Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/sys/opencrypto/xform_aes_cbc.c
39478 views
1
/*	$OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $	*/

2
/*-

3
 * The authors of this code are John Ioannidis ([email protected]),

4
 * Angelos D. Keromytis ([email protected]),

5
 * Niels Provos ([email protected]) and

6
 * Damien Miller ([email protected]).

7
 *

8
 * This code was written by John Ioannidis for BSD/OS in Athens, Greece,

9
 * in November 1995.

10
 *

11
 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,

12
 * by Angelos D. Keromytis.

13
 *

14
 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis

15
 * and Niels Provos.

16
 *

17
 * Additional features in 1999 by Angelos D. Keromytis.

18
 *

19
 * AES XTS implementation in 2008 by Damien Miller

20
 *

21
 * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,

22
 * Angelos D. Keromytis and Niels Provos.

23
 *

24
 * Copyright (C) 2001, Angelos D. Keromytis.

25
 *

26
 * Copyright (C) 2008, Damien Miller

27
 * Copyright (c) 2014 The FreeBSD Foundation

28
 * All rights reserved.

29
 *

30
 * Portions of this software were developed by John-Mark Gurney

31
 * under sponsorship of the FreeBSD Foundation and

32
 * Rubicon Communications, LLC (Netgate).

33
 *

34
 * Permission to use, copy, and modify this software with or without fee

35
 * is hereby granted, provided that this entire notice is included in

36
 * all copies of any software which is or includes a copy or

37
 * modification of this software.

38
 * You may use this code under the GNU public license if you so wish. Please

39
 * contribute changes back to the authors under this freer than GPL license

40
 * so that we may further the use of strong encryption without limitations to

41
 * all.

42
 *

43
 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR

44
 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY

45
 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE

46
 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR

47
 * PURPOSE.

48
 */

49


50
#include <sys/types.h>

51
#include <crypto/rijndael/rijndael.h>

52
#include <opencrypto/xform_enc.h>

53


54
struct aes_cbc_ctx {

55
	rijndael_ctx key;

56
	char iv[AES_BLOCK_LEN];

57
};

58


59
static	int aes_cbc_setkey(void *, const uint8_t *, int);

60
static	void aes_cbc_encrypt(void *, const uint8_t *, uint8_t *);

61
static	void aes_cbc_decrypt(void *, const uint8_t *, uint8_t *);

62
static	void aes_cbc_encrypt_multi(void *, const uint8_t *, uint8_t *, size_t);

63
static	void aes_cbc_decrypt_multi(void *, const uint8_t *, uint8_t *, size_t);

64
static  void aes_cbc_reinit(void *, const uint8_t *, size_t);

65


66
/* Encryption instances */

67
const struct enc_xform enc_xform_aes_cbc = {

68
	.type = CRYPTO_AES_CBC,

69
	.name = "AES-CBC",

70
	.ctxsize = sizeof(struct aes_cbc_ctx),

71
	.blocksize = AES_BLOCK_LEN,

72
	.ivsize = AES_BLOCK_LEN,

73
	.minkey = AES_MIN_KEY,

74
	.maxkey = AES_MAX_KEY,

75
	.setkey = aes_cbc_setkey,

76
	.reinit = aes_cbc_reinit,

77
	.encrypt = aes_cbc_encrypt,

78
	.decrypt = aes_cbc_decrypt,

79
	.encrypt_multi = aes_cbc_encrypt_multi,

80
	.decrypt_multi = aes_cbc_decrypt_multi,

81
};

82


83
/*

84
 * Encryption wrapper routines.

85
 */

86
static void

87
aes_cbc_encrypt(void *vctx, const uint8_t *in, uint8_t *out)

88
{

89
	struct aes_cbc_ctx *ctx = vctx;

90


91
	for (u_int i = 0; i < AES_BLOCK_LEN; i++)

92
		out[i] = in[i] ^ ctx->iv[i];

93
	rijndael_encrypt(&ctx->key, out, out);

94
	memcpy(ctx->iv, out, AES_BLOCK_LEN);

95
}

96


97
static void

98
aes_cbc_decrypt(void *vctx, const uint8_t *in, uint8_t *out)

99
{

100
	struct aes_cbc_ctx *ctx = vctx;

101
	char block[AES_BLOCK_LEN];

102


103
	memcpy(block, in, AES_BLOCK_LEN);

104
	rijndael_decrypt(&ctx->key, in, out);

105
	for (u_int i = 0; i < AES_BLOCK_LEN; i++)

106
		out[i] ^= ctx->iv[i];

107
	memcpy(ctx->iv, block, AES_BLOCK_LEN);

108
	explicit_bzero(block, sizeof(block));

109
}

110


111
static void

112
aes_cbc_encrypt_multi(void *vctx, const uint8_t *in, uint8_t *out, size_t len)

113
{

114
	struct aes_cbc_ctx *ctx = vctx;

115


116
	KASSERT(len % AES_BLOCK_LEN == 0, ("%s: invalid length", __func__));

117
	while (len > 0) {

118
		for (u_int i = 0; i < AES_BLOCK_LEN; i++)

119
			out[i] = in[i] ^ ctx->iv[i];

120
		rijndael_encrypt(&ctx->key, out, out);

121
		memcpy(ctx->iv, out, AES_BLOCK_LEN);

122
		out += AES_BLOCK_LEN;

123
		in += AES_BLOCK_LEN;

124
		len -= AES_BLOCK_LEN;

125
	}

126
}

127


128
static void

129
aes_cbc_decrypt_multi(void *vctx, const uint8_t *in, uint8_t *out, size_t len)

130
{

131
	struct aes_cbc_ctx *ctx = vctx;

132
	char block[AES_BLOCK_LEN];

133


134
	KASSERT(len % AES_BLOCK_LEN == 0, ("%s: invalid length", __func__));

135
	while (len > 0) {

136
		memcpy(block, in, AES_BLOCK_LEN);

137
		rijndael_decrypt(&ctx->key, in, out);

138
		for (u_int i = 0; i < AES_BLOCK_LEN; i++)

139
			out[i] ^= ctx->iv[i];

140
		memcpy(ctx->iv, block, AES_BLOCK_LEN);

141
		out += AES_BLOCK_LEN;

142
		in += AES_BLOCK_LEN;

143
		len -= AES_BLOCK_LEN;

144
	}

145
	explicit_bzero(block, sizeof(block));

146
}

147


148
static int

149
aes_cbc_setkey(void *vctx, const uint8_t *key, int len)

150
{

151
	struct aes_cbc_ctx *ctx = vctx;

152


153
	if (len != 16 && len != 24 && len != 32)

154
		return (EINVAL);

155


156
	rijndael_set_key(&ctx->key, key, len * 8);

157
	return (0);

158
}

159


160
static void

161
aes_cbc_reinit(void *vctx, const uint8_t *iv, size_t iv_len)

162
{

163
	struct aes_cbc_ctx *ctx = vctx;

164


165
	KASSERT(iv_len == sizeof(ctx->iv), ("%s: bad IV length", __func__));

166
	memcpy(ctx->iv, iv, sizeof(ctx->iv));

167
}

168


169