1 /*        $NetBSD: xform.c,v 1.31 2020/06/30 04:14:56 riastradh Exp $ */
2 /*        $FreeBSD: src/sys/opencrypto/xform.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $    */
3 /*        $OpenBSD: xform.c,v 1.19 2002/08/16 22:47:25 dhartmei Exp $ */
4 
5 /*
6  * The authors of this code are John Ioannidis (ji@tla.org),
7  * Angelos D. Keromytis (kermit@csd.uch.gr) and
8  * Niels Provos (provos@physnet.uni-hamburg.de).
9  *
10  * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
11  * in November 1995.
12  *
13  * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
14  * by Angelos D. Keromytis.
15  *
16  * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
17  * and Niels Provos.
18  *
19  * Additional features in 1999 by Angelos D. Keromytis.
20  *
21  * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
22  * Angelos D. Keromytis and Niels Provos.
23  *
24  * Copyright (C) 2001, Angelos D. Keromytis.
25  *
26  * Permission to use, copy, and modify this software with or without fee
27  * is hereby granted, provided that this entire notice is included in
28  * all copies of any software which is or includes a copy or
29  * modification of this software.
30  * You may use this code under the GNU public license if you so wish. Please
31  * contribute changes back to the authors under this freer than GPL license
32  * so that we may further the use of strong encryption without limitations to
33  * all.
34  *
35  * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
36  * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
37  * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
38  * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
39  * PURPOSE.
40  */
41 
42 #include <sys/cdefs.h>
43 __KERNEL_RCSID(0, "$NetBSD: xform.c,v 1.31 2020/06/30 04:14:56 riastradh Exp $");
44 
45 #include <sys/param.h>
46 #include <sys/malloc.h>
47 
48 #include <opencrypto/cryptodev.h>
49 #include <opencrypto/xform.h>
50 
51 MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers");
52 
53 const u_int8_t hmac_ipad_buffer[128] = {
54           0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
55           0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
56           0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
57           0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
58           0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
59           0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
60           0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
61           0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
62           0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
63           0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
64           0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
65           0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
66           0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
67           0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
68           0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
69           0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
70 };
71 
72 const u_int8_t hmac_opad_buffer[128] = {
73           0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
74           0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
75           0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
76           0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
77           0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
78           0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
79           0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
80           0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
81           0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
82           0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
83           0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
84           0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
85           0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
86           0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
87           0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C,
88           0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C
89 };
90 
91 /* Encryption instances */
92 const struct enc_xform enc_xform_null = {
93           .type               = CRYPTO_NULL_CBC,
94           .name               = "NULL",
95           /* NB: blocksize of 4 is to generate a properly aligned ESP header */
96           .blocksize          = 4,
97           .ivsize             = 0,
98           .minkey             = 0,
99           .maxkey             = 256, /* 2048 bits, max key */
100 };
101 
102 const struct enc_xform enc_xform_des = {
103           .type               = CRYPTO_DES_CBC,
104           .name               = "DES",
105           .blocksize          = 8,
106           .ivsize             = 8,
107           .minkey             = 8,
108           .maxkey             = 8,
109 };
110 
111 const struct enc_xform enc_xform_3des = {
112           .type               = CRYPTO_3DES_CBC,
113           .name               = "3DES",
114           .blocksize          = 8,
115           .ivsize             = 8,
116           .minkey             = 24,
117           .maxkey             = 24,
118 };
119 
120 const struct enc_xform enc_xform_blf = {
121           .type               = CRYPTO_BLF_CBC,
122           .name               = "Blowfish",
123           .blocksize          = 8,
124           .ivsize             = 8,
125           .minkey             = 5,
126           .maxkey             = 56, /* 448 bits, max key */
127 };
128 
129 const struct enc_xform enc_xform_cast5 = {
130           .type               = CRYPTO_CAST_CBC,
131           .name               = "CAST-128",
132           .blocksize          = 8,
133           .ivsize             = 8,
134           .minkey             = 5,
135           .maxkey             = 16,
136 };
137 
138 const struct enc_xform enc_xform_skipjack = {
139           .type               = CRYPTO_SKIPJACK_CBC,
140           .name               = "Skipjack",
141           .blocksize          = 8,
142           .ivsize             = 8,
143           .minkey             = 10,
144           .maxkey             = 10,
145 };
146 
147 const struct enc_xform enc_xform_aes = {
148           .type               = CRYPTO_AES_CBC,
149           .name               = "AES",
150           .blocksize          = 16,
151           .ivsize             = 16,
152           .minkey             = 16,
153           .maxkey             = 32,
154 };
155 
156 const struct enc_xform enc_xform_arc4 = {
157           .type               = CRYPTO_ARC4,
158           .name               = "ARC4",
159           .blocksize          = 1,
160           .ivsize             = 0,
161           .minkey             = 1,
162           .maxkey             = 32,
163 };
164 
165 const struct enc_xform enc_xform_camellia = {
166           .type               = CRYPTO_CAMELLIA_CBC,
167           .name               = "Camellia",
168           .blocksize          = 16,
169           .ivsize             = 16,
170           .minkey             = 8,
171           .maxkey             = 32,
172 };
173 
174 const struct enc_xform enc_xform_aes_ctr = {
175           .type               = CRYPTO_AES_CTR,
176           .name               = "AES-CTR",
177           .blocksize          = 16,
178           .ivsize             = 8,
179           .minkey             = 16 + 4,
180           .maxkey             = 32 + 4,
181 };
182 
183 const struct enc_xform enc_xform_aes_gcm = {
184           .type               = CRYPTO_AES_GCM_16,
185           .name               = "AES-GCM",
186           .blocksize          = 4, /* ??? */
187           .ivsize             = 8,
188           .minkey             = 16 + 4,
189           .maxkey             = 32 + 4,
190 };
191 
192 const struct enc_xform enc_xform_aes_gmac = {
193           .type               = CRYPTO_AES_GMAC,
194           .name               = "AES-GMAC",
195           .blocksize          = 4, /* ??? */
196           .ivsize             = 8,
197           .minkey             = 16 + 4,
198           .maxkey             = 32 + 4,
199 };
200 
201 /* Authentication instances */
202 const struct auth_hash auth_hash_null = {
203           .type               = CRYPTO_NULL_HMAC,
204           .name               = "NULL-HMAC",
205           .keysize  = 0,
206           .hashsize = 0,
207           .authsize = 12,
208           .blocksize          = 64,
209 };
210 
211 const struct auth_hash auth_hash_hmac_md5 = {
212           .type               = CRYPTO_MD5_HMAC,
213           .name               = "HMAC-MD5",
214           .keysize  = 16,
215           .hashsize = 16,
216           .authsize = 16,
217           .blocksize          = 64,
218 };
219 
220 const struct auth_hash auth_hash_hmac_sha1 = {
221           .type               = CRYPTO_SHA1_HMAC,
222           .name               = "HMAC-SHA1",
223           .keysize  = 20,
224           .hashsize = 20,
225           .authsize = 20,
226           .blocksize          = 64,
227 };
228 
229 const struct auth_hash auth_hash_hmac_ripemd_160 = {
230           .type               = CRYPTO_RIPEMD160_HMAC,
231           .name               = "HMAC-RIPEMD-160",
232           .keysize  = 20,
233           .hashsize = 20,
234           .authsize = 20,
235           .blocksize          = 64,
236 };
237 
238 const struct auth_hash auth_hash_hmac_md5_96 = {
239           .type               = CRYPTO_MD5_HMAC_96,
240           .name               = "HMAC-MD5-96",
241           .keysize  = 16,
242           .hashsize = 16,
243           .authsize = 12,
244           .blocksize          = 64,
245 };
246 
247 const struct auth_hash auth_hash_hmac_sha1_96 = {
248           .type               = CRYPTO_SHA1_HMAC_96,
249           .name               = "HMAC-SHA1-96",
250           .keysize  = 20,
251           .hashsize = 20,
252           .authsize = 12,
253           .blocksize          = 64,
254 };
255 
256 const struct auth_hash auth_hash_hmac_ripemd_160_96 = {
257           .type               = CRYPTO_RIPEMD160_HMAC_96,
258           .name               = "HMAC-RIPEMD-160",
259           .keysize  = 20,
260           .hashsize = 20,
261           .authsize = 12,
262           .blocksize          = 64,
263 };
264 
265 const struct auth_hash auth_hash_key_md5 = {
266           .type               = CRYPTO_MD5_KPDK,
267           .name               = "Keyed MD5",
268           .keysize  = 0,
269           .hashsize = 16,
270           .authsize = 16,
271           .blocksize          = 0,
272 };
273 
274 const struct auth_hash auth_hash_key_sha1 = {
275           .type               = CRYPTO_SHA1_KPDK,
276           .name               = "Keyed SHA1",
277           .keysize  = 0,
278           .hashsize = 20,
279           .authsize = 20,
280           .blocksize          = 0,
281 };
282 
283 const struct auth_hash auth_hash_md5 = {
284           .type               = CRYPTO_MD5,
285           .name               = "MD5",
286           .keysize  = 0,
287           .hashsize = 16,
288           .authsize = 16,
289           .blocksize          = 0,
290 };
291 
292 const struct auth_hash auth_hash_sha1 = {
293           .type               = CRYPTO_SHA1,
294           .name               = "SHA1",
295           .keysize  = 0,
296           .hashsize = 20,
297           .authsize = 20,
298           .blocksize          = 0,
299 };
300 
301 const struct auth_hash auth_hash_hmac_sha2_256 = {
302           .type               = CRYPTO_SHA2_256_HMAC,
303           .name               = "HMAC-SHA2",
304           .keysize  = 32,
305           .hashsize = 32,
306           .authsize = 16,
307           .blocksize          = 64,
308 };
309 
310 const struct auth_hash auth_hash_hmac_sha2_384 = {
311           .type               = CRYPTO_SHA2_384_HMAC,
312           .name               = "HMAC-SHA2-384",
313           .keysize  = 48,
314           .hashsize = 48,
315           .authsize = 24,
316           .blocksize          = 128,
317 };
318 
319 const struct auth_hash auth_hash_hmac_sha2_512 = {
320           .type               = CRYPTO_SHA2_512_HMAC,
321           .name               = "HMAC-SHA2-512",
322           .keysize  = 64,
323           .hashsize = 64,
324           .authsize = 32,
325           .blocksize          = 128,
326 };
327 
328 const struct auth_hash auth_hash_aes_xcbc_mac_96 = {
329           .type               = CRYPTO_AES_XCBC_MAC_96,
330           .name               = "AES-XCBC-MAC-96",
331           .keysize  = 16,
332           .hashsize = 16,
333           .authsize = 12,
334           .blocksize          = 0,
335 };
336 
337 const struct auth_hash auth_hash_gmac_aes_128 = {
338           .type               = CRYPTO_AES_128_GMAC,
339           .name               = "GMAC-AES-128",
340           .keysize  = 16 + 4,
341           .hashsize = 16,
342           .authsize = 16,
343           .blocksize          = 16, /* ??? */
344 };
345 
346 const struct auth_hash auth_hash_gmac_aes_192 = {
347           .type               = CRYPTO_AES_192_GMAC,
348           .name               = "GMAC-AES-192",
349           .keysize  = 24 + 4,
350           .hashsize = 16,
351           .authsize = 16,
352           .blocksize          = 16, /* ??? */
353 };
354 
355 const struct auth_hash auth_hash_gmac_aes_256 = {
356           .type               = CRYPTO_AES_256_GMAC,
357           .name               = "GMAC-AES-256",
358           .keysize  = 32 + 4,
359           .hashsize = 16,
360           .authsize = 16,
361           .blocksize          = 16, /* ??? */
362 };
363 
364 /* Compression instance */
365 const struct comp_algo comp_algo_deflate = {
366           .type     = CRYPTO_DEFLATE_COMP,
367           .name     = "Deflate",
368           .minlen   = 90,
369 };
370 
371 const struct comp_algo comp_algo_deflate_nogrow = {
372           .type     = CRYPTO_DEFLATE_COMP_NOGROW,
373           .name     = "Deflate",
374           .minlen   = 90,
375 };
376 
377 const struct comp_algo comp_algo_gzip = {
378           .type     = CRYPTO_GZIP_COMP,
379           .name     = "GZIP",
380           .minlen   = 90,
381 };
382