*) (void *)) MD5Init, MD5Update_int,
241 (void (*) (u_int8_t *, void *)) MD5Final
242 };
243
244 struct auth_hash auth_hash_sha1 = {
245 CRYPTO_SHA1, "SHA1",
246 0, 20, 20, sizeof(SHA1_CTX),
247 (void (*)(void *)) SHA1Init, SHA1Update_int,
248 (void (*)(u_int8_t *, void *)) SHA1Final
249 };
250
251 struct auth_hash auth_hash_hmac_sha2_256 = {
252 CRYPTO_SHA2_HMAC, "HMAC-SHA2",
253 32, 32, 12, sizeof(SHA256_CTX),
254 (void (*)(void *)) SHA256_Init, SHA256Update_int,
255 (void (*)(u_int8_t *, void *)) SHA256_Final
256 };
257
258 struct auth_hash auth_hash_hmac_sha2_384 = {
259 CRYPTO_SHA2_HMAC, "HMAC-SHA2-384",
260 48, 48, 12, sizeof(SHA384_CTX),
261 (void (*)(void *)) SHA384_Init, SHA384Update_int,
262 (void (*)(u_int8_t *, void *)) SHA384_Final
263 };
264
265 struct auth_hash auth_hash_hmac_sha2_512 = {
266 CRYPTO_SHA2_HMAC, "HMAC-SHA2-512",
267 64, 64, 12, sizeof(SHA512_CTX),
268 (void (*)(void *)) SHA512_Init, SHA512Update_int,
269 (void (*)(u_int8_t *, void *)) SHA512_Final
270 };
271
272 /* Compression instance */
273 struct comp_algo comp_algo_deflate = {
274 CRYPTO_DEFLATE_COMP, "Deflate",
275 90, deflate_compress,
276 deflate_decompress
277 };
278
279 /*
280 * Encryption wrapper routines.
281 */
282 static void
283 null_encrypt(caddr_t key, u_int8_t *blk)
284 {
285 }
286 static void
287 null_decrypt(caddr_t key, u_int8_t *blk)
288 {
289 }
290 static int
291 null_setkey(u_int8_t **sched, u_int8_t *key, int len)
292 {
293 *sched = NULL;
294 return 0;
295 }
296 static void
297 null_zerokey(u_int8_t **sched)
298 {
299 *sched = NULL;
300 }
301
302 static void
303 des1_encrypt(caddr_t key, u_int8_t *blk)
304 {
305 des_cblock *cb = (des_cblock *) blk;
306 des_key_schedule *p = (des_key_schedule *) key;
307
308 des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT);
309 }
310
311 static void
312 des1_decrypt(caddr_t key, u_int8_t *blk)
313 {
314 des_cblock *cb = (des_cblock *) blk;
315 des_key_schedule *p = (des_key_schedule *) key;
316
317 des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT);
318 }
319
320 static int
321 des1_setkey(u_int8_t **sched, u_int8_t *key, int len)
322 {
323 des_key_schedule *p;
324 int err;
325
326 MALLOC(p, des_key_schedule *, sizeof (des_key_schedule),
327 M_CRYPTO_DATA, M_NOWAIT);
328 if (p != NULL) {
329 bzero(p, sizeof(des_key_schedule));
330 des_set_key((des_cblock *) key, p[0]);
331 err = 0;
332 } else
333 err = ENOMEM;
334 *sched = (u_int8_t *) p;
335 return err;
336 }
337
338 static void
339 des1_zerokey(u_int8_t **sched)
340 {
341 bzero(*sched, sizeof (des_key_schedule));
342 FREE(*sched, M_CRYPTO_DATA);
343 *sched = NULL;
344 }
345
346 static void
347 des3_encrypt(caddr_t key, u_int8_t *blk)
348 {
349 des_cblock *cb = (des_cblock *) blk;
350 des_key_schedule *p = (des_key_schedule *) key;
351
352 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT);
353 }
354
355 static void
356 des3_decrypt(caddr_t key, u_int8_t *blk)
357 {
358 des_cblock *cb = (des_cblock *) blk;
359 des_key_schedule *p = (des_key_schedule *) key;
360
361 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT);
362 }
363
364 static int
365 des3_setkey(u_int8_t **sched, u_int8_t *key, int len)
366 {
367 des_key_schedule *p;
368 int err;
369
370 MALLOC(p, des_key_schedule *, 3*sizeof (des_key_schedule),
371 M_CRYPTO_DATA, M_NOWAIT);
372 if (p != NULL) {
373 bzero(p, 3*sizeof(des_key_schedule));
374 des_set_key((des_cblock *)(key + 0), p[0]);
375 des_set_key((des_cblock *)(key + 8), p[1]);
376 des_set_key((des_cblock *)(key + 16), p[2]);
377 err = 0;
378 } else
379 err = ENOMEM;
380 *sched = (u_int8_t *) p;
381 return err;
382 }
383
384 static void
385 des3_zerokey(u_int8_t **sched)
386 {
387 bzero(*sched, 3*sizeof (des_key_schedule));
388 FREE(*sched, M_CRYPTO_DATA);
389 *sched = NULL;
390 }
391
392 static void
393 blf_encrypt(caddr_t key, u_int8_t *blk)
394 {
395 blf_ecb_encrypt((blf_ctx *) key, blk, 8);
396 }
397
398 static void
399 blf_decrypt(caddr_t key, u_int8_t *blk)
400 {
401 blf_ecb_decrypt((blf_ctx *) key, blk, 8);
402 }
403
404 static int
405 blf_setkey(u_int8_t **sched, u_int8_t *key, int len)
406 {
407 int err;
408
409 #ifdef __FreeBSD__
410 #define BLF_SIZ sizeof(BF_KEY)
411 #else
412 #define BLF_SIZ sizeof(blf_ctx)
413 #endif
414
415 MALLOC(*sched, u_int8_t *, BLF_SIZ,
416 M_CRYPTO_DATA, M_NOWAIT);
417 if (*sched != NULL) {
418 bzero(*sched, BLF_SIZ);
419 #ifdef _FreeBSD__
420 BF_set_key((BF_KEY *) *sched, len, key);
421 #else
422 blf_key((blf_ctx *)*sched, key, len);
423 #endif
424 err = 0;
425 } else
426 err = ENOMEM;
427 return err;
428 }
429
430 static void
431 blf_zerokey(u_int8_t **sched)
432 {
433 bzero(*sched, BLF_SIZ);
434 FREE(*sched, M_CRYPTO_DATA);
435 *sched = NULL;
436 }
437
438 static void
439 cast5_encrypt(caddr_t key, u_int8_t *blk)
440 {
441 cast_encrypt((cast_key *) key, blk, blk);
442 }
443
444 static void
445 cast5_decrypt(caddr_t key, u_int8_t *blk)
446 {
447 cast_decrypt((cast_key *) key, blk, blk);
448 }
449
450 static int
451 cast5_setkey(u_int8_t **sched, u_int8_t *key, int len)
452 {
453 int err;
454
455 MALLOC(*sched, u_int8_t *, sizeof(cast_key), M_CRYPTO_DATA,
456 M_NOWAIT);
457 if (*sched != NULL) {
458 bzero(*sched, sizeof(cast_key));
459 cast_setkey((cast_key *)*sched, key, len);
460 err = 0;
461 } else
462 err = ENOMEM;
463 return err;
464 }
465
466 static void
467 cast5_zerokey(u_int8_t **sched)
468 {
469 bzero(*sched, sizeof(cast_key));
470 FREE(*sched, M_CRYPTO_DATA);
471 *sched = NULL;
472 }
473
474 static void
475 skipjack_encrypt(caddr_t key, u_int8_t *blk)
476 {
477 skipjack_forwards(blk, blk, (u_int8_t **) key);
478 }
479
480 static void
481 skipjack_decrypt(caddr_t key, u_int8_t *blk)
482 {
483 skipjack_backwards(blk, blk, (u_int8_t **) key);
484 }
485
486 static int
487 skipjack_setkey(u_int8_t **sched, u_int8_t *key, int len)
488 {
489 int err;
490
491 /* NB: allocate all the memory that's needed at once */
492 /* XXX assumes bytes are aligned on sizeof(u_char) == 1 boundaries.
493 * Will this break a pdp-10, Cray-1, or GE-645 port?
494 */
495 MALLOC(*sched, u_int8_t *, 10 * (sizeof(u_int8_t *) + 0x100),
496 M_CRYPTO_DATA, M_NOWAIT);
497
498 if (*sched != NULL) {
499
500 u_int8_t** key_tables = (u_int8_t**) *sched;
501 u_int8_t* table = (u_int8_t*) &key_tables[10];
502 int k;
503
504 bzero(*sched, 10 * sizeof(u_int8_t *)+0x100);
505
506 for (k = 0; k < 10; k++) {
507 key_tables[k] = table;
508 table += 0x100;
509 }
510 subkey_table_gen(key, (u_int8_t **) *sched);
511 err = 0;
512 } else
513 err = ENOMEM;
514 return err;
515 }
516
517 static void
518 skipjack_zerokey(u_int8_t **sched)
519 {
520 bzero(*sched, 10 * (sizeof(u_int8_t *) + 0x100));
521 FREE(*sched, M_CRYPTO_DATA);
522 *sched = NULL;
523 }
524
525 static void
526 rijndael128_encrypt(caddr_t key, u_int8_t *blk)
527 {
528 rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk);
529 }
530
531 static void
532 rijndael128_decrypt(caddr_t key, u_int8_t *blk)
533 {
534 rijndael_decrypt(((rijndael_ctx *) key) + 1, (u_char *) blk,
535 (u_char *) blk);
536 }
537
538 static int
539 rijndael128_setkey(u_int8_t **sched, u_int8_t *key, int len)
540 {
541 int err;
542
543 MALLOC(*sched, u_int8_t *, 2 * sizeof(rijndael_ctx), M_CRYPTO_DATA,
544 M_WAITOK);
545 if (*sched != NULL) {
546 bzero(*sched, 2 * sizeof(rijndael_ctx));
547 rijndael_set_key((rijndael_ctx *) *sched, (u_char *) key, len * 8, 1);
548 rijndael_set_key(((rijndael_ctx *) *sched) + 1, (u_char *) key,
549 len * 8, 0);
550 err = 0;
551 } else
552 err = ENOMEM;
553 return err;
554 }
555
556 static void
557 rijndael128_zerokey(u_int8_t **sched)
558 {
559 bzero(*sched, 2 * sizeof(rijndael_ctx));
560 FREE(*sched, M_CRYPTO_DATA);
561 *sched = NULL;
562 }
563
564 /*
565 * And now for auth.
566 */
567
568 static void
569 null_init(void *ctx)
570 {
571 }
572
573 static int
574 null_update(void *ctx, u_int8_t *buf, u_int16_t len)
575 {
576 return 0;
577 }
578
579 static void
580 null_final(u_int8_t *buf, void *ctx)
581 {
582 if (buf != (u_int8_t *) 0)
583 bzero(buf, 12);
584 }
585
586 static int
587 RMD160Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
588 {
589 RMD160Update(ctx, buf, len);
590 return 0;
591 }
592
593 static int
594 MD5Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
595 {
596 MD5Update(ctx, buf, len);
597 return 0;
598 }
599
600 static void
601 SHA1Init_int(void *ctx)
602 {
603 SHA1Init(ctx);
604 }
605
606 static int
607 SHA1Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
608 {
609 SHA1Update(ctx, buf, len);
610 return 0;
611 }
612
613 static void
614 SHA1Final_int(u_int8_t *blk, void *ctx)
615 {
616 SHA1Final(blk, ctx);
617 }
618
619 static int
620 SHA256Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
621 {
622 SHA256_Update(ctx, buf, len);
623 return 0;
624 }
625
626 static int
627 SHA384Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
628 {
629 SHA384_Update(ctx, buf, len);
630 return 0;
631 }
632
633 static int
634 SHA512Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
635 {
636 SHA512_Update(ctx, buf, len);
637 return 0;
638 }
639
640 /*
641 * And compression
642 */
643
644 static u_int32_t
645 deflate_compress(data, size, out)
646 u_int8_t *data;
647 u_int32_t size;
648 u_int8_t **out;
649 {
650 return deflate_global(data, size, 0, out);
651 }
652
653 static u_int32_t
654 deflate_decompress(data, size, out)
655 u_int8_t *data;
656 u_int32_t size;
657 u_int8_t **out;
658 {
659 return deflate_global(data, size, 1, out);
660 }
661