1 /* $NetBSD: cryptosoft_xform.c,v 1.5 2007/03/04 06:03:40 christos Exp $ */ 2 /* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */ 3 /* $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */ 4 5 /* 6 * The authors of this code are John Ioannidis (ji@tla.org), 7 * Angelos D. Keromytis (kermit@csd.uch.gr) and 8 * Niels Provos (provos@physnet.uni-hamburg.de). 9 * 10 * This code was written by John Ioannidis for BSD/OS in Athens, Greece, 11 * in November 1995. 12 * 13 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 14 * by Angelos D. Keromytis. 15 * 16 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis 17 * and Niels Provos. 18 * 19 * Additional features in 1999 by Angelos D. Keromytis. 20 * 21 * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, 22 * Angelos D. Keromytis and Niels Provos. 23 * 24 * Copyright (C) 2001, Angelos D. Keromytis. 25 * 26 * Permission to use, copy, and modify this software with or without fee 27 * is hereby granted, provided that this entire notice is included in 28 * all copies of any software which is or includes a copy or 29 * modification of this software. 30 * You may use this code under the GNU public license if you so wish. Please 31 * contribute changes back to the authors under this freer than GPL license 32 * so that we may further the use of strong encryption without limitations to 33 * all. 34 * 35 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 36 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 37 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 38 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 39 * PURPOSE. 40 */ 41 42 #include <sys/cdefs.h> 43 __KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.5 2007/03/04 06:03:40 christos Exp $"); 44 45 #include <crypto/blowfish/blowfish.h> 46 #include <crypto/cast128/cast128.h> 47 #include <crypto/des/des.h> 48 #include <crypto/rijndael/rijndael.h> 49 #include <crypto/skipjack/skipjack.h> 50 51 #include <opencrypto/deflate.h> 52 53 #include <sys/md5.h> 54 #include <sys/rmd160.h> 55 #include <sys/sha1.h> 56 57 struct swcr_auth_hash { 58 struct auth_hash *auth_hash; 59 void (*Init)(void *); 60 int (*Update)(void *, const uint8_t *, uint16_t); 61 void (*Final)(uint8_t *, void *); 62 }; 63 64 struct swcr_enc_xform { 65 struct enc_xform *enc_xform; 66 void (*encrypt)(void *, uint8_t *); 67 void (*decrypt)(void *, uint8_t *); 68 int (*setkey)(uint8_t **, const uint8_t *, int len); 69 void (*zerokey)(uint8_t **); 70 }; 71 72 struct swcr_comp_algo { 73 struct comp_algo *comp_algo; 74 uint32_t (*compress)(uint8_t *, uint32_t, uint8_t **); 75 uint32_t (*decompress)(uint8_t *, uint32_t, uint8_t **); 76 }; 77 78 static void null_encrypt(void *, u_int8_t *); 79 static void null_decrypt(void *, u_int8_t *); 80 static int null_setkey(u_int8_t **, const u_int8_t *, int); 81 static void null_zerokey(u_int8_t **); 82 83 static int des1_setkey(u_int8_t **, const u_int8_t *, int); 84 static int des3_setkey(u_int8_t **, const u_int8_t *, int); 85 static int blf_setkey(u_int8_t **, const u_int8_t *, int); 86 static int cast5_setkey(u_int8_t **, const u_int8_t *, int); 87 static int skipjack_setkey(u_int8_t **, const u_int8_t *, int); 88 static int rijndael128_setkey(u_int8_t **, const u_int8_t *, int); 89 static void des1_encrypt(void *, u_int8_t *); 90 static void des3_encrypt(void *, u_int8_t *); 91 static void blf_encrypt(void *, u_int8_t *); 92 static void cast5_encrypt(void *, u_int8_t *); 93 static void skipjack_encrypt(void *, u_int8_t *); 94 static void rijndael128_encrypt(void *, u_int8_t *); 95 static void des1_decrypt(void *, u_int8_t *); 96 static void des3_decrypt(void *, u_int8_t *); 97 static void blf_decrypt(void *, u_int8_t *); 98 static void cast5_decrypt(void *, u_int8_t *); 99 static void skipjack_decrypt(void *, u_int8_t *); 100 static void rijndael128_decrypt(void *, u_int8_t *); 101 static void des1_zerokey(u_int8_t **); 102 static void des3_zerokey(u_int8_t **); 103 static void blf_zerokey(u_int8_t **); 104 static void cast5_zerokey(u_int8_t **); 105 static void skipjack_zerokey(u_int8_t **); 106 static void rijndael128_zerokey(u_int8_t **); 107 108 static void null_init(void *); 109 static int null_update(void *, const u_int8_t *, u_int16_t); 110 static void null_final(u_int8_t *, void *); 111 112 static int MD5Update_int(void *, const u_int8_t *, u_int16_t); 113 static void SHA1Init_int(void *); 114 static int SHA1Update_int(void *, const u_int8_t *, u_int16_t); 115 static void SHA1Final_int(u_int8_t *, void *); 116 117 118 static int RMD160Update_int(void *, const u_int8_t *, u_int16_t); 119 static int SHA1Update_int(void *, const u_int8_t *, u_int16_t); 120 static void SHA1Final_int(u_int8_t *, void *); 121 static int RMD160Update_int(void *, const u_int8_t *, u_int16_t); 122 static int SHA256Update_int(void *, const u_int8_t *, u_int16_t); 123 static int SHA384Update_int(void *, const u_int8_t *, u_int16_t); 124 static int SHA512Update_int(void *, const u_int8_t *, u_int16_t); 125 126 static u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **); 127 static u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **); 128 129 /* Encryption instances */ 130 static const struct swcr_enc_xform swcr_enc_xform_null = { 131 &enc_xform_null, 132 null_encrypt, 133 null_decrypt, 134 null_setkey, 135 null_zerokey, 136 }; 137 138 static const struct swcr_enc_xform swcr_enc_xform_des = { 139 &enc_xform_des, 140 des1_encrypt, 141 des1_decrypt, 142 des1_setkey, 143 des1_zerokey, 144 }; 145 146 static const struct swcr_enc_xform swcr_enc_xform_3des = { 147 &enc_xform_3des, 148 des3_encrypt, 149 des3_decrypt, 150 des3_setkey, 151 des3_zerokey 152 }; 153 154 static const struct swcr_enc_xform swcr_enc_xform_blf = { 155 &enc_xform_blf, 156 blf_encrypt, 157 blf_decrypt, 158 blf_setkey, 159 blf_zerokey 160 }; 161 162 static const struct swcr_enc_xform swcr_enc_xform_cast5 = { 163 &enc_xform_cast5, 164 cast5_encrypt, 165 cast5_decrypt, 166 cast5_setkey, 167 cast5_zerokey 168 }; 169 170 static const struct swcr_enc_xform swcr_enc_xform_skipjack = { 171 &enc_xform_skipjack, 172 skipjack_encrypt, 173 skipjack_decrypt, 174 skipjack_setkey, 175 skipjack_zerokey 176 }; 177 178 static const struct swcr_enc_xform swcr_enc_xform_rijndael128 = { 179 &enc_xform_rijndael128, 180 rijndael128_encrypt, 181 rijndael128_decrypt, 182 rijndael128_setkey, 183 rijndael128_zerokey, 184 }; 185 186 static const struct swcr_enc_xform swcr_enc_xform_arc4 = { 187 &enc_xform_arc4, 188 NULL, 189 NULL, 190 NULL, 191 NULL, 192 }; 193 194 /* Authentication instances */ 195 static const struct swcr_auth_hash swcr_auth_hash_null = { 196 &auth_hash_null, 197 null_init, null_update, null_final 198 }; 199 200 static const struct swcr_auth_hash swcr_auth_hash_hmac_md5_96 = { 201 &auth_hash_hmac_md5_96, 202 (void (*) (void *)) MD5Init, MD5Update_int, 203 (void (*) (u_int8_t *, void *)) MD5Final 204 }; 205 206 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1_96 = { 207 &auth_hash_hmac_sha1_96, 208 SHA1Init_int, SHA1Update_int, SHA1Final_int 209 }; 210 211 static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160_96 = { 212 &auth_hash_hmac_ripemd_160_96, 213 (void (*)(void *)) RMD160Init, RMD160Update_int, 214 (void (*)(u_int8_t *, void *)) RMD160Final 215 }; 216 217 static const struct swcr_auth_hash swcr_auth_hash_key_md5 = { 218 &auth_hash_key_md5, 219 (void (*)(void *)) MD5Init, MD5Update_int, 220 (void (*)(u_int8_t *, void *)) MD5Final 221 }; 222 223 static const struct swcr_auth_hash swcr_auth_hash_key_sha1 = { 224 &auth_hash_key_sha1, 225 SHA1Init_int, SHA1Update_int, SHA1Final_int 226 }; 227 228 static const struct swcr_auth_hash swcr_auth_hash_md5 = { 229 &auth_hash_md5, 230 (void (*) (void *)) MD5Init, MD5Update_int, 231 (void (*) (u_int8_t *, void *)) MD5Final 232 }; 233 234 static const struct swcr_auth_hash swcr_auth_hash_sha1 = { 235 &auth_hash_sha1, 236 (void (*)(void *)) SHA1Init, SHA1Update_int, 237 (void (*)(u_int8_t *, void *)) SHA1Final 238 }; 239 240 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_256 = { 241 &auth_hash_hmac_sha2_256, 242 (void (*)(void *)) SHA256_Init, SHA256Update_int, 243 (void (*)(u_int8_t *, void *)) SHA256_Final 244 }; 245 246 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_384 = { 247 &auth_hash_hmac_sha2_384, 248 (void (*)(void *)) SHA384_Init, SHA384Update_int, 249 (void (*)(u_int8_t *, void *)) SHA384_Final 250 }; 251 252 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_512 = { 253 &auth_hash_hmac_sha2_384, 254 (void (*)(void *)) SHA512_Init, SHA512Update_int, 255 (void (*)(u_int8_t *, void *)) SHA512_Final 256 }; 257 258 /* Compression instance */ 259 static const struct swcr_comp_algo swcr_comp_algo_deflate = { 260 &comp_algo_deflate, 261 deflate_compress, 262 deflate_decompress 263 }; 264 265 /* 266 * Encryption wrapper routines. 267 */ 268 static void 269 null_encrypt(void *key, u_int8_t *blk) 270 { 271 } 272 static void 273 null_decrypt(void *key, u_int8_t *blk) 274 { 275 } 276 static int 277 null_setkey(u_int8_t **sched, const u_int8_t *key, int len) 278 { 279 *sched = NULL; 280 return 0; 281 } 282 static void 283 null_zerokey(u_int8_t **sched) 284 { 285 *sched = NULL; 286 } 287 288 static void 289 des1_encrypt(void *key, u_int8_t *blk) 290 { 291 des_cblock *cb = (des_cblock *) blk; 292 des_key_schedule *p = (des_key_schedule *) key; 293 294 des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT); 295 } 296 297 static void 298 des1_decrypt(void *key, u_int8_t *blk) 299 { 300 des_cblock *cb = (des_cblock *) blk; 301 des_key_schedule *p = (des_key_schedule *) key; 302 303 des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT); 304 } 305 306 static int 307 des1_setkey(u_int8_t **sched, const u_int8_t *key, int len) 308 { 309 des_key_schedule *p; 310 int err; 311 312 MALLOC(p, des_key_schedule *, sizeof (des_key_schedule), 313 M_CRYPTO_DATA, M_NOWAIT); 314 if (p != NULL) { 315 bzero(p, sizeof(des_key_schedule)); 316 des_set_key((des_cblock *)__UNCONST(key), p[0]); 317 err = 0; 318 } else 319 err = ENOMEM; 320 *sched = (u_int8_t *) p; 321 return err; 322 } 323 324 static void 325 des1_zerokey(u_int8_t **sched) 326 { 327 bzero(*sched, sizeof (des_key_schedule)); 328 FREE(*sched, M_CRYPTO_DATA); 329 *sched = NULL; 330 } 331 332 static void 333 des3_encrypt(void *key, u_int8_t *blk) 334 { 335 des_cblock *cb = (des_cblock *) blk; 336 des_key_schedule *p = (des_key_schedule *) key; 337 338 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT); 339 } 340 341 static void 342 des3_decrypt(void *key, u_int8_t *blk) 343 { 344 des_cblock *cb = (des_cblock *) blk; 345 des_key_schedule *p = (des_key_schedule *) key; 346 347 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT); 348 } 349 350 static int 351 des3_setkey(u_int8_t **sched, const u_int8_t *key, int len) 352 { 353 des_key_schedule *p; 354 int err; 355 356 MALLOC(p, des_key_schedule *, 3*sizeof (des_key_schedule), 357 M_CRYPTO_DATA, M_NOWAIT); 358 if (p != NULL) { 359 bzero(p, 3*sizeof(des_key_schedule)); 360 des_set_key((des_cblock *)__UNCONST(key + 0), p[0]); 361 des_set_key((des_cblock *)__UNCONST(key + 8), p[1]); 362 des_set_key((des_cblock *)__UNCONST(key + 16), p[2]); 363 err = 0; 364 } else 365 err = ENOMEM; 366 *sched = (u_int8_t *) p; 367 return err; 368 } 369 370 static void 371 des3_zerokey(u_int8_t **sched) 372 { 373 bzero(*sched, 3*sizeof (des_key_schedule)); 374 FREE(*sched, M_CRYPTO_DATA); 375 *sched = NULL; 376 } 377 378 static void 379 blf_encrypt(void *key, u_int8_t *blk) 380 { 381 382 #if defined(__NetBSD__) 383 BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 1); 384 #else 385 blf_ecb_encrypt((blf_ctx *) key, blk, 8); 386 #endif 387 } 388 389 static void 390 blf_decrypt(void *key, u_int8_t *blk) 391 { 392 393 #if defined(__NetBSD__) 394 BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 0); 395 #else 396 blf_ecb_decrypt((blf_ctx *) key, blk, 8); 397 #endif 398 } 399 400 static int 401 blf_setkey(u_int8_t **sched, const u_int8_t *key, int len) 402 { 403 int err; 404 405 #if defined(__FreeBSD__) || defined(__NetBSD__) 406 #define BLF_SIZ sizeof(BF_KEY) 407 #else 408 #define BLF_SIZ sizeof(blf_ctx) 409 #endif 410 411 MALLOC(*sched, u_int8_t *, BLF_SIZ, 412 M_CRYPTO_DATA, M_NOWAIT); 413 if (*sched != NULL) { 414 bzero(*sched, BLF_SIZ); 415 #if defined(__FreeBSD__) || defined(__NetBSD__) 416 BF_set_key((BF_KEY *) *sched, len, key); 417 #else 418 blf_key((blf_ctx *)*sched, key, len); 419 #endif 420 err = 0; 421 } else 422 err = ENOMEM; 423 return err; 424 } 425 426 static void 427 blf_zerokey(u_int8_t **sched) 428 { 429 bzero(*sched, BLF_SIZ); 430 FREE(*sched, M_CRYPTO_DATA); 431 *sched = NULL; 432 } 433 434 static void 435 cast5_encrypt(void *key, u_int8_t *blk) 436 { 437 cast128_encrypt((cast128_key *) key, blk, blk); 438 } 439 440 static void 441 cast5_decrypt(void *key, u_int8_t *blk) 442 { 443 cast128_decrypt((cast128_key *) key, blk, blk); 444 } 445 446 static int 447 cast5_setkey(u_int8_t **sched, const u_int8_t *key, int len) 448 { 449 int err; 450 451 MALLOC(*sched, u_int8_t *, sizeof(cast128_key), M_CRYPTO_DATA, 452 M_NOWAIT); 453 if (*sched != NULL) { 454 bzero(*sched, sizeof(cast128_key)); 455 cast128_setkey((cast128_key *)*sched, key, len); 456 err = 0; 457 } else 458 err = ENOMEM; 459 return err; 460 } 461 462 static void 463 cast5_zerokey(u_int8_t **sched) 464 { 465 bzero(*sched, sizeof(cast128_key)); 466 FREE(*sched, M_CRYPTO_DATA); 467 *sched = NULL; 468 } 469 470 static void 471 skipjack_encrypt(void *key, u_int8_t *blk) 472 { 473 skipjack_forwards(blk, blk, (u_int8_t **) key); 474 } 475 476 static void 477 skipjack_decrypt(void *key, u_int8_t *blk) 478 { 479 skipjack_backwards(blk, blk, (u_int8_t **) key); 480 } 481 482 static int 483 skipjack_setkey(u_int8_t **sched, const u_int8_t *key, int len) 484 { 485 int err; 486 487 /* NB: allocate all the memory that's needed at once */ 488 /* XXX assumes bytes are aligned on sizeof(u_char) == 1 boundaries. 489 * Will this break a pdp-10, Cray-1, or GE-645 port? 490 */ 491 MALLOC(*sched, u_int8_t *, 10 * (sizeof(u_int8_t *) + 0x100), 492 M_CRYPTO_DATA, M_NOWAIT); 493 494 if (*sched != NULL) { 495 496 u_int8_t** key_tables = (u_int8_t**) *sched; 497 u_int8_t* table = (u_int8_t*) &key_tables[10]; 498 int k; 499 500 bzero(*sched, 10 * sizeof(u_int8_t *)+0x100); 501 502 for (k = 0; k < 10; k++) { 503 key_tables[k] = table; 504 table += 0x100; 505 } 506 subkey_table_gen(key, (u_int8_t **) *sched); 507 err = 0; 508 } else 509 err = ENOMEM; 510 return err; 511 } 512 513 static void 514 skipjack_zerokey(u_int8_t **sched) 515 { 516 bzero(*sched, 10 * (sizeof(u_int8_t *) + 0x100)); 517 FREE(*sched, M_CRYPTO_DATA); 518 *sched = NULL; 519 } 520 521 static void 522 rijndael128_encrypt(void *key, u_int8_t *blk) 523 { 524 rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk); 525 } 526 527 static void 528 rijndael128_decrypt(void *key, u_int8_t *blk) 529 { 530 rijndael_decrypt((rijndael_ctx *) key, (u_char *) blk, 531 (u_char *) blk); 532 } 533 534 static int 535 rijndael128_setkey(u_int8_t **sched, const u_int8_t *key, int len) 536 { 537 int err; 538 539 MALLOC(*sched, u_int8_t *, sizeof(rijndael_ctx), M_CRYPTO_DATA, 540 M_WAITOK); 541 if (*sched != NULL) { 542 bzero(*sched, sizeof(rijndael_ctx)); 543 rijndael_set_key((rijndael_ctx *) *sched, key, len * 8); 544 err = 0; 545 } else 546 err = ENOMEM; 547 return err; 548 } 549 550 static void 551 rijndael128_zerokey(u_int8_t **sched) 552 { 553 bzero(*sched, sizeof(rijndael_ctx)); 554 FREE(*sched, M_CRYPTO_DATA); 555 *sched = NULL; 556 } 557 558 /* 559 * And now for auth. 560 */ 561 562 static void 563 null_init(void *ctx) 564 { 565 } 566 567 static int 568 null_update(void *ctx, const u_int8_t *buf, 569 u_int16_t len) 570 { 571 return 0; 572 } 573 574 static void 575 null_final(u_int8_t *buf, void *ctx) 576 { 577 if (buf != (u_int8_t *) 0) 578 bzero(buf, 12); 579 } 580 581 static int 582 RMD160Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 583 { 584 RMD160Update(ctx, buf, len); 585 return 0; 586 } 587 588 static int 589 MD5Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 590 { 591 MD5Update(ctx, buf, len); 592 return 0; 593 } 594 595 static void 596 SHA1Init_int(void *ctx) 597 { 598 SHA1Init(ctx); 599 } 600 601 static int 602 SHA1Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 603 { 604 SHA1Update(ctx, buf, len); 605 return 0; 606 } 607 608 static void 609 SHA1Final_int(u_int8_t *blk, void *ctx) 610 { 611 SHA1Final(blk, ctx); 612 } 613 614 static int 615 SHA256Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 616 { 617 SHA256_Update(ctx, buf, len); 618 return 0; 619 } 620 621 static int 622 SHA384Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 623 { 624 SHA384_Update(ctx, buf, len); 625 return 0; 626 } 627 628 static int 629 SHA512Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 630 { 631 SHA512_Update(ctx, buf, len); 632 return 0; 633 } 634 635 /* 636 * And compression 637 */ 638 639 static u_int32_t 640 deflate_compress(data, size, out) 641 u_int8_t *data; 642 u_int32_t size; 643 u_int8_t **out; 644 { 645 return deflate_global(data, size, 0, out); 646 } 647 648 static u_int32_t 649 deflate_decompress(data, size, out) 650 u_int8_t *data; 651 u_int32_t size; 652 u_int8_t **out; 653 { 654 return deflate_global(data, size, 1, out); 655 } 656