/* Initialise the encryption routine by setting up the key schedule
* from the supplied <*data> which must be RANDOM_KEYSIZE bytes of binary
* data.
*/
void
randomdev_encrypt_init(struct randomdev_key *context, const void *data)
{
rijndael_cipherInit(&context->cipher, MODE_ECB, NULL);
rijndael_makeKey(&context->key, DIR_ENCRYPT, RANDOM_KEYSIZE*8, data);
}
void
aes_cbc_dec_int(void *privdata, void *dst, void *src, int len)
{
struct aes_encdata *ae = (void *)privdata;
cipherInstance cipher;
rijndael_cipherInit(&cipher, MODE_CBC, ae->ae_iv);
rijndael_blockDecrypt(&cipher, ae->ae_key, src, len * 8, dst);
memcpy(ae->ae_iv, (u_int8_t *)src + (len - 16), 16);
}
/* Initialise the encryption routine by setting up the key schedule
* from the supplied <*data> which must be RANDOM_KEYSIZE bytes of binary
* data.
*/
void
randomdev_encrypt_init(union randomdev_key *context, const void *data)
{
if (random_chachamode) {
chacha_keysetup(&context->chacha, data, RANDOM_KEYSIZE * 8);
} else {
rijndael_cipherInit(&context->cipher, MODE_ECB, NULL);
rijndael_makeKey(&context->key, DIR_ENCRYPT, RANDOM_KEYSIZE*8, data);
}
}
int
esp_rijndael_blockencrypt(const struct esp_algorithm *algo,
struct secasvar *sav, u_int8_t *s, u_int8_t *d)
{
cipherInstance c;
keyInstance *p;
/* does not take advantage of CBC mode support */
bzero(&c, sizeof(c));
if (rijndael_cipherInit(&c, MODE_ECB, NULL) < 0)
return -1;
p = (keyInstance *)sav->sched;
if (rijndael_blockEncrypt(&c, &p[1], s, algo->padbound * 8, d) < 0)
return -1;
return 0;
}
static void
encrypt_sector(void *d, int len, int klen, void *key)
{
keyInstance ki;
cipherInstance ci;
int error;
error = rijndael_cipherInit(&ci, MODE_CBC, NULL);
if (error <= 0)
errx(1, "rijndael_cipherInit=%d", error);
error = rijndael_makeKey(&ki, DIR_ENCRYPT, klen, key);
if (error <= 0)
errx(1, "rijndael_makeKeY=%d", error);
error = rijndael_blockEncrypt(&ci, &ki, d, len * 8, d);
if (error <= 0)
errx(1, "rijndael_blockEncrypt=%d", error);
}
int
main(int argc, char **argv)
{
keyInstance ki;
cipherInstance ci;
uint8_t key[16];
uint8_t in[LL];
uint8_t out[LL];
int i, j;
rijndael_cipherInit(&ci, MODE_CBC, NULL);
for (i = 0; i < 16; i++)
key[i] = i;
rijndael_makeKey(&ki, DIR_DECRYPT, 128, key);
for (i = 0; i < LL; i++)
in[i] = i;
rijndael_blockDecrypt(&ci, &ki, in, LL * 8, out);
for (i = 0; i < LL; i++)
printf("%02x", out[i]);
putchar('\n');
rijndael_blockDecrypt(&ci, &ki, in, LL * 8, in);
j = 0;
for (i = 0; i < LL; i++) {
printf("%02x", in[i]);
if (in[i] != out[i])
j++;
}
putchar('\n');
if (j != 0) {
fprintf(stderr,
"Error: inplace decryption fails in %d places\n", j);
return (1);
} else {
return (0);
}
}
static struct g_geom *
g_aes_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
{
struct g_geom *gp;
struct g_consumer *cp;
struct g_aes_softc *sc;
int error;
u_int sectorsize;
off_t mediasize;
u_char *buf;
g_trace(G_T_TOPOLOGY, "aes_taste(%s,%s)", mp->name, pp->name);
g_topology_assert();
gp = g_new_geomf(mp, "%s.aes", pp->name);
cp = g_new_consumer(gp);
g_attach(cp, pp);
error = g_access(cp, 1, 0, 0);
if (error) {
g_detach(cp);
g_destroy_consumer(cp);
g_destroy_geom(gp);
return (NULL);
}
buf = NULL;
g_topology_unlock();
do {
if (gp->rank != 2)
break;
sectorsize = cp->provider->sectorsize;
mediasize = cp->provider->mediasize;
buf = g_read_data(cp, 0, sectorsize, NULL);
if (buf == NULL) {
break;
}
sc = g_malloc(sizeof(struct g_aes_softc), M_WAITOK | M_ZERO);
if (!memcmp(buf, aes_magic, strlen(aes_magic))) {
sc->keying = KEY_ZERO;
} else if (!memcmp(buf, aes_magic_random,
strlen(aes_magic_random))) {
sc->keying = KEY_RANDOM;
} else if (!memcmp(buf, aes_magic_test,
strlen(aes_magic_test))) {
sc->keying = KEY_TEST;
} else {
g_free(sc);
break;
}
g_free(buf);
gp->softc = sc;
sc->sectorsize = sectorsize;
sc->mediasize = mediasize - sectorsize;
rijndael_cipherInit(&sc->ci, MODE_CBC, NULL);
if (sc->keying == KEY_TEST) {
int i;
u_char *p;
p = sc->master_key;
for (i = 0; i < (int)sizeof sc->master_key; i ++)
*p++ = i;
}
if (sc->keying == KEY_RANDOM) {
int i;
u_int32_t u;
u_char *p;
p = sc->master_key;
for (i = 0; i < (int)sizeof sc->master_key; i += sizeof u) {
u = arc4random();
*p++ = u;
*p++ = u >> 8;
*p++ = u >> 16;
*p++ = u >> 24;
}
}
g_topology_lock();
pp = g_new_providerf(gp, "%s", gp->name);
pp->mediasize = mediasize - sectorsize;
pp->sectorsize = sectorsize;
g_error_provider(pp, 0);
g_topology_unlock();
} while(0);
/* Initialise the encryption routine by setting up the key schedule
* from the supplied /data/ which must be KEYSIZE bytes of binary
* data.
*/
void
yarrow_encrypt_init(struct yarrowkey *context, void *data)
{
rijndael_cipherInit(&context->cipher, MODE_CBC, NULL);
rijndael_makeKey(&context->key, DIR_ENCRYPT, KEYSIZE*8, data);
}
int
geliboot_crypt(u_int algo, int enc, u_char *data, size_t datasize,
const u_char *key, size_t keysize, u_char *iv)
{
keyInstance aeskey;
cipherInstance cipher;
struct aes_xts_ctx xtsctx, *ctxp;
size_t xts_len;
int err, blks, i;
switch (algo) {
case CRYPTO_AES_CBC:
err = rijndael_makeKey(&aeskey, !enc, keysize,
(const char *)key);
if (err < 0) {
printf("Failed to setup decryption keys: %d\n", err);
return (err);
}
err = rijndael_cipherInit(&cipher, MODE_CBC, iv);
if (err < 0) {
printf("Failed to setup IV: %d\n", err);
return (err);
}
switch (enc) {
case 0: /* decrypt */
blks = rijndael_blockDecrypt(&cipher, &aeskey, data,
datasize * 8, data);
break;
case 1: /* encrypt */
blks = rijndael_blockEncrypt(&cipher, &aeskey, data,
datasize * 8, data);
break;
}
if (datasize != (blks / 8)) {
printf("Failed to decrypt the entire input: "
"%u != %u\n", blks, datasize);
return (1);
}
break;
case CRYPTO_AES_XTS:
xts_len = keysize << 1;
ctxp = &xtsctx;
rijndael_set_key(&ctxp->key1, key, xts_len / 2);
rijndael_set_key(&ctxp->key2, key + (xts_len / 16), xts_len / 2);
enc_xform_aes_xts.reinit(ctxp, iv);
switch (enc) {
case 0: /* decrypt */
for (i = 0; i < datasize; i += AES_XTS_BLOCKSIZE) {
enc_xform_aes_xts.decrypt(ctxp, data + i);
}
break;
case 1: /* encrypt */
for (i = 0; i < datasize; i += AES_XTS_BLOCKSIZE) {
enc_xform_aes_xts.encrypt(ctxp, data + i);
}
break;
}
break;
default:
printf("Unsupported crypto algorithm #%d\n", algo);
return (1);
}
return (0);
}