static void g_aes_read_done(struct bio *bp) { struct g_geom *gp; struct g_aes_softc *sc; u_char *p, *b, *e, *sb; keyInstance dkey; off_t o; gp = bp->bio_from->geom; sc = gp->softc; sb = g_malloc(sc->sectorsize, M_WAITOK); b = bp->bio_data; e = bp->bio_data; e += bp->bio_length; o = bp->bio_offset - sc->sectorsize; for (p = b; p < e; p += sc->sectorsize) { g_aes_makekey(sc, o, &dkey, DIR_DECRYPT); rijndael_blockDecrypt(&sc->ci, &dkey, p, sc->sectorsize * 8, sb); bcopy(sb, p, sc->sectorsize); o += sc->sectorsize; } bzero(&dkey, sizeof dkey); /* destroy evidence */ bzero(sb, sc->sectorsize); /* destroy evidence */ g_free(sb); g_std_done(bp); }
void aes_cbc_dec_int(void *privdata, void *dst, void *src, int len) { struct aes_encdata *ae = (void *)privdata; cipherInstance cipher; rijndael_cipherInit(&cipher, MODE_CBC, ae->ae_iv); rijndael_blockDecrypt(&cipher, ae->ae_key, src, len * 8, dst); memcpy(ae->ae_iv, (u_int8_t *)src + (len - 16), 16); }
int main(int argc, char **argv) { keyInstance ki; cipherInstance ci; uint8_t key[16]; uint8_t in[LL]; uint8_t out[LL]; int i, j; rijndael_cipherInit(&ci, MODE_CBC, NULL); for (i = 0; i < 16; i++) key[i] = i; rijndael_makeKey(&ki, DIR_DECRYPT, 128, key); for (i = 0; i < LL; i++) in[i] = i; rijndael_blockDecrypt(&ci, &ki, in, LL * 8, out); for (i = 0; i < LL; i++) printf("%02x", out[i]); putchar('\n'); rijndael_blockDecrypt(&ci, &ki, in, LL * 8, in); j = 0; for (i = 0; i < LL; i++) { printf("%02x", in[i]); if (in[i] != out[i]) j++; } putchar('\n'); if (j != 0) { fprintf(stderr, "Error: inplace decryption fails in %d places\n", j); return (1); } else { return (0); } }
int esp_rijndael_blockdecrypt(const struct esp_algorithm *algo, struct secasvar *sav, u_int8_t *s, u_int8_t *d) { cipherInstance c; keyInstance *p; /* does not take advantage of CBC mode support */ bzero(&c, sizeof(c)); if (rijndael_cipherInit(&c, MODE_ECB, NULL) < 0) return -1; p = (keyInstance *)sav->sched; if (rijndael_blockDecrypt(&c, &p[0], s, algo->padbound * 8, d) < 0) return -1; return 0; }
int geliboot_crypt(u_int algo, int enc, u_char *data, size_t datasize, const u_char *key, size_t keysize, u_char *iv) { keyInstance aeskey; cipherInstance cipher; struct aes_xts_ctx xtsctx, *ctxp; size_t xts_len; int err, blks, i; switch (algo) { case CRYPTO_AES_CBC: err = rijndael_makeKey(&aeskey, !enc, keysize, (const char *)key); if (err < 0) { printf("Failed to setup decryption keys: %d\n", err); return (err); } err = rijndael_cipherInit(&cipher, MODE_CBC, iv); if (err < 0) { printf("Failed to setup IV: %d\n", err); return (err); } switch (enc) { case 0: /* decrypt */ blks = rijndael_blockDecrypt(&cipher, &aeskey, data, datasize * 8, data); break; case 1: /* encrypt */ blks = rijndael_blockEncrypt(&cipher, &aeskey, data, datasize * 8, data); break; } if (datasize != (blks / 8)) { printf("Failed to decrypt the entire input: " "%u != %u\n", blks, datasize); return (1); } break; case CRYPTO_AES_XTS: xts_len = keysize << 1; ctxp = &xtsctx; rijndael_set_key(&ctxp->key1, key, xts_len / 2); rijndael_set_key(&ctxp->key2, key + (xts_len / 16), xts_len / 2); enc_xform_aes_xts.reinit(ctxp, iv); switch (enc) { case 0: /* decrypt */ for (i = 0; i < datasize; i += AES_XTS_BLOCKSIZE) { enc_xform_aes_xts.decrypt(ctxp, data + i); } break; case 1: /* encrypt */ for (i = 0; i < datasize; i += AES_XTS_BLOCKSIZE) { enc_xform_aes_xts.encrypt(ctxp, data + i); } break; } break; default: printf("Unsupported crypto algorithm #%d\n", algo); return (1); } return (0); }