1 /* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */ 2 /*- 3 * The authors of this code are John Ioannidis (ji@tla.org), 4 * Angelos D. Keromytis (kermit@csd.uch.gr), 5 * Niels Provos (provos@physnet.uni-hamburg.de) and 6 * Damien Miller (djm@mindrot.org). 7 * 8 * This code was written by John Ioannidis for BSD/OS in Athens, Greece, 9 * in November 1995. 10 * 11 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 12 * by Angelos D. Keromytis. 13 * 14 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis 15 * and Niels Provos. 16 * 17 * Additional features in 1999 by Angelos D. Keromytis. 18 * 19 * AES XTS implementation in 2008 by Damien Miller 20 * 21 * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, 22 * Angelos D. Keromytis and Niels Provos. 23 * 24 * Copyright (C) 2001, Angelos D. Keromytis. 25 * 26 * Copyright (C) 2008, Damien Miller 27 * Copyright (c) 2014 The FreeBSD Foundation 28 * All rights reserved. 29 * 30 * Portions of this software were developed by John-Mark Gurney 31 * under sponsorship of the FreeBSD Foundation and 32 * Rubicon Communications, LLC (Netgate). 33 * 34 * Permission to use, copy, and modify this software with or without fee 35 * is hereby granted, provided that this entire notice is included in 36 * all copies of any software which is or includes a copy or 37 * modification of this software. 38 * You may use this code under the GNU public license if you so wish. Please 39 * contribute changes back to the authors under this freer than GPL license 40 * so that we may further the use of strong encryption without limitations to 41 * all. 42 * 43 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 44 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 45 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 46 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 47 * PURPOSE. 48 */ 49 50 #include <sys/cdefs.h> 51 __FBSDID("$FreeBSD$"); 52 53 #include <crypto/camellia/camellia.h> 54 #include <opencrypto/xform_enc.h> 55 56 struct camellia_cbc_ctx { 57 camellia_ctx state; 58 char iv[CAMELLIA_BLOCK_LEN]; 59 }; 60 61 static int cml_setkey(void *, const uint8_t *, int); 62 static void cml_encrypt(void *, const uint8_t *, uint8_t *); 63 static void cml_decrypt(void *, const uint8_t *, uint8_t *); 64 static void cml_encrypt_multi(void *, const uint8_t *, uint8_t *, size_t); 65 static void cml_decrypt_multi(void *, const uint8_t *, uint8_t *, size_t); 66 static void cml_reinit(void *, const uint8_t *, size_t); 67 68 /* Encryption instances */ 69 const struct enc_xform enc_xform_camellia = { 70 .type = CRYPTO_CAMELLIA_CBC, 71 .name = "Camellia-CBC", 72 .ctxsize = sizeof(struct camellia_cbc_ctx), 73 .blocksize = CAMELLIA_BLOCK_LEN, 74 .ivsize = CAMELLIA_BLOCK_LEN, 75 .minkey = CAMELLIA_MIN_KEY, 76 .maxkey = CAMELLIA_MAX_KEY, 77 .setkey = cml_setkey, 78 .reinit = cml_reinit, 79 .encrypt = cml_encrypt, 80 .decrypt = cml_decrypt, 81 .encrypt_multi = cml_encrypt_multi, 82 .decrypt_multi = cml_decrypt_multi, 83 }; 84 85 /* 86 * Encryption wrapper routines. 87 */ 88 static void 89 cml_encrypt(void *vctx, const uint8_t *in, uint8_t *out) 90 { 91 struct camellia_cbc_ctx *ctx = vctx; 92 93 for (u_int i = 0; i < CAMELLIA_BLOCK_LEN; i++) 94 out[i] = in[i] ^ ctx->iv[i]; 95 camellia_encrypt(&ctx->state, out, out); 96 memcpy(ctx->iv, out, CAMELLIA_BLOCK_LEN); 97 } 98 99 static void 100 cml_decrypt(void *vctx, const uint8_t *in, uint8_t *out) 101 { 102 struct camellia_cbc_ctx *ctx = vctx; 103 char block[CAMELLIA_BLOCK_LEN]; 104 105 memcpy(block, in, CAMELLIA_BLOCK_LEN); 106 camellia_decrypt(&ctx->state, in, out); 107 for (u_int i = 0; i < CAMELLIA_BLOCK_LEN; i++) 108 out[i] ^= ctx->iv[i]; 109 memcpy(ctx->iv, block, CAMELLIA_BLOCK_LEN); 110 explicit_bzero(block, sizeof(block)); 111 } 112 113 static void 114 cml_encrypt_multi(void *vctx, const uint8_t *in, uint8_t *out, size_t len) 115 { 116 struct camellia_cbc_ctx *ctx = vctx; 117 118 KASSERT(len % CAMELLIA_BLOCK_LEN == 0, ("%s: invalid length", 119 __func__)); 120 while (len > 0) { 121 for (u_int i = 0; i < CAMELLIA_BLOCK_LEN; i++) 122 out[i] = in[i] ^ ctx->iv[i]; 123 camellia_encrypt(&ctx->state, out, out); 124 memcpy(ctx->iv, out, CAMELLIA_BLOCK_LEN); 125 out += CAMELLIA_BLOCK_LEN; 126 in += CAMELLIA_BLOCK_LEN; 127 len -= CAMELLIA_BLOCK_LEN; 128 } 129 } 130 131 static void 132 cml_decrypt_multi(void *vctx, const uint8_t *in, uint8_t *out, size_t len) 133 { 134 struct camellia_cbc_ctx *ctx = vctx; 135 char block[CAMELLIA_BLOCK_LEN]; 136 137 KASSERT(len % CAMELLIA_BLOCK_LEN == 0, ("%s: invalid length", 138 __func__)); 139 while (len > 0) { 140 memcpy(block, in, CAMELLIA_BLOCK_LEN); 141 camellia_decrypt(&ctx->state, in, out); 142 for (u_int i = 0; i < CAMELLIA_BLOCK_LEN; i++) 143 out[i] ^= ctx->iv[i]; 144 memcpy(ctx->iv, block, CAMELLIA_BLOCK_LEN); 145 out += CAMELLIA_BLOCK_LEN; 146 in += CAMELLIA_BLOCK_LEN; 147 len -= CAMELLIA_BLOCK_LEN; 148 } 149 explicit_bzero(block, sizeof(block)); 150 } 151 152 static int 153 cml_setkey(void *vctx, const uint8_t *key, int len) 154 { 155 struct camellia_cbc_ctx *ctx = vctx; 156 157 if (len != 16 && len != 24 && len != 32) 158 return (EINVAL); 159 160 camellia_set_key(&ctx->state, key, len * 8); 161 return (0); 162 } 163 164 static void 165 cml_reinit(void *vctx, const uint8_t *iv, size_t iv_len) 166 { 167 struct camellia_cbc_ctx *ctx = vctx; 168 169 KASSERT(iv_len == sizeof(ctx->iv), ("%s: bad IV length", __func__)); 170 memcpy(ctx->iv, iv, sizeof(ctx->iv)); 171 } 172