xref: /freebsd/stand/libsa/geli/geliboot_crypto.c (revision 4e99f45480598189d49d45a825533a6c9e12f02c)
1 /*-
2  * Copyright (c) 2005-2010 Pawel Jakub Dawidek <pjd@FreeBSD.org>
3  * Copyright (c) 2015 Allan Jude <allanjude@FreeBSD.org>
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
19  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  *
27  * $FreeBSD$
28  */
29 
30 #include <stdio.h>
31 #include <string.h>
32 #include <strings.h>
33 
34 #include "geliboot_internal.h"
35 #include "geliboot.h"
36 
37 int
38 geliboot_crypt(u_int algo, int enc, u_char *data, size_t datasize,
39     const u_char *key, size_t keysize, u_char *iv)
40 {
41 	keyInstance aeskey;
42 	cipherInstance cipher;
43 	struct aes_xts_ctx xtsctx, *ctxp;
44 	size_t xts_len;
45 	int err, blks, i;
46 
47 	switch (algo) {
48 	case CRYPTO_AES_CBC:
49 		err = rijndael_makeKey(&aeskey, !enc, keysize,
50 		    (const char *)key);
51 		if (err < 0) {
52 			printf("Failed to setup decryption keys: %d\n", err);
53 			return (err);
54 		}
55 
56 		err = rijndael_cipherInit(&cipher, MODE_CBC, iv);
57 		if (err < 0) {
58 			printf("Failed to setup IV: %d\n", err);
59 			return (err);
60 		}
61 
62 		if (enc == 0) {
63 			/* decrypt */
64 			blks = rijndael_blockDecrypt(&cipher, &aeskey, data,
65 			    datasize * 8, data);
66 		} else {
67 			/* encrypt */
68 			blks = rijndael_blockEncrypt(&cipher, &aeskey, data,
69 			    datasize * 8, data);
70 		}
71 		if (datasize != (blks / 8)) {
72 			printf("Failed to decrypt the entire input: "
73 			    "%u != %zu\n", blks, datasize);
74 			return (1);
75 		}
76 		break;
77 	case CRYPTO_AES_XTS:
78 		xts_len = keysize << 1;
79 		ctxp = &xtsctx;
80 
81 		enc_xform_aes_xts.setkey(ctxp, key, xts_len / 8);
82 		enc_xform_aes_xts.reinit(ctxp, iv);
83 
84 		switch (enc) {
85 		case 0: /* decrypt */
86 			for (i = 0; i < datasize; i += AES_XTS_BLOCKSIZE) {
87 				enc_xform_aes_xts.decrypt(ctxp, data + i,
88 				    data + i);
89 			}
90 			break;
91 		case 1: /* encrypt */
92 			for (i = 0; i < datasize; i += AES_XTS_BLOCKSIZE) {
93 				enc_xform_aes_xts.encrypt(ctxp, data + i,
94 				    data + 1);
95 			}
96 			break;
97 		}
98 		break;
99 	default:
100 		printf("Unsupported crypto algorithm #%d\n", algo);
101 		return (1);
102 	}
103 
104 	return (0);
105 }
106 
107 static int
108 g_eli_crypto_cipher(u_int algo, int enc, u_char *data, size_t datasize,
109     const u_char *key, size_t keysize)
110 {
111 	u_char iv[keysize];
112 
113 	explicit_bzero(iv, sizeof(iv));
114 	return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv));
115 }
116 
117 int
118 g_eli_crypto_encrypt(u_int algo, u_char *data, size_t datasize,
119     const u_char *key, size_t keysize)
120 {
121 
122 	/* We prefer AES-CBC for metadata protection. */
123 	if (algo == CRYPTO_AES_XTS)
124 		algo = CRYPTO_AES_CBC;
125 
126 	return (g_eli_crypto_cipher(algo, 1, data, datasize, key, keysize));
127 }
128 
129 int
130 g_eli_crypto_decrypt(u_int algo, u_char *data, size_t datasize,
131     const u_char *key, size_t keysize)
132 {
133 
134 	/* We prefer AES-CBC for metadata protection. */
135 	if (algo == CRYPTO_AES_XTS)
136 		algo = CRYPTO_AES_CBC;
137 
138 	return (g_eli_crypto_cipher(algo, 0, data, datasize, key, keysize));
139 }
140