Minor code reordering and documentation adjustments.
[dragonfly.git] / sys / opencrypto / xform.c
blobe4b106d62421716fb3ce81ff4cfd2c332fc4342a
1 /* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */
2 /* $DragonFly: src/sys/opencrypto/xform.c,v 1.3 2008/03/01 22:03:13 swildner Exp $ */
3 /* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */
4 /*
5 * The authors of this code are John Ioannidis (ji@tla.org),
6 * Angelos D. Keromytis (kermit@csd.uch.gr) and
7 * Niels Provos (provos@physnet.uni-hamburg.de).
9 * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
10 * in November 1995.
12 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
13 * by Angelos D. Keromytis.
15 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
16 * and Niels Provos.
18 * Additional features in 1999 by Angelos D. Keromytis.
20 * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
21 * Angelos D. Keromytis and Niels Provos.
23 * Copyright (C) 2001, Angelos D. Keromytis.
25 * Permission to use, copy, and modify this software with or without fee
26 * is hereby granted, provided that this entire notice is included in
27 * all copies of any software which is or includes a copy or
28 * modification of this software.
29 * You may use this code under the GNU public license if you so wish. Please
30 * contribute changes back to the authors under this freer than GPL license
31 * so that we may further the use of strong encryption without limitations to
32 * all.
34 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
35 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
36 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
37 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
38 * PURPOSE.
41 #include <sys/param.h>
42 #include <sys/systm.h>
43 #include <sys/malloc.h>
44 #include <sys/sysctl.h>
45 #include <sys/errno.h>
46 #include <sys/time.h>
47 #include <sys/kernel.h>
48 #include <machine/cpu.h>
50 #include <crypto/blowfish/blowfish.h>
51 #include <crypto/des/des.h>
52 #include <crypto/sha1.h>
54 #include <opencrypto/cast.h>
55 #include <opencrypto/deflate.h>
56 #include <opencrypto/rijndael.h>
57 #include <opencrypto/rmd160.h>
58 #include <opencrypto/skipjack.h>
60 #include <sys/md5.h>
62 #include <opencrypto/cryptodev.h>
63 #include <opencrypto/xform.h>
65 static void null_encrypt(caddr_t, u_int8_t *);
66 static void null_decrypt(caddr_t, u_int8_t *);
67 static int null_setkey(u_int8_t **, u_int8_t *, int);
68 static void null_zerokey(u_int8_t **);
70 static int des1_setkey(u_int8_t **, u_int8_t *, int);
71 static int des3_setkey(u_int8_t **, u_int8_t *, int);
72 static int blf_setkey(u_int8_t **, u_int8_t *, int);
73 static int cast5_setkey(u_int8_t **, u_int8_t *, int);
74 static int skipjack_setkey(u_int8_t **, u_int8_t *, int);
75 static int rijndael128_setkey(u_int8_t **, u_int8_t *, int);
76 static void des1_encrypt(caddr_t, u_int8_t *);
77 static void des3_encrypt(caddr_t, u_int8_t *);
78 static void blf_encrypt(caddr_t, u_int8_t *);
79 static void cast5_encrypt(caddr_t, u_int8_t *);
80 static void skipjack_encrypt(caddr_t, u_int8_t *);
81 static void rijndael128_encrypt(caddr_t, u_int8_t *);
82 static void des1_decrypt(caddr_t, u_int8_t *);
83 static void des3_decrypt(caddr_t, u_int8_t *);
84 static void blf_decrypt(caddr_t, u_int8_t *);
85 static void cast5_decrypt(caddr_t, u_int8_t *);
86 static void skipjack_decrypt(caddr_t, u_int8_t *);
87 static void rijndael128_decrypt(caddr_t, u_int8_t *);
88 static void des1_zerokey(u_int8_t **);
89 static void des3_zerokey(u_int8_t **);
90 static void blf_zerokey(u_int8_t **);
91 static void cast5_zerokey(u_int8_t **);
92 static void skipjack_zerokey(u_int8_t **);
93 static void rijndael128_zerokey(u_int8_t **);
95 static void null_init(void *);
96 static int null_update(void *, u_int8_t *, u_int16_t);
97 static void null_final(u_int8_t *, void *);
98 static int MD5Update_int(void *, u_int8_t *, u_int16_t);
99 static void SHA1Init_int(void *);
100 static int SHA1Update_int(void *, u_int8_t *, u_int16_t);
101 static void SHA1Final_int(u_int8_t *, void *);
102 static int RMD160Update_int(void *, u_int8_t *, u_int16_t);
103 static int SHA256Update_int(void *, u_int8_t *, u_int16_t);
104 static int SHA384Update_int(void *, u_int8_t *, u_int16_t);
105 static int SHA512Update_int(void *, u_int8_t *, u_int16_t);
107 static u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **);
108 static u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **);
110 MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers");
112 /* Encryption instances */
113 struct enc_xform enc_xform_null = {
114 CRYPTO_NULL_CBC, "NULL",
115 /* NB: blocksize of 4 is to generate a properly aligned ESP header */
116 4, 0, 256, /* 2048 bits, max key */
117 null_encrypt,
118 null_decrypt,
119 null_setkey,
120 null_zerokey,
123 struct enc_xform enc_xform_des = {
124 CRYPTO_DES_CBC, "DES",
125 8, 8, 8,
126 des1_encrypt,
127 des1_decrypt,
128 des1_setkey,
129 des1_zerokey,
132 struct enc_xform enc_xform_3des = {
133 CRYPTO_3DES_CBC, "3DES",
134 8, 24, 24,
135 des3_encrypt,
136 des3_decrypt,
137 des3_setkey,
138 des3_zerokey
141 struct enc_xform enc_xform_blf = {
142 CRYPTO_BLF_CBC, "Blowfish",
143 8, 5, 56 /* 448 bits, max key */,
144 blf_encrypt,
145 blf_decrypt,
146 blf_setkey,
147 blf_zerokey
150 struct enc_xform enc_xform_cast5 = {
151 CRYPTO_CAST_CBC, "CAST-128",
152 8, 5, 16,
153 cast5_encrypt,
154 cast5_decrypt,
155 cast5_setkey,
156 cast5_zerokey
159 struct enc_xform enc_xform_skipjack = {
160 CRYPTO_SKIPJACK_CBC, "Skipjack",
161 8, 10, 10,
162 skipjack_encrypt,
163 skipjack_decrypt,
164 skipjack_setkey,
165 skipjack_zerokey
168 struct enc_xform enc_xform_rijndael128 = {
169 CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES",
170 16, 8, 32,
171 rijndael128_encrypt,
172 rijndael128_decrypt,
173 rijndael128_setkey,
174 rijndael128_zerokey,
177 struct enc_xform enc_xform_arc4 = {
178 CRYPTO_ARC4, "ARC4",
179 1, 1, 32,
180 NULL,
181 NULL,
182 NULL,
183 NULL,
186 /* Authentication instances */
187 struct auth_hash auth_hash_null = {
188 CRYPTO_NULL_HMAC, "NULL-HMAC",
189 0, 0, 12, sizeof(int), /* NB: context isn't used */
190 null_init, null_update, null_final
193 struct auth_hash auth_hash_hmac_md5_96 = {
194 CRYPTO_MD5_HMAC, "HMAC-MD5",
195 16, 16, 12, sizeof(MD5_CTX),
196 (void (*) (void *)) MD5Init, MD5Update_int,
197 (void (*) (u_int8_t *, void *)) MD5Final
200 struct auth_hash auth_hash_hmac_sha1_96 = {
201 CRYPTO_SHA1_HMAC, "HMAC-SHA1",
202 20, 20, 12, sizeof(SHA1_CTX),
203 SHA1Init_int, SHA1Update_int, SHA1Final_int
206 struct auth_hash auth_hash_hmac_ripemd_160_96 = {
207 CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
208 20, 20, 12, sizeof(RMD160_CTX),
209 (void (*)(void *)) RMD160Init, RMD160Update_int,
210 (void (*)(u_int8_t *, void *)) RMD160Final
213 struct auth_hash auth_hash_key_md5 = {
214 CRYPTO_MD5_KPDK, "Keyed MD5",
215 0, 16, 12, sizeof(MD5_CTX),
216 (void (*)(void *)) MD5Init, MD5Update_int,
217 (void (*)(u_int8_t *, void *)) MD5Final
220 struct auth_hash auth_hash_key_sha1 = {
221 CRYPTO_SHA1_KPDK, "Keyed SHA1",
222 0, 20, 12, sizeof(SHA1_CTX),
223 SHA1Init_int, SHA1Update_int, SHA1Final_int
226 struct auth_hash auth_hash_hmac_sha2_256 = {
227 CRYPTO_SHA2_HMAC, "HMAC-SHA2",
228 32, 32, 12, sizeof(SHA256_CTX),
229 (void (*)(void *)) SHA256_Init, SHA256Update_int,
230 (void (*)(u_int8_t *, void *)) SHA256_Final
233 struct auth_hash auth_hash_hmac_sha2_384 = {
234 CRYPTO_SHA2_HMAC, "HMAC-SHA2-384",
235 48, 48, 12, sizeof(SHA384_CTX),
236 (void (*)(void *)) SHA384_Init, SHA384Update_int,
237 (void (*)(u_int8_t *, void *)) SHA384_Final
240 struct auth_hash auth_hash_hmac_sha2_512 = {
241 CRYPTO_SHA2_HMAC, "HMAC-SHA2-512",
242 64, 64, 12, sizeof(SHA512_CTX),
243 (void (*)(void *)) SHA512_Init, SHA512Update_int,
244 (void (*)(u_int8_t *, void *)) SHA512_Final
247 /* Compression instance */
248 struct comp_algo comp_algo_deflate = {
249 CRYPTO_DEFLATE_COMP, "Deflate",
250 90, deflate_compress,
251 deflate_decompress
255 * Encryption wrapper routines.
257 static void
258 null_encrypt(caddr_t key, u_int8_t *blk)
261 static void
262 null_decrypt(caddr_t key, u_int8_t *blk)
265 static int
266 null_setkey(u_int8_t **sched, u_int8_t *key, int len)
268 *sched = NULL;
269 return 0;
271 static void
272 null_zerokey(u_int8_t **sched)
274 *sched = NULL;
277 static void
278 des1_encrypt(caddr_t key, u_int8_t *blk)
280 des_cblock *cb = (des_cblock *) blk;
281 des_key_schedule *p = (des_key_schedule *) key;
283 des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT);
286 static void
287 des1_decrypt(caddr_t key, u_int8_t *blk)
289 des_cblock *cb = (des_cblock *) blk;
290 des_key_schedule *p = (des_key_schedule *) key;
292 des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT);
295 static int
296 des1_setkey(u_int8_t **sched, u_int8_t *key, int len)
298 des_key_schedule *p;
299 int err;
301 MALLOC(p, des_key_schedule *, sizeof (des_key_schedule),
302 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
303 if (p != NULL) {
304 des_set_key((des_cblock *) key, p[0]);
305 err = 0;
306 } else
307 err = ENOMEM;
308 *sched = (u_int8_t *) p;
309 return err;
312 static void
313 des1_zerokey(u_int8_t **sched)
315 bzero(*sched, sizeof (des_key_schedule));
316 FREE(*sched, M_CRYPTO_DATA);
317 *sched = NULL;
320 static void
321 des3_encrypt(caddr_t key, u_int8_t *blk)
323 des_cblock *cb = (des_cblock *) blk;
324 des_key_schedule *p = (des_key_schedule *) key;
326 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT);
329 static void
330 des3_decrypt(caddr_t key, u_int8_t *blk)
332 des_cblock *cb = (des_cblock *) blk;
333 des_key_schedule *p = (des_key_schedule *) key;
335 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT);
338 static int
339 des3_setkey(u_int8_t **sched, u_int8_t *key, int len)
341 des_key_schedule *p;
342 int err;
344 MALLOC(p, des_key_schedule *, 3*sizeof (des_key_schedule),
345 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
346 if (p != NULL) {
347 des_set_key((des_cblock *)(key + 0), p[0]);
348 des_set_key((des_cblock *)(key + 8), p[1]);
349 des_set_key((des_cblock *)(key + 16), p[2]);
350 err = 0;
351 } else
352 err = ENOMEM;
353 *sched = (u_int8_t *) p;
354 return err;
357 static void
358 des3_zerokey(u_int8_t **sched)
360 bzero(*sched, 3*sizeof (des_key_schedule));
361 FREE(*sched, M_CRYPTO_DATA);
362 *sched = NULL;
365 static void
366 blf_encrypt(caddr_t key, u_int8_t *blk)
368 BF_LONG t[2];
370 memcpy(t, blk, sizeof (t));
371 t[0] = ntohl(t[0]);
372 t[1] = ntohl(t[1]);
373 /* NB: BF_encrypt expects the block in host order! */
374 BF_encrypt(t, (BF_KEY *) key);
375 t[0] = htonl(t[0]);
376 t[1] = htonl(t[1]);
377 memcpy(blk, t, sizeof (t));
380 static void
381 blf_decrypt(caddr_t key, u_int8_t *blk)
383 BF_LONG t[2];
385 memcpy(t, blk, sizeof (t));
386 t[0] = ntohl(t[0]);
387 t[1] = ntohl(t[1]);
388 /* NB: BF_decrypt expects the block in host order! */
389 BF_decrypt(t, (BF_KEY *) key);
390 t[0] = htonl(t[0]);
391 t[1] = htonl(t[1]);
392 memcpy(blk, t, sizeof (t));
395 static int
396 blf_setkey(u_int8_t **sched, u_int8_t *key, int len)
398 int err;
400 MALLOC(*sched, u_int8_t *, sizeof(BF_KEY),
401 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
402 if (*sched != NULL) {
403 BF_set_key((BF_KEY *) *sched, len, key);
404 err = 0;
405 } else
406 err = ENOMEM;
407 return err;
410 static void
411 blf_zerokey(u_int8_t **sched)
413 bzero(*sched, sizeof(BF_KEY));
414 FREE(*sched, M_CRYPTO_DATA);
415 *sched = NULL;
418 static void
419 cast5_encrypt(caddr_t key, u_int8_t *blk)
421 cast_encrypt((cast_key *) key, blk, blk);
424 static void
425 cast5_decrypt(caddr_t key, u_int8_t *blk)
427 cast_decrypt((cast_key *) key, blk, blk);
430 static int
431 cast5_setkey(u_int8_t **sched, u_int8_t *key, int len)
433 int err;
435 MALLOC(*sched, u_int8_t *, sizeof(cast_key), M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
436 if (*sched != NULL) {
437 cast_setkey((cast_key *)*sched, key, len);
438 err = 0;
439 } else
440 err = ENOMEM;
441 return err;
444 static void
445 cast5_zerokey(u_int8_t **sched)
447 bzero(*sched, sizeof(cast_key));
448 FREE(*sched, M_CRYPTO_DATA);
449 *sched = NULL;
452 static void
453 skipjack_encrypt(caddr_t key, u_int8_t *blk)
455 skipjack_forwards(blk, blk, (u_int8_t **) key);
458 static void
459 skipjack_decrypt(caddr_t key, u_int8_t *blk)
461 skipjack_backwards(blk, blk, (u_int8_t **) key);
464 static int
465 skipjack_setkey(u_int8_t **sched, u_int8_t *key, int len)
467 int err;
469 /* NB: allocate all the memory that's needed at once */
470 MALLOC(*sched, u_int8_t *, 10 * (sizeof(u_int8_t *) + 0x100),
471 M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
472 if (*sched != NULL) {
473 u_int8_t** key_tables = (u_int8_t**) *sched;
474 u_int8_t* table = (u_int8_t*) &key_tables[10];
475 int k;
477 for (k = 0; k < 10; k++) {
478 key_tables[k] = table;
479 table += 0x100;
481 subkey_table_gen(key, (u_int8_t **) *sched);
482 err = 0;
483 } else
484 err = ENOMEM;
485 return err;
488 static void
489 skipjack_zerokey(u_int8_t **sched)
491 bzero(*sched, 10 * (sizeof(u_int8_t *) + 0x100));
492 FREE(*sched, M_CRYPTO_DATA);
493 *sched = NULL;
496 static void
497 rijndael128_encrypt(caddr_t key, u_int8_t *blk)
499 rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk);
502 static void
503 rijndael128_decrypt(caddr_t key, u_int8_t *blk)
505 rijndael_decrypt(((rijndael_ctx *) key) + 1, (u_char *) blk,
506 (u_char *) blk);
509 static int
510 rijndael128_setkey(u_int8_t **sched, u_int8_t *key, int len)
512 int err;
514 MALLOC(*sched, u_int8_t *, 2 * sizeof(rijndael_ctx), M_CRYPTO_DATA,
515 M_NOWAIT|M_ZERO);
516 if (*sched != NULL) {
517 rijndael_set_key((rijndael_ctx *) *sched, (u_char *) key, len * 8, 1);
518 rijndael_set_key(((rijndael_ctx *) *sched) + 1, (u_char *) key,
519 len * 8, 0);
520 err = 0;
521 } else
522 err = ENOMEM;
523 return err;
526 static void
527 rijndael128_zerokey(u_int8_t **sched)
529 bzero(*sched, 2 * sizeof(rijndael_ctx));
530 FREE(*sched, M_CRYPTO_DATA);
531 *sched = NULL;
535 * And now for auth.
538 static void
539 null_init(void *ctx)
543 static int
544 null_update(void *ctx, u_int8_t *buf, u_int16_t len)
546 return 0;
549 static void
550 null_final(u_int8_t *buf, void *ctx)
552 if (buf != (u_int8_t *) 0)
553 bzero(buf, 12);
556 static int
557 RMD160Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
559 RMD160Update(ctx, buf, len);
560 return 0;
563 static int
564 MD5Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
566 MD5Update(ctx, buf, len);
567 return 0;
570 static void
571 SHA1Init_int(void *ctx)
573 SHA1Init(ctx);
576 static int
577 SHA1Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
579 SHA1Update(ctx, buf, len);
580 return 0;
583 static void
584 SHA1Final_int(u_int8_t *blk, void *ctx)
586 SHA1Final(blk, ctx);
589 static int
590 SHA256Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
592 SHA256_Update(ctx, buf, len);
593 return 0;
596 static int
597 SHA384Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
599 SHA384_Update(ctx, buf, len);
600 return 0;
603 static int
604 SHA512Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
606 SHA512_Update(ctx, buf, len);
607 return 0;
611 * And compression
614 static u_int32_t
615 deflate_compress(u_int8_t *data, u_int32_t size, u_int8_t **out)
617 return deflate_global(data, size, 0, out);
620 static u_int32_t
621 deflate_decompress(u_int8_t *data, u_int32_t size, u_int8_t **out)
623 return deflate_global(data, size, 1, out);