xref: /freebsd/sys/opencrypto/xform_aes_cbc.c (revision 9768746ba83efa02837c5b9c66348db6e900208f)
1 /*	$OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $	*/
2 /*-
3  * The authors of this code are John Ioannidis (ji@tla.org),
4  * Angelos D. Keromytis (kermit@csd.uch.gr),
5  * Niels Provos (provos@physnet.uni-hamburg.de) and
6  * Damien Miller (djm@mindrot.org).
7  *
8  * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
9  * in November 1995.
10  *
11  * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
12  * by Angelos D. Keromytis.
13  *
14  * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
15  * and Niels Provos.
16  *
17  * Additional features in 1999 by Angelos D. Keromytis.
18  *
19  * AES XTS implementation in 2008 by Damien Miller
20  *
21  * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
22  * Angelos D. Keromytis and Niels Provos.
23  *
24  * Copyright (C) 2001, Angelos D. Keromytis.
25  *
26  * Copyright (C) 2008, Damien Miller
27  * Copyright (c) 2014 The FreeBSD Foundation
28  * All rights reserved.
29  *
30  * Portions of this software were developed by John-Mark Gurney
31  * under sponsorship of the FreeBSD Foundation and
32  * Rubicon Communications, LLC (Netgate).
33  *
34  * Permission to use, copy, and modify this software with or without fee
35  * is hereby granted, provided that this entire notice is included in
36  * all copies of any software which is or includes a copy or
37  * modification of this software.
38  * You may use this code under the GNU public license if you so wish. Please
39  * contribute changes back to the authors under this freer than GPL license
40  * so that we may further the use of strong encryption without limitations to
41  * all.
42  *
43  * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
44  * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
45  * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
46  * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
47  * PURPOSE.
48  */
49 
50 #include <sys/cdefs.h>
51 __FBSDID("$FreeBSD$");
52 
53 #include <sys/types.h>
54 #include <crypto/rijndael/rijndael.h>
55 #include <opencrypto/xform_enc.h>
56 
57 struct aes_cbc_ctx {
58 	rijndael_ctx key;
59 	char iv[AES_BLOCK_LEN];
60 };
61 
62 static	int aes_cbc_setkey(void *, const uint8_t *, int);
63 static	void aes_cbc_encrypt(void *, const uint8_t *, uint8_t *);
64 static	void aes_cbc_decrypt(void *, const uint8_t *, uint8_t *);
65 static	void aes_cbc_encrypt_multi(void *, const uint8_t *, uint8_t *, size_t);
66 static	void aes_cbc_decrypt_multi(void *, const uint8_t *, uint8_t *, size_t);
67 static  void aes_cbc_reinit(void *, const uint8_t *, size_t);
68 
69 /* Encryption instances */
70 const struct enc_xform enc_xform_aes_cbc = {
71 	.type = CRYPTO_AES_CBC,
72 	.name = "AES-CBC",
73 	.ctxsize = sizeof(struct aes_cbc_ctx),
74 	.blocksize = AES_BLOCK_LEN,
75 	.ivsize = AES_BLOCK_LEN,
76 	.minkey = AES_MIN_KEY,
77 	.maxkey = AES_MAX_KEY,
78 	.setkey = aes_cbc_setkey,
79 	.reinit = aes_cbc_reinit,
80 	.encrypt = aes_cbc_encrypt,
81 	.decrypt = aes_cbc_decrypt,
82 	.encrypt_multi = aes_cbc_encrypt_multi,
83 	.decrypt_multi = aes_cbc_decrypt_multi,
84 };
85 
86 /*
87  * Encryption wrapper routines.
88  */
89 static void
90 aes_cbc_encrypt(void *vctx, const uint8_t *in, uint8_t *out)
91 {
92 	struct aes_cbc_ctx *ctx = vctx;
93 
94 	for (u_int i = 0; i < AES_BLOCK_LEN; i++)
95 		out[i] = in[i] ^ ctx->iv[i];
96 	rijndael_encrypt(&ctx->key, out, out);
97 	memcpy(ctx->iv, out, AES_BLOCK_LEN);
98 }
99 
100 static void
101 aes_cbc_decrypt(void *vctx, const uint8_t *in, uint8_t *out)
102 {
103 	struct aes_cbc_ctx *ctx = vctx;
104 	char block[AES_BLOCK_LEN];
105 
106 	memcpy(block, in, AES_BLOCK_LEN);
107 	rijndael_decrypt(&ctx->key, in, out);
108 	for (u_int i = 0; i < AES_BLOCK_LEN; i++)
109 		out[i] ^= ctx->iv[i];
110 	memcpy(ctx->iv, block, AES_BLOCK_LEN);
111 	explicit_bzero(block, sizeof(block));
112 }
113 
114 static void
115 aes_cbc_encrypt_multi(void *vctx, const uint8_t *in, uint8_t *out, size_t len)
116 {
117 	struct aes_cbc_ctx *ctx = vctx;
118 
119 	KASSERT(len % AES_BLOCK_LEN == 0, ("%s: invalid length", __func__));
120 	while (len > 0) {
121 		for (u_int i = 0; i < AES_BLOCK_LEN; i++)
122 			out[i] = in[i] ^ ctx->iv[i];
123 		rijndael_encrypt(&ctx->key, out, out);
124 		memcpy(ctx->iv, out, AES_BLOCK_LEN);
125 		out += AES_BLOCK_LEN;
126 		in += AES_BLOCK_LEN;
127 		len -= AES_BLOCK_LEN;
128 	}
129 }
130 
131 static void
132 aes_cbc_decrypt_multi(void *vctx, const uint8_t *in, uint8_t *out, size_t len)
133 {
134 	struct aes_cbc_ctx *ctx = vctx;
135 	char block[AES_BLOCK_LEN];
136 
137 	KASSERT(len % AES_BLOCK_LEN == 0, ("%s: invalid length", __func__));
138 	while (len > 0) {
139 		memcpy(block, in, AES_BLOCK_LEN);
140 		rijndael_decrypt(&ctx->key, in, out);
141 		for (u_int i = 0; i < AES_BLOCK_LEN; i++)
142 			out[i] ^= ctx->iv[i];
143 		memcpy(ctx->iv, block, AES_BLOCK_LEN);
144 		out += AES_BLOCK_LEN;
145 		in += AES_BLOCK_LEN;
146 		len -= AES_BLOCK_LEN;
147 	}
148 	explicit_bzero(block, sizeof(block));
149 }
150 
151 static int
152 aes_cbc_setkey(void *vctx, const uint8_t *key, int len)
153 {
154 	struct aes_cbc_ctx *ctx = vctx;
155 
156 	if (len != 16 && len != 24 && len != 32)
157 		return (EINVAL);
158 
159 	rijndael_set_key(&ctx->key, key, len * 8);
160 	return (0);
161 }
162 
163 static void
164 aes_cbc_reinit(void *vctx, const uint8_t *iv, size_t iv_len)
165 {
166 	struct aes_cbc_ctx *ctx = vctx;
167 
168 	KASSERT(iv_len == sizeof(ctx->iv), ("%s: bad IV length", __func__));
169 	memcpy(ctx->iv, iv, sizeof(ctx->iv));
170 }
171