static void
g_aes_makekey(struct g_aes_softc *sc, off_t off, keyInstance *ki, int dir)
{
MD5_CTX cx;
u_int64_t u64;
u_int u, u1;
u_char *p, buf[16];
if (sc->keying == KEY_ZERO) {
rijndael_makeKey(ki, dir, 128, sc->master_key);
return;
}
MD5Init(&cx);
u64 = htole64(off);
MD5Update(&cx, (u_char *)&u64, sizeof(u64));
u = off / sc->sectorsize;
u %= sizeof sc->master_key;
p = sc->master_key + u;
if (u + 16 <= sizeof(sc->master_key)) {
MD5Update(&cx, p, 16);
} else {
u1 = sizeof sc->master_key - u;
MD5Update(&cx, p, u1);
MD5Update(&cx, sc->master_key, 16 - u1);
u1 = 0; /* destroy evidence */
}
u = 0; /* destroy evidence */
MD5Update(&cx, (u_char *)&u64, sizeof(u64));
u64 = 0; /* destroy evidence */
MD5Final(buf, &cx);
bzero(&cx, sizeof cx); /* destroy evidence */
rijndael_makeKey(ki, dir, 128, buf);
bzero(buf, sizeof buf); /* destroy evidence */
}
int
esp_rijndael_schedule(const struct esp_algorithm *algo, struct secasvar *sav)
{
keyInstance *k;
k = (keyInstance *)sav->sched;
if (rijndael_makeKey(&k[0], DIR_DECRYPT, _KEYLEN(sav->key_enc) * 8,
_KEYBUF(sav->key_enc)) < 0)
return -1;
if (rijndael_makeKey(&k[1], DIR_ENCRYPT, _KEYLEN(sav->key_enc) * 8,
_KEYBUF(sav->key_enc)) < 0)
return -1;
return 0;
}
/* Initialise the encryption routine by setting up the key schedule
* from the supplied <*data> which must be RANDOM_KEYSIZE bytes of binary
* data.
*/
void
randomdev_encrypt_init(struct randomdev_key *context, const void *data)
{
rijndael_cipherInit(&context->cipher, MODE_ECB, NULL);
rijndael_makeKey(&context->key, DIR_ENCRYPT, RANDOM_KEYSIZE*8, data);
}
caddr_t
cgd_cipher_aes_init(int keylen, caddr_t key, int *blocksize)
{
struct aes_privdata *ap;
if (!blocksize)
return NULL;
if (keylen != 128 && keylen != 192 && keylen != 256)
return NULL;
if (*blocksize == -1)
*blocksize = 128;
if (*blocksize != 128)
return NULL;
ap = malloc(sizeof(*ap), M_DEVBUF, 0);
if (!ap)
return NULL;
rijndael_makeKey(&ap->ap_enckey, DIR_ENCRYPT, keylen, key);
rijndael_makeKey(&ap->ap_deckey, DIR_DECRYPT, keylen, key);
return (caddr_t)ap;
}
/* Initialise the encryption routine by setting up the key schedule
* from the supplied <*data> which must be RANDOM_KEYSIZE bytes of binary
* data.
*/
void
randomdev_encrypt_init(union randomdev_key *context, const void *data)
{
if (random_chachamode) {
chacha_keysetup(&context->chacha, data, RANDOM_KEYSIZE * 8);
} else {
rijndael_cipherInit(&context->cipher, MODE_ECB, NULL);
rijndael_makeKey(&context->key, DIR_ENCRYPT, RANDOM_KEYSIZE*8, data);
}
}
static void
encrypt_sector(void *d, int len, int klen, void *key)
{
keyInstance ki;
cipherInstance ci;
int error;
error = rijndael_cipherInit(&ci, MODE_CBC, NULL);
if (error <= 0)
errx(1, "rijndael_cipherInit=%d", error);
error = rijndael_makeKey(&ki, DIR_ENCRYPT, klen, key);
if (error <= 0)
errx(1, "rijndael_makeKeY=%d", error);
error = rijndael_blockEncrypt(&ci, &ki, d, len * 8, d);
if (error <= 0)
errx(1, "rijndael_blockEncrypt=%d", error);
}
int
main(int argc, char **argv)
{
keyInstance ki;
cipherInstance ci;
uint8_t key[16];
uint8_t in[LL];
uint8_t out[LL];
int i, j;
rijndael_cipherInit(&ci, MODE_CBC, NULL);
for (i = 0; i < 16; i++)
key[i] = i;
rijndael_makeKey(&ki, DIR_DECRYPT, 128, key);
for (i = 0; i < LL; i++)
in[i] = i;
rijndael_blockDecrypt(&ci, &ki, in, LL * 8, out);
for (i = 0; i < LL; i++)
printf("%02x", out[i]);
putchar('\n');
rijndael_blockDecrypt(&ci, &ki, in, LL * 8, in);
j = 0;
for (i = 0; i < LL; i++) {
printf("%02x", in[i]);
if (in[i] != out[i])
j++;
}
putchar('\n');
if (j != 0) {
fprintf(stderr,
"Error: inplace decryption fails in %d places\n", j);
return (1);
} else {
return (0);
}
}
/* Initialise the encryption routine by setting up the key schedule
* from the supplied /data/ which must be KEYSIZE bytes of binary
* data.
*/
void
yarrow_encrypt_init(struct yarrowkey *context, void *data)
{
rijndael_cipherInit(&context->cipher, MODE_CBC, NULL);
rijndael_makeKey(&context->key, DIR_ENCRYPT, KEYSIZE*8, data);
}
int
geliboot_crypt(u_int algo, int enc, u_char *data, size_t datasize,
const u_char *key, size_t keysize, u_char *iv)
{
keyInstance aeskey;
cipherInstance cipher;
struct aes_xts_ctx xtsctx, *ctxp;
size_t xts_len;
int err, blks, i;
switch (algo) {
case CRYPTO_AES_CBC:
err = rijndael_makeKey(&aeskey, !enc, keysize,
(const char *)key);
if (err < 0) {
printf("Failed to setup decryption keys: %d\n", err);
return (err);
}
err = rijndael_cipherInit(&cipher, MODE_CBC, iv);
if (err < 0) {
printf("Failed to setup IV: %d\n", err);
return (err);
}
switch (enc) {
case 0: /* decrypt */
blks = rijndael_blockDecrypt(&cipher, &aeskey, data,
datasize * 8, data);
break;
case 1: /* encrypt */
blks = rijndael_blockEncrypt(&cipher, &aeskey, data,
datasize * 8, data);
break;
}
if (datasize != (blks / 8)) {
printf("Failed to decrypt the entire input: "
"%u != %u\n", blks, datasize);
return (1);
}
break;
case CRYPTO_AES_XTS:
xts_len = keysize << 1;
ctxp = &xtsctx;
rijndael_set_key(&ctxp->key1, key, xts_len / 2);
rijndael_set_key(&ctxp->key2, key + (xts_len / 16), xts_len / 2);
enc_xform_aes_xts.reinit(ctxp, iv);
switch (enc) {
case 0: /* decrypt */
for (i = 0; i < datasize; i += AES_XTS_BLOCKSIZE) {
enc_xform_aes_xts.decrypt(ctxp, data + i);
}
break;
case 1: /* encrypt */
for (i = 0; i < datasize; i += AES_XTS_BLOCKSIZE) {
enc_xform_aes_xts.encrypt(ctxp, data + i);
}
break;
}
break;
default:
printf("Unsupported crypto algorithm #%d\n", algo);
return (1);
}
return (0);
}
