1 /* $NetBSD: cryptosoft_xform.c,v 1.12 2009/03/25 01:26:13 darran Exp $ */ 2 /* $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $ */ 3 /* $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */ 4 5 /* 6 * The authors of this code are John Ioannidis (ji@tla.org), 7 * Angelos D. Keromytis (kermit@csd.uch.gr) and 8 * Niels Provos (provos@physnet.uni-hamburg.de). 9 * 10 * This code was written by John Ioannidis for BSD/OS in Athens, Greece, 11 * in November 1995. 12 * 13 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 14 * by Angelos D. Keromytis. 15 * 16 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis 17 * and Niels Provos. 18 * 19 * Additional features in 1999 by Angelos D. Keromytis. 20 * 21 * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, 22 * Angelos D. Keromytis and Niels Provos. 23 * 24 * Copyright (C) 2001, Angelos D. Keromytis. 25 * 26 * Permission to use, copy, and modify this software with or without fee 27 * is hereby granted, provided that this entire notice is included in 28 * all copies of any software which is or includes a copy or 29 * modification of this software. 30 * You may use this code under the GNU public license if you so wish. Please 31 * contribute changes back to the authors under this freer than GPL license 32 * so that we may further the use of strong encryption without limitations to 33 * all. 34 * 35 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 36 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 37 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 38 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 39 * PURPOSE. 40 */ 41 42 #include <sys/cdefs.h> 43 __KERNEL_RCSID(1, "$NetBSD: cryptosoft_xform.c,v 1.12 2009/03/25 01:26:13 darran Exp $"); 44 45 #include <crypto/blowfish/blowfish.h> 46 #include <crypto/cast128/cast128.h> 47 #include <crypto/des/des.h> 48 #include <crypto/rijndael/rijndael.h> 49 #include <crypto/skipjack/skipjack.h> 50 51 #include <opencrypto/deflate.h> 52 53 #include <sys/md5.h> 54 #include <sys/rmd160.h> 55 #include <sys/sha1.h> 56 57 struct swcr_auth_hash { 58 struct auth_hash *auth_hash; 59 void (*Init)(void *); 60 int (*Update)(void *, const uint8_t *, uint16_t); 61 void (*Final)(uint8_t *, void *); 62 }; 63 64 struct swcr_enc_xform { 65 struct enc_xform *enc_xform; 66 void (*encrypt)(void *, uint8_t *); 67 void (*decrypt)(void *, uint8_t *); 68 int (*setkey)(uint8_t **, const uint8_t *, int len); 69 void (*zerokey)(uint8_t **); 70 }; 71 72 struct swcr_comp_algo { 73 struct comp_algo *comp_algo; 74 uint32_t (*compress)(uint8_t *, uint32_t, uint8_t **); 75 uint32_t (*decompress)(uint8_t *, uint32_t, uint8_t **); 76 }; 77 78 static void null_encrypt(void *, u_int8_t *); 79 static void null_decrypt(void *, u_int8_t *); 80 static int null_setkey(u_int8_t **, const u_int8_t *, int); 81 static void null_zerokey(u_int8_t **); 82 83 static int des1_setkey(u_int8_t **, const u_int8_t *, int); 84 static int des3_setkey(u_int8_t **, const u_int8_t *, int); 85 static int blf_setkey(u_int8_t **, const u_int8_t *, int); 86 static int cast5_setkey(u_int8_t **, const u_int8_t *, int); 87 static int skipjack_setkey(u_int8_t **, const u_int8_t *, int); 88 static int rijndael128_setkey(u_int8_t **, const u_int8_t *, int); 89 static void des1_encrypt(void *, u_int8_t *); 90 static void des3_encrypt(void *, u_int8_t *); 91 static void blf_encrypt(void *, u_int8_t *); 92 static void cast5_encrypt(void *, u_int8_t *); 93 static void skipjack_encrypt(void *, u_int8_t *); 94 static void rijndael128_encrypt(void *, u_int8_t *); 95 static void des1_decrypt(void *, u_int8_t *); 96 static void des3_decrypt(void *, u_int8_t *); 97 static void blf_decrypt(void *, u_int8_t *); 98 static void cast5_decrypt(void *, u_int8_t *); 99 static void skipjack_decrypt(void *, u_int8_t *); 100 static void rijndael128_decrypt(void *, u_int8_t *); 101 static void des1_zerokey(u_int8_t **); 102 static void des3_zerokey(u_int8_t **); 103 static void blf_zerokey(u_int8_t **); 104 static void cast5_zerokey(u_int8_t **); 105 static void skipjack_zerokey(u_int8_t **); 106 static void rijndael128_zerokey(u_int8_t **); 107 108 static void null_init(void *); 109 static int null_update(void *, const u_int8_t *, u_int16_t); 110 static void null_final(u_int8_t *, void *); 111 112 static int MD5Update_int(void *, const u_int8_t *, u_int16_t); 113 static void SHA1Init_int(void *); 114 static int SHA1Update_int(void *, const u_int8_t *, u_int16_t); 115 static void SHA1Final_int(u_int8_t *, void *); 116 117 118 static int RMD160Update_int(void *, const u_int8_t *, u_int16_t); 119 static int SHA1Update_int(void *, const u_int8_t *, u_int16_t); 120 static void SHA1Final_int(u_int8_t *, void *); 121 static int RMD160Update_int(void *, const u_int8_t *, u_int16_t); 122 static int SHA256Update_int(void *, const u_int8_t *, u_int16_t); 123 static int SHA384Update_int(void *, const u_int8_t *, u_int16_t); 124 static int SHA512Update_int(void *, const u_int8_t *, u_int16_t); 125 126 static u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **); 127 static u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **); 128 static u_int32_t gzip_compress(u_int8_t *, u_int32_t, u_int8_t **); 129 static u_int32_t gzip_decompress(u_int8_t *, u_int32_t, u_int8_t **); 130 131 /* Encryption instances */ 132 static const struct swcr_enc_xform swcr_enc_xform_null = { 133 &enc_xform_null, 134 null_encrypt, 135 null_decrypt, 136 null_setkey, 137 null_zerokey, 138 }; 139 140 static const struct swcr_enc_xform swcr_enc_xform_des = { 141 &enc_xform_des, 142 des1_encrypt, 143 des1_decrypt, 144 des1_setkey, 145 des1_zerokey, 146 }; 147 148 static const struct swcr_enc_xform swcr_enc_xform_3des = { 149 &enc_xform_3des, 150 des3_encrypt, 151 des3_decrypt, 152 des3_setkey, 153 des3_zerokey 154 }; 155 156 static const struct swcr_enc_xform swcr_enc_xform_blf = { 157 &enc_xform_blf, 158 blf_encrypt, 159 blf_decrypt, 160 blf_setkey, 161 blf_zerokey 162 }; 163 164 static const struct swcr_enc_xform swcr_enc_xform_cast5 = { 165 &enc_xform_cast5, 166 cast5_encrypt, 167 cast5_decrypt, 168 cast5_setkey, 169 cast5_zerokey 170 }; 171 172 static const struct swcr_enc_xform swcr_enc_xform_skipjack = { 173 &enc_xform_skipjack, 174 skipjack_encrypt, 175 skipjack_decrypt, 176 skipjack_setkey, 177 skipjack_zerokey 178 }; 179 180 static const struct swcr_enc_xform swcr_enc_xform_rijndael128 = { 181 &enc_xform_rijndael128, 182 rijndael128_encrypt, 183 rijndael128_decrypt, 184 rijndael128_setkey, 185 rijndael128_zerokey, 186 }; 187 188 static const struct swcr_enc_xform swcr_enc_xform_arc4 = { 189 &enc_xform_arc4, 190 NULL, 191 NULL, 192 NULL, 193 NULL, 194 }; 195 196 /* Authentication instances */ 197 static const struct swcr_auth_hash swcr_auth_hash_null = { 198 &auth_hash_null, 199 null_init, null_update, null_final 200 }; 201 202 static const struct swcr_auth_hash swcr_auth_hash_hmac_md5 = { 203 &auth_hash_hmac_md5, 204 (void (*) (void *)) MD5Init, MD5Update_int, 205 (void (*) (u_int8_t *, void *)) MD5Final 206 }; 207 208 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1 = { 209 &auth_hash_hmac_sha1, 210 SHA1Init_int, SHA1Update_int, SHA1Final_int 211 }; 212 213 static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160 = { 214 &auth_hash_hmac_ripemd_160, 215 (void (*)(void *)) RMD160Init, RMD160Update_int, 216 (void (*)(u_int8_t *, void *)) RMD160Final 217 }; 218 static const struct swcr_auth_hash swcr_auth_hash_hmac_md5_96 = { 219 &auth_hash_hmac_md5_96, 220 (void (*) (void *)) MD5Init, MD5Update_int, 221 (void (*) (u_int8_t *, void *)) MD5Final 222 }; 223 224 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha1_96 = { 225 &auth_hash_hmac_sha1_96, 226 SHA1Init_int, SHA1Update_int, SHA1Final_int 227 }; 228 229 static const struct swcr_auth_hash swcr_auth_hash_hmac_ripemd_160_96 = { 230 &auth_hash_hmac_ripemd_160_96, 231 (void (*)(void *)) RMD160Init, RMD160Update_int, 232 (void (*)(u_int8_t *, void *)) RMD160Final 233 }; 234 235 static const struct swcr_auth_hash swcr_auth_hash_key_md5 = { 236 &auth_hash_key_md5, 237 (void (*)(void *)) MD5Init, MD5Update_int, 238 (void (*)(u_int8_t *, void *)) MD5Final 239 }; 240 241 static const struct swcr_auth_hash swcr_auth_hash_key_sha1 = { 242 &auth_hash_key_sha1, 243 SHA1Init_int, SHA1Update_int, SHA1Final_int 244 }; 245 246 static const struct swcr_auth_hash swcr_auth_hash_md5 = { 247 &auth_hash_md5, 248 (void (*) (void *)) MD5Init, MD5Update_int, 249 (void (*) (u_int8_t *, void *)) MD5Final 250 }; 251 252 static const struct swcr_auth_hash swcr_auth_hash_sha1 = { 253 &auth_hash_sha1, 254 (void (*)(void *)) SHA1Init, SHA1Update_int, 255 (void (*)(u_int8_t *, void *)) SHA1Final 256 }; 257 258 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_256 = { 259 &auth_hash_hmac_sha2_256, 260 (void (*)(void *)) SHA256_Init, SHA256Update_int, 261 (void (*)(u_int8_t *, void *)) SHA256_Final 262 }; 263 264 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_384 = { 265 &auth_hash_hmac_sha2_384, 266 (void (*)(void *)) SHA384_Init, SHA384Update_int, 267 (void (*)(u_int8_t *, void *)) SHA384_Final 268 }; 269 270 static const struct swcr_auth_hash swcr_auth_hash_hmac_sha2_512 = { 271 &auth_hash_hmac_sha2_384, 272 (void (*)(void *)) SHA512_Init, SHA512Update_int, 273 (void (*)(u_int8_t *, void *)) SHA512_Final 274 }; 275 276 /* Compression instance */ 277 static const struct swcr_comp_algo swcr_comp_algo_deflate = { 278 &comp_algo_deflate, 279 deflate_compress, 280 deflate_decompress 281 }; 282 283 static const struct swcr_comp_algo swcr_comp_algo_gzip = { 284 &comp_algo_deflate, 285 gzip_compress, 286 gzip_decompress 287 }; 288 289 /* 290 * Encryption wrapper routines. 291 */ 292 static void 293 null_encrypt(void *key, u_int8_t *blk) 294 { 295 } 296 static void 297 null_decrypt(void *key, u_int8_t *blk) 298 { 299 } 300 static int 301 null_setkey(u_int8_t **sched, const u_int8_t *key, int len) 302 { 303 *sched = NULL; 304 return 0; 305 } 306 static void 307 null_zerokey(u_int8_t **sched) 308 { 309 *sched = NULL; 310 } 311 312 static void 313 des1_encrypt(void *key, u_int8_t *blk) 314 { 315 des_cblock *cb = (des_cblock *) blk; 316 des_key_schedule *p = (des_key_schedule *) key; 317 318 des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT); 319 } 320 321 static void 322 des1_decrypt(void *key, u_int8_t *blk) 323 { 324 des_cblock *cb = (des_cblock *) blk; 325 des_key_schedule *p = (des_key_schedule *) key; 326 327 des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT); 328 } 329 330 static int 331 des1_setkey(u_int8_t **sched, const u_int8_t *key, int len) 332 { 333 des_key_schedule *p; 334 int err; 335 336 p = malloc(sizeof (des_key_schedule), 337 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 338 if (p != NULL) { 339 des_set_key((des_cblock *)__UNCONST(key), p[0]); 340 err = 0; 341 } else 342 err = ENOMEM; 343 *sched = (u_int8_t *) p; 344 return err; 345 } 346 347 static void 348 des1_zerokey(u_int8_t **sched) 349 { 350 memset(*sched, 0, sizeof (des_key_schedule)); 351 free(*sched, M_CRYPTO_DATA); 352 *sched = NULL; 353 } 354 355 static void 356 des3_encrypt(void *key, u_int8_t *blk) 357 { 358 des_cblock *cb = (des_cblock *) blk; 359 des_key_schedule *p = (des_key_schedule *) key; 360 361 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT); 362 } 363 364 static void 365 des3_decrypt(void *key, u_int8_t *blk) 366 { 367 des_cblock *cb = (des_cblock *) blk; 368 des_key_schedule *p = (des_key_schedule *) key; 369 370 des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT); 371 } 372 373 static int 374 des3_setkey(u_int8_t **sched, const u_int8_t *key, int len) 375 { 376 des_key_schedule *p; 377 int err; 378 379 p = malloc(3*sizeof (des_key_schedule), 380 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 381 if (p != NULL) { 382 des_set_key((des_cblock *)__UNCONST(key + 0), p[0]); 383 des_set_key((des_cblock *)__UNCONST(key + 8), p[1]); 384 des_set_key((des_cblock *)__UNCONST(key + 16), p[2]); 385 err = 0; 386 } else 387 err = ENOMEM; 388 *sched = (u_int8_t *) p; 389 return err; 390 } 391 392 static void 393 des3_zerokey(u_int8_t **sched) 394 { 395 memset(*sched, 0, 3*sizeof (des_key_schedule)); 396 free(*sched, M_CRYPTO_DATA); 397 *sched = NULL; 398 } 399 400 static void 401 blf_encrypt(void *key, u_int8_t *blk) 402 { 403 404 BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 1); 405 } 406 407 static void 408 blf_decrypt(void *key, u_int8_t *blk) 409 { 410 411 BF_ecb_encrypt(blk, blk, (BF_KEY *)key, 0); 412 } 413 414 static int 415 blf_setkey(u_int8_t **sched, const u_int8_t *key, int len) 416 { 417 int err; 418 419 *sched = malloc(sizeof(BF_KEY), 420 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 421 if (*sched != NULL) { 422 BF_set_key((BF_KEY *) *sched, len, key); 423 err = 0; 424 } else 425 err = ENOMEM; 426 return err; 427 } 428 429 static void 430 blf_zerokey(u_int8_t **sched) 431 { 432 memset(*sched, 0, sizeof(BF_KEY)); 433 free(*sched, M_CRYPTO_DATA); 434 *sched = NULL; 435 } 436 437 static void 438 cast5_encrypt(void *key, u_int8_t *blk) 439 { 440 cast128_encrypt((cast128_key *) key, blk, blk); 441 } 442 443 static void 444 cast5_decrypt(void *key, u_int8_t *blk) 445 { 446 cast128_decrypt((cast128_key *) key, blk, blk); 447 } 448 449 static int 450 cast5_setkey(u_int8_t **sched, const u_int8_t *key, int len) 451 { 452 int err; 453 454 *sched = malloc(sizeof(cast128_key), M_CRYPTO_DATA, 455 M_NOWAIT|M_ZERO); 456 if (*sched != NULL) { 457 cast128_setkey((cast128_key *)*sched, key, len); 458 err = 0; 459 } else 460 err = ENOMEM; 461 return err; 462 } 463 464 static void 465 cast5_zerokey(u_int8_t **sched) 466 { 467 memset(*sched, 0, sizeof(cast128_key)); 468 free(*sched, M_CRYPTO_DATA); 469 *sched = NULL; 470 } 471 472 static void 473 skipjack_encrypt(void *key, u_int8_t *blk) 474 { 475 skipjack_forwards(blk, blk, (u_int8_t **) key); 476 } 477 478 static void 479 skipjack_decrypt(void *key, u_int8_t *blk) 480 { 481 skipjack_backwards(blk, blk, (u_int8_t **) key); 482 } 483 484 static int 485 skipjack_setkey(u_int8_t **sched, const u_int8_t *key, int len) 486 { 487 int err; 488 489 /* NB: allocate all the memory that's needed at once */ 490 /* XXX assumes bytes are aligned on sizeof(u_char) == 1 boundaries. 491 * Will this break a pdp-10, Cray-1, or GE-645 port? 492 */ 493 *sched = malloc(10 * (sizeof(u_int8_t *) + 0x100), 494 M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 495 496 if (*sched != NULL) { 497 498 u_int8_t** key_tables = (u_int8_t**) *sched; 499 u_int8_t* table = (u_int8_t*) &key_tables[10]; 500 int k; 501 502 for (k = 0; k < 10; k++) { 503 key_tables[k] = table; 504 table += 0x100; 505 } 506 subkey_table_gen(key, (u_int8_t **) *sched); 507 err = 0; 508 } else 509 err = ENOMEM; 510 return err; 511 } 512 513 static void 514 skipjack_zerokey(u_int8_t **sched) 515 { 516 memset(*sched, 0, 10 * (sizeof(u_int8_t *) + 0x100)); 517 free(*sched, M_CRYPTO_DATA); 518 *sched = NULL; 519 } 520 521 static void 522 rijndael128_encrypt(void *key, u_int8_t *blk) 523 { 524 rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk); 525 } 526 527 static void 528 rijndael128_decrypt(void *key, u_int8_t *blk) 529 { 530 rijndael_decrypt((rijndael_ctx *) key, (u_char *) blk, 531 (u_char *) blk); 532 } 533 534 static int 535 rijndael128_setkey(u_int8_t **sched, const u_int8_t *key, int len) 536 { 537 int err; 538 539 *sched = malloc(sizeof(rijndael_ctx), M_CRYPTO_DATA, 540 M_NOWAIT|M_ZERO); 541 if (*sched != NULL) { 542 rijndael_set_key((rijndael_ctx *) *sched, key, len * 8); 543 err = 0; 544 } else 545 err = ENOMEM; 546 return err; 547 } 548 549 static void 550 rijndael128_zerokey(u_int8_t **sched) 551 { 552 memset(*sched, 0, sizeof(rijndael_ctx)); 553 free(*sched, M_CRYPTO_DATA); 554 *sched = NULL; 555 } 556 557 /* 558 * And now for auth. 559 */ 560 561 static void 562 null_init(void *ctx) 563 { 564 } 565 566 static int 567 null_update(void *ctx, const u_int8_t *buf, 568 u_int16_t len) 569 { 570 return 0; 571 } 572 573 static void 574 null_final(u_int8_t *buf, void *ctx) 575 { 576 if (buf != (u_int8_t *) 0) 577 memset(buf, 0, 12); 578 } 579 580 static int 581 RMD160Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 582 { 583 RMD160Update(ctx, buf, len); 584 return 0; 585 } 586 587 static int 588 MD5Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 589 { 590 MD5Update(ctx, buf, len); 591 return 0; 592 } 593 594 static void 595 SHA1Init_int(void *ctx) 596 { 597 SHA1Init(ctx); 598 } 599 600 static int 601 SHA1Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 602 { 603 SHA1Update(ctx, buf, len); 604 return 0; 605 } 606 607 static void 608 SHA1Final_int(u_int8_t *blk, void *ctx) 609 { 610 SHA1Final(blk, ctx); 611 } 612 613 static int 614 SHA256Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 615 { 616 SHA256_Update(ctx, buf, len); 617 return 0; 618 } 619 620 static int 621 SHA384Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 622 { 623 SHA384_Update(ctx, buf, len); 624 return 0; 625 } 626 627 static int 628 SHA512Update_int(void *ctx, const u_int8_t *buf, u_int16_t len) 629 { 630 SHA512_Update(ctx, buf, len); 631 return 0; 632 } 633 634 /* 635 * And compression 636 */ 637 638 static u_int32_t 639 deflate_compress(u_int8_t *data, u_int32_t size, u_int8_t **out) 640 { 641 return deflate_global(data, size, 0, out); 642 } 643 644 static u_int32_t 645 deflate_decompress(u_int8_t *data, u_int32_t size, u_int8_t **out) 646 { 647 return deflate_global(data, size, 1, out); 648 } 649 650 static u_int32_t 651 gzip_compress(u_int8_t *data, u_int32_t size, u_int8_t **out) 652 { 653 return gzip_global(data, size, 0, out); 654 } 655 656 static u_int32_t 657 gzip_decompress(u_int8_t *data, u_int32_t size, u_int8_t **out) 658 { 659 return gzip_global(data, size, 1, out); 660 } 661