xref: /netbsd-src/sys/opencrypto/cryptosoft_xform.c (revision 404fbe5fb94ca1e054339640cabb2801ce52dd30) 
1 /*	$NetBSD: cryptosoft_xform.c,v 1.9 2008/12/17 20:51:38 cegger Exp $ */
2 /*	$FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $	*/
3 /*	$OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $	*/
4 
5 /*
6  * The authors of this code are John Ioannidis (ji@tla.org),
7  * Angelos D. Keromytis (kermit@csd.uch.gr) and
8  * Niels Provos (provos@physnet.uni-hamburg.de).
9  *
10  * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
11  * in November 1995.
12  *
13  * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
14  * by Angelos D. Keromytis.
15  *
16  * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
17  * and Niels Provos.
18  *
19  * Additional features in 1999 by Angelos D. Keromytis.
20  *
21  * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
22  * Angelos D. Keromytis and Niels Provos.
23  *
24  * Copyright (C) 2001, Angelos D. Keromytis.
25  *
26  * Permission to use, copy, and modify this software with or without fee
27  * is hereby granted, provided that this entire notice is included in
28  * all copies of any software which is or includes a copy or
29  * modification of this software.
30  * You may use this code under the GNU public license if you so wish. Please
31  * contribute changes back to the authors under this freer than GPL license
32  * so that we may further the use of strong encryption without limitations to
33  * all.
34  *
35  * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
36  * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
37  * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
38  * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
39  * PURPOSE.
40  */
41 
42 #include <sys/cdefs.h>
43 __KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.9 2008/12/17 20:51:38 cegger Exp $");
44 
45 #include <crypto/blowfish/blowfish.h>
46 #include <crypto/cast128/cast128.h>
47 #include <crypto/des/des.h>
48 #include <crypto/rijndael/rijndael.h>
49 #include <crypto/skipjack/skipjack.h>
50 
51 #include <opencrypto/deflate.h>
52 
53 #include <sys/md5.h>
54 #include <sys/rmd160.h>
55 #include <sys/sha1.h>
56 
57 struct swcr_auth_hash {
58 	struct auth_hash *auth_hash;
59 	void (*Init)(void *);
60 	int  (*Update)(void *, const uint8_t *, uint16_t);
61 	void (*Final)(uint8_t *, void *);
62 };
63 
64 struct swcr_enc_xform {
65 	struct enc_xform *enc_xform;
66 	void (*encrypt)(void *, uint8_t *);
67 	void (*decrypt)(void *, uint8_t *);
68 	int  (*setkey)(uint8_t **, const uint8_t *, int len);
69 	void (*zerokey)(uint8_t **);
70 };
71 
72 struct swcr_comp_algo {
73 	struct comp_algo *comp_algo;
74 	uint32_t (*compress)(uint8_t *, uint32_t, uint8_t **);
75 	uint32_t (*decompress)(uint8_t *, uint32_t, uint8_t **);
76 };
77 
78 static void null_encrypt(void *, u_int8_t *);
79 static void null_decrypt(void *, u_int8_t *);
80 static int null_setkey(u_int8_t **, const u_int8_t *, int);
81 static void null_zerokey(u_int8_t **);
82 
83 static	int des1_setkey(u_int8_t **, const u_int8_t *, int);
84 static	int des3_setkey(u_int8_t **, const u_int8_t *, int);
85 static	int blf_setkey(u_int8_t **, const u_int8_t *, int);
86 static	int cast5_setkey(u_int8_t **, const u_int8_t *, int);
87 static  int skipjack_setkey(u_int8_t **, const u_int8_t *, int);
88 static  int rijndael128_setkey(u_int8_t **, const u_int8_t *, int);
89 static	void des1_encrypt(void *, u_int8_t *);
90 static	void des3_encrypt(void *, u_int8_t *);
91 static	void blf_encrypt(void *, u_int8_t *);
92 static	void cast5_encrypt(void *, u_int8_t *);
93 static	void skipjack_encrypt(void *, u_int8_t *);
94 static	void rijndael128_encrypt(void *, u_int8_t *);
95 static	void des1_decrypt(void *, u_int8_t *);
96 static	void des3_decrypt(void *, u_int8_t *);
97 static	void blf_decrypt(void *, u_int8_t *);
98 static	void cast5_decrypt(void *, u_int8_t *);
99 static	void skipjack_decrypt(void *, u_int8_t *);
100 static	void rijndael128_decrypt(void *, u_int8_t *);
101 static	void des1_zerokey(u_int8_t **);
102 static	void des3_zerokey(u_int8_t **);
103 static	void blf_zerokey(u_int8_t **);
104 static	void cast5_zerokey(u_int8_t **);
105 static	void skipjack_zerokey(u_int8_t **);
106 static	void rijndael128_zerokey(u_int8_t **);
107 
108 static	void null_init(void *);
109 static	int null_update(void *, const u_int8_t *, u_int16_t);
110 static	void null_final(u_int8_t *, void *);
111 
112 static int	MD5Update_int(void *, const u_int8_t *, u_int16_t);
113 static void	SHA1Init_int(void *);
114 static	int SHA1Update_int(void *, const u_int8_t *, u_int16_t);
115 static	void SHA1Final_int(u_int8_t *, void *);
116 
117 
118 static int RMD160Update_int(void *, const u_int8_t *, u_int16_t);
119 static	int SHA1Update_int(void *, const u_int8_t *, u_int16_t);
120 static	void SHA1Final_int(u_int8_t *, void *);
121 static	int RMD160Update_int(void *, const u_int8_t *, u_int16_t);
122 static	int SHA256Update_int(void *, const u_int8_t *, u_int16_t);
123 static	int SHA384Update_int(void *, const u_int8_t *, u_int16_t);
124 static	int SHA512Update_int(void *, const u_int8_t *, u_int16_t);
125 
126 static u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **);
127 static u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **);
128 
129 /* Encryption instances */
130 static const struct swcr_enc_xform swcr_enc_xform_null = {
131 	&enc_xform_null,
132 	null_encrypt,
133 	null_decrypt,
134 	null_setkey,
135 	null_zerokey,
136 };
137 
138 static const struct swcr_enc_xform swcr_enc_xform_des = {
139 	&enc_xform_des,
140 	des1_encrypt,
141 	des1_decrypt,
142 	des1_setkey,
143 	des1_zerokey,
144 };
145 
146 static const struct swcr_enc_xform swcr_enc_xform_3des = {
147 	&enc_xform_3des,
148 	des3_encrypt,
149 	des3_decrypt,
150 	des3_setkey,
151 	des3_zerokey
152 };
153 
154 static const struct swcr_enc_xform swcr_enc_xform_blf = {
155 	&enc_xform_blf,
156 	blf_encrypt,
157 	blf_decrypt,
158 	blf_setkey,
159 	blf_zerokey
160 };
161 
162 static const struct swcr_enc_xform swcr_enc_xform_cast5 = {
163 	&enc_xform_cast5,
164 	cast5_encrypt,
165 	cast5_decrypt,
166 	cast5_setkey,
167 	cast5_zerokey
168 };
169 
170 static const struct swcr_enc_xform swcr_enc_xform_skipjack = {
171 	&enc_xform_skipjack,
172 	skipjack_encrypt,
173 	skipjack_decrypt,
174 	skipjack_setkey,
175 	skipjack_zerokey
176 };
177 
178 static const struct swcr_enc_xform swcr_enc_xform_rijndael128 = {
179 	&enc_xform_rijndael128,
180 	rijndael128_encrypt,
181 	rijndael128_decrypt,
182 	rijndael128_setkey,
183 	rijndael128_zerokey,
184 };
185 
186 static const struct swcr_enc_xform swcr_enc_xform_arc4 = {
187 	&enc_xform_arc4,
188 	NULL,
189 	NULL,
190 	NULL,
191 	NULL,
192 };
193 
194 /* Authentication instances */
195 static const struct swcr_auth_hash swcr_auth_hash_null = {
196 	&auth_hash_null,
197 	null_init, null_update, null_final
198 };
199 
200 static const struct swcr_auth_hash swcr_auth_hash_hmac_md5 = {
201 	&auth_hash_hmac_md5,
202 	(void (*) (void *)) MD5Init, MD5Update_int,
203 	(void (*) (u_int8_t *, void *)) MD5Final
204 };
205 
206 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1 = {
207 	&auth_hash_hmac_sha1,
208 	SHA1Init_int, SHA1Update_int, SHA1Final_int
209 };
210 
211 static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160 = {
212 	&auth_hash_hmac_ripemd_160,
213 	(void (*)(void *)) RMD160Init, RMD160Update_int,
214 	(void (*)(u_int8_t *, void *)) RMD160Final
215 };
216 static const struct swcr_auth_hash swcr_auth_hash_hmac_md5_96 = {
217 	&auth_hash_hmac_md5_96,
218 	(void (*) (void *)) MD5Init, MD5Update_int,
219 	(void (*) (u_int8_t *, void *)) MD5Final
220 };
221 
222 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1_96 = {
223 	&auth_hash_hmac_sha1_96,
224 	SHA1Init_int, SHA1Update_int, SHA1Final_int
225 };
226 
227 static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160_96 = {
228 	&auth_hash_hmac_ripemd_160_96,
229 	(void (*)(void *)) RMD160Init, RMD160Update_int,
230 	(void (*)(u_int8_t *, void *)) RMD160Final
231 };
232 
233 static const struct swcr_auth_hash swcr_auth_hash_key_md5 = {
234 	&auth_hash_key_md5,
235 	(void (*)(void *)) MD5Init, MD5Update_int,
236 	(void (*)(u_int8_t *, void *)) MD5Final
237 };
238 
239 static const struct swcr_auth_hash swcr_auth_hash_key_sha1 = {
240 	&auth_hash_key_sha1,
241 	SHA1Init_int, SHA1Update_int, SHA1Final_int
242 };
243 
244 static const struct swcr_auth_hash swcr_auth_hash_md5 = {
245 	&auth_hash_md5,
246 	(void (*) (void *)) MD5Init, MD5Update_int,
247 	(void (*) (u_int8_t *, void *)) MD5Final
248 };
249 
250 static const struct swcr_auth_hash swcr_auth_hash_sha1 = {
251 	&auth_hash_sha1,
252 	(void (*)(void *)) SHA1Init, SHA1Update_int,
253 	(void (*)(u_int8_t *, void *)) SHA1Final
254 };
255 
256 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_256 = {
257 	&auth_hash_hmac_sha2_256,
258 	(void (*)(void *)) SHA256_Init, SHA256Update_int,
259 	(void (*)(u_int8_t *, void *)) SHA256_Final
260 };
261 
262 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_384 = {
263 	&auth_hash_hmac_sha2_384,
264 	(void (*)(void *)) SHA384_Init, SHA384Update_int,
265 	(void (*)(u_int8_t *, void *)) SHA384_Final
266 };
267 
268 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_512 = {
269 	&auth_hash_hmac_sha2_384,
270 	(void (*)(void *)) SHA512_Init, SHA512Update_int,
271 	(void (*)(u_int8_t *, void *)) SHA512_Final
272 };
273 
274 /* Compression instance */
275 static const struct swcr_comp_algo swcr_comp_algo_deflate = {
276 	&comp_algo_deflate,
277 	deflate_compress,
278 	deflate_decompress
279 };
280 
281 /*
282  * Encryption wrapper routines.
283  */
284 static void
285 null_encrypt(void *key, u_int8_t *blk)
286 {
287 }
288 static void
289 null_decrypt(void *key, u_int8_t *blk)
290 {
291 }
292 static int
293 null_setkey(u_int8_t **sched, const u_int8_t *key, int len)
294 {
295 	*sched = NULL;
296 	return 0;
297 }
298 static void
299 null_zerokey(u_int8_t **sched)
300 {
301 	*sched = NULL;
302 }
303 
304 static void
305 des1_encrypt(void *key, u_int8_t *blk)
306 {
307 	des_cblock *cb = (des_cblock *) blk;
308 	des_key_schedule *p = (des_key_schedule *) key;
309 
310 	des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT);
311 }
312 
313 static void
314 des1_decrypt(void *key, u_int8_t *blk)
315 {
316 	des_cblock *cb = (des_cblock *) blk;
317 	des_key_schedule *p = (des_key_schedule *) key;
318 
319 	des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT);
320 }
321 
322 static int
323 des1_setkey(u_int8_t **sched, const u_int8_t *key, int len)
324 {
325 	des_key_schedule *p;
326 	int err;
327 
328 	p = malloc(sizeof (des_key_schedule),
329 		M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
330 	if (p != NULL) {
331 		des_set_key((des_cblock *)__UNCONST(key), p[0]);
332 		err = 0;
333 	} else
334 		err = ENOMEM;
335 	*sched = (u_int8_t *) p;
336 	return err;
337 }
338 
339 static void
340 des1_zerokey(u_int8_t **sched)
341 {
342 	bzero(*sched, sizeof (des_key_schedule));
343 	free(*sched, M_CRYPTO_DATA);
344 	*sched = NULL;
345 }
346 
347 static void
348 des3_encrypt(void *key, u_int8_t *blk)
349 {
350 	des_cblock *cb = (des_cblock *) blk;
351 	des_key_schedule *p = (des_key_schedule *) key;
352 
353 	des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT);
354 }
355 
356 static void
357 des3_decrypt(void *key, u_int8_t *blk)
358 {
359 	des_cblock *cb = (des_cblock *) blk;
360 	des_key_schedule *p = (des_key_schedule *) key;
361 
362 	des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT);
363 }
364 
365 static int
366 des3_setkey(u_int8_t **sched, const u_int8_t *key, int len)
367 {
368 	des_key_schedule *p;
369 	int err;
370 
371 	p = malloc(3*sizeof (des_key_schedule),
372 		M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
373 	if (p != NULL) {
374 		des_set_key((des_cblock *)__UNCONST(key +  0), p[0]);
375 		des_set_key((des_cblock *)__UNCONST(key +  8), p[1]);
376 		des_set_key((des_cblock *)__UNCONST(key + 16), p[2]);
377 		err = 0;
378 	} else
379 		err = ENOMEM;
380 	*sched = (u_int8_t *) p;
381 	return err;
382 }
383 
384 static void
385 des3_zerokey(u_int8_t **sched)
386 {
387 	bzero(*sched, 3*sizeof (des_key_schedule));
388 	free(*sched, M_CRYPTO_DATA);
389 	*sched = NULL;
390 }
391 
392 static void
393 blf_encrypt(void *key, u_int8_t *blk)
394 {
395 
396 	BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 1);
397 }
398 
399 static void
400 blf_decrypt(void *key, u_int8_t *blk)
401 {
402 
403 	BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 0);
404 }
405 
406 static int
407 blf_setkey(u_int8_t **sched, const u_int8_t *key, int len)
408 {
409 	int err;
410 
411 	*sched = malloc(sizeof(BF_KEY),
412 		M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
413 	if (*sched != NULL) {
414 		BF_set_key((BF_KEY *) *sched, len, key);
415 		err = 0;
416 	} else
417 		err = ENOMEM;
418 	return err;
419 }
420 
421 static void
422 blf_zerokey(u_int8_t **sched)
423 {
424 	bzero(*sched, sizeof(BF_KEY));
425 	free(*sched, M_CRYPTO_DATA);
426 	*sched = NULL;
427 }
428 
429 static void
430 cast5_encrypt(void *key, u_int8_t *blk)
431 {
432 	cast128_encrypt((cast128_key *) key, blk, blk);
433 }
434 
435 static void
436 cast5_decrypt(void *key, u_int8_t *blk)
437 {
438 	cast128_decrypt((cast128_key *) key, blk, blk);
439 }
440 
441 static int
442 cast5_setkey(u_int8_t **sched, const u_int8_t *key, int len)
443 {
444 	int err;
445 
446 	*sched = malloc(sizeof(cast128_key), M_CRYPTO_DATA,
447 	       M_NOWAIT|M_ZERO);
448 	if (*sched != NULL) {
449 		cast128_setkey((cast128_key *)*sched, key, len);
450 		err = 0;
451 	} else
452 		err = ENOMEM;
453 	return err;
454 }
455 
456 static void
457 cast5_zerokey(u_int8_t **sched)
458 {
459 	bzero(*sched, sizeof(cast128_key));
460 	free(*sched, M_CRYPTO_DATA);
461 	*sched = NULL;
462 }
463 
464 static void
465 skipjack_encrypt(void *key, u_int8_t *blk)
466 {
467 	skipjack_forwards(blk, blk, (u_int8_t **) key);
468 }
469 
470 static void
471 skipjack_decrypt(void *key, u_int8_t *blk)
472 {
473 	skipjack_backwards(blk, blk, (u_int8_t **) key);
474 }
475 
476 static int
477 skipjack_setkey(u_int8_t **sched, const u_int8_t *key, int len)
478 {
479 	int err;
480 
481 	/* NB: allocate all the memory that's needed at once */
482 	/* XXX assumes bytes are aligned on sizeof(u_char) == 1 boundaries.
483 	 * Will this break a pdp-10, Cray-1, or GE-645 port?
484 	 */
485 	*sched = malloc(10 * (sizeof(u_int8_t *) + 0x100),
486 		M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
487 
488 	if (*sched != NULL) {
489 
490 		u_int8_t** key_tables = (u_int8_t**) *sched;
491 		u_int8_t* table = (u_int8_t*) &key_tables[10];
492 		int k;
493 
494 		for (k = 0; k < 10; k++) {
495 			key_tables[k] = table;
496 			table += 0x100;
497 		}
498 		subkey_table_gen(key, (u_int8_t **) *sched);
499 		err = 0;
500 	} else
501 		err = ENOMEM;
502 	return err;
503 }
504 
505 static void
506 skipjack_zerokey(u_int8_t **sched)
507 {
508 	bzero(*sched, 10 * (sizeof(u_int8_t *) + 0x100));
509 	free(*sched, M_CRYPTO_DATA);
510 	*sched = NULL;
511 }
512 
513 static void
514 rijndael128_encrypt(void *key, u_int8_t *blk)
515 {
516 	rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk);
517 }
518 
519 static void
520 rijndael128_decrypt(void *key, u_int8_t *blk)
521 {
522 	rijndael_decrypt((rijndael_ctx *) key, (u_char *) blk,
523 	    (u_char *) blk);
524 }
525 
526 static int
527 rijndael128_setkey(u_int8_t **sched, const u_int8_t *key, int len)
528 {
529 	int err;
530 
531 	*sched = malloc(sizeof(rijndael_ctx), M_CRYPTO_DATA,
532 	    M_NOWAIT|M_ZERO);
533 	if (*sched != NULL) {
534 		rijndael_set_key((rijndael_ctx *) *sched, key, len * 8);
535 		err = 0;
536 	} else
537 		err = ENOMEM;
538 	return err;
539 }
540 
541 static void
542 rijndael128_zerokey(u_int8_t **sched)
543 {
544 	bzero(*sched, sizeof(rijndael_ctx));
545 	free(*sched, M_CRYPTO_DATA);
546 	*sched = NULL;
547 }
548 
549 /*
550  * And now for auth.
551  */
552 
553 static void
554 null_init(void *ctx)
555 {
556 }
557 
558 static int
559 null_update(void *ctx, const u_int8_t *buf,
560     u_int16_t len)
561 {
562 	return 0;
563 }
564 
565 static void
566 null_final(u_int8_t *buf, void *ctx)
567 {
568 	if (buf != (u_int8_t *) 0)
569 		bzero(buf, 12);
570 }
571 
572 static int
573 RMD160Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
574 {
575 	RMD160Update(ctx, buf, len);
576 	return 0;
577 }
578 
579 static int
580 MD5Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
581 {
582 	MD5Update(ctx, buf, len);
583 	return 0;
584 }
585 
586 static void
587 SHA1Init_int(void *ctx)
588 {
589 	SHA1Init(ctx);
590 }
591 
592 static int
593 SHA1Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
594 {
595 	SHA1Update(ctx, buf, len);
596 	return 0;
597 }
598 
599 static void
600 SHA1Final_int(u_int8_t *blk, void *ctx)
601 {
602 	SHA1Final(blk, ctx);
603 }
604 
605 static int
606 SHA256Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
607 {
608 	SHA256_Update(ctx, buf, len);
609 	return 0;
610 }
611 
612 static int
613 SHA384Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
614 {
615 	SHA384_Update(ctx, buf, len);
616 	return 0;
617 }
618 
619 static int
620 SHA512Update_int(void *ctx, const u_int8_t *buf, u_int16_t len)
621 {
622 	SHA512_Update(ctx, buf, len);
623 	return 0;
624 }
625 
626 /*
627  * And compression
628  */
629 
630 static u_int32_t
631 deflate_compress(data, size, out)
632 	u_int8_t *data;
633 	u_int32_t size;
634 	u_int8_t **out;
635 {
636 	return deflate_global(data, size, 0, out);
637 }
638 
639 static u_int32_t
640 deflate_decompress(data, size, out)
641 	u_int8_t *data;
642 	u_int32_t size;
643 	u_int8_t **out;
644 {
645 	return deflate_global(data, size, 1, out);
646 }
647