Index: head/sys/crypto/blowfish/bf_skey.c =================================================================== --- head/sys/crypto/blowfish/bf_skey.c (revision 351363) +++ head/sys/crypto/blowfish/bf_skey.c (revision 351364) @@ -1,123 +1,123 @@ /* $KAME: bf_skey.c,v 1.7 2002/02/27 01:33:59 itojun Exp $ */ /* crypto/bf/bf_skey.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include void BF_set_key(key, len, data) BF_KEY *key; int len; - unsigned char *data; + const unsigned char *data; { int i; BF_LONG *p, ri, in[2]; - unsigned char *d, *end; + const unsigned char *d, *end; memcpy((char *)key, (const char *)&bf_init, sizeof(BF_KEY)); p = key->P; if (len > ((BF_ROUNDS + 2) * 4)) len = (BF_ROUNDS + 2) * 4; d = data; end= &(data[len]); for (i = 0; i < BF_ROUNDS + 2; i++) { ri = *(d++); if (d >= end) d = data; ri <<= 8; ri |= *(d++); if (d >= end) d = data; ri <<= 8; ri |= *(d++); if (d >= end) d = data; ri <<= 8; ri |= *(d++); if (d >= end) d = data; p[i] ^= ri; } in[0] = 0L; in[1] = 0L; for (i = 0; i < BF_ROUNDS + 2; i += 2) { BF_encrypt(in, key); p[i ] = in[0]; p[i+1] = in[1]; } p = key->S; for (i = 0; i < 4 * 256; i += 2) { BF_encrypt(in, key); p[i ] = in[0]; p[i+1] = in[1]; } } Index: head/sys/crypto/blowfish/blowfish.h =================================================================== --- head/sys/crypto/blowfish/blowfish.h (revision 351363) +++ head/sys/crypto/blowfish/blowfish.h (revision 351364) @@ -1,93 +1,93 @@ /* $FreeBSD$ */ /* $KAME: blowfish.h,v 1.12 2002/02/27 01:33:59 itojun Exp $ */ /* crypto/bf/blowfish.h */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #ifndef HEADER_BLOWFISH_H #define HEADER_BLOWFISH_H #ifdef __cplusplus extern "C" { #endif #define BF_ENCRYPT 1 #define BF_DECRYPT 0 /* must be 32bit quantity */ #define BF_LONG u_int32_t #define BF_ROUNDS 16 #define BF_BLOCK 8 typedef struct bf_key_st { BF_LONG P[BF_ROUNDS+2]; BF_LONG S[4*256]; } BF_KEY; -void BF_set_key(BF_KEY *, int, unsigned char *); +void BF_set_key(BF_KEY *, int, const unsigned char *); void BF_encrypt(BF_LONG *, BF_KEY *); void BF_decrypt(BF_LONG *, BF_KEY *); void BF_ecb_encrypt(const unsigned char *, unsigned char *, BF_KEY *, int); #ifdef __cplusplus } #endif #endif Index: head/sys/crypto/chacha20/chacha-sw.c =================================================================== --- head/sys/crypto/chacha20/chacha-sw.c (revision 351363) +++ head/sys/crypto/chacha20/chacha-sw.c (revision 351364) @@ -1,78 +1,78 @@ /* This file is in the public domain. */ #include __FBSDID("$FreeBSD$"); #include #include static int -chacha20_xform_setkey(u_int8_t **sched, u_int8_t *key, int len) +chacha20_xform_setkey(u_int8_t **sched, const u_int8_t *key, int len) { struct chacha_ctx *ctx; if (len != CHACHA_MINKEYLEN && len != 32) return (EINVAL); ctx = malloc(sizeof(*ctx), M_CRYPTO_DATA, M_NOWAIT | M_ZERO); *sched = (void *)ctx; if (ctx == NULL) return (ENOMEM); chacha_keysetup(ctx, key, len * 8); return (0); } static void -chacha20_xform_reinit(caddr_t key, u_int8_t *iv) +chacha20_xform_reinit(caddr_t key, const u_int8_t *iv) { struct chacha_ctx *ctx; ctx = (void *)key; chacha_ivsetup(ctx, iv + 8, iv); } static void chacha20_xform_zerokey(u_int8_t **sched) { struct chacha_ctx *ctx; ctx = (void *)*sched; explicit_bzero(ctx, sizeof(*ctx)); free(ctx, M_CRYPTO_DATA); *sched = NULL; } static void chacha20_xform_crypt(caddr_t cctx, u_int8_t *bytes) { struct chacha_ctx *ctx; ctx = (void *)cctx; chacha_encrypt_bytes(ctx, bytes, bytes, 1); } static void chacha20_xform_crypt_multi(void *vctx, uint8_t *bytes, size_t len) { struct chacha_ctx *ctx; ctx = vctx; chacha_encrypt_bytes(ctx, bytes, bytes, len); } struct enc_xform enc_xform_chacha20 = { .type = CRYPTO_CHACHA20, .name = "chacha20", .blocksize = 1, .ivsize = CHACHA_NONCELEN + CHACHA_CTRLEN, .minkey = CHACHA_MINKEYLEN, .maxkey = 32, .encrypt = chacha20_xform_crypt, .decrypt = chacha20_xform_crypt, .setkey = chacha20_xform_setkey, .zerokey = chacha20_xform_zerokey, .reinit = chacha20_xform_reinit, .encrypt_multi = chacha20_xform_crypt_multi, .decrypt_multi = chacha20_xform_crypt_multi, }; Index: head/sys/crypto/des/des.h =================================================================== --- head/sys/crypto/des/des.h (revision 351363) +++ head/sys/crypto/des/des.h (revision 351364) @@ -1,117 +1,117 @@ /* $FreeBSD$ */ /* $KAME: des.h,v 1.8 2001/09/10 04:03:57 itojun Exp $ */ /* lib/des/des.h */ /* Copyright (C) 1995-1996 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This file is part of an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL * specification. This library and applications are * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE * as long as the following conditions are aheared to. * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. If this code is used in a product, * Eric Young should be given attribution as the author of the parts used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Eric Young (eay@mincom.oz.au) * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #ifndef HEADER_DES_H #define HEADER_DES_H #ifdef __cplusplus extern "C" { #endif /* must be 32bit quantity */ #define DES_LONG u_int32_t typedef unsigned char des_cblock[8]; typedef struct des_ks_struct { union { des_cblock cblock; /* make sure things are correct size on machines with * 8 byte longs */ DES_LONG deslong[2]; } ks; int weak_key; } des_key_schedule[16]; #define DES_KEY_SZ (sizeof(des_cblock)) #define DES_SCHEDULE_SZ (sizeof(des_key_schedule)) #define DES_ENCRYPT 1 #define DES_DECRYPT 0 #define DES_CBC_MODE 0 #define DES_PCBC_MODE 1 extern int des_check_key; /* defaults to false */ char *des_options(void); void des_ecb_encrypt(des_cblock *, des_cblock *, des_key_schedule, int); void des_encrypt1(DES_LONG *, des_key_schedule, int); void des_encrypt2(DES_LONG *, des_key_schedule, int); void des_encrypt3(DES_LONG *, des_key_schedule, des_key_schedule, des_key_schedule); void des_decrypt3(DES_LONG *, des_key_schedule, des_key_schedule, des_key_schedule); void des_ecb3_encrypt(des_cblock *, des_cblock *, des_key_schedule, des_key_schedule, des_key_schedule, int); void des_ncbc_encrypt(const unsigned char *, unsigned char *, long, des_key_schedule, des_cblock *, int); void des_ede3_cbc_encrypt(const unsigned char *, unsigned char *, long, des_key_schedule, des_key_schedule, des_key_schedule, des_cblock *, int); void des_set_odd_parity(des_cblock *); void des_fixup_key_parity(des_cblock *); -int des_is_weak_key(des_cblock *); -int des_set_key(des_cblock *, des_key_schedule); -int des_key_sched(des_cblock *, des_key_schedule); -int des_set_key_checked(des_cblock *, des_key_schedule); -void des_set_key_unchecked(des_cblock *, des_key_schedule); -int des_check_key_parity(des_cblock *); +int des_is_weak_key(const des_cblock *); +int des_set_key(const des_cblock *, des_key_schedule); +int des_key_sched(const des_cblock *, des_key_schedule); +int des_set_key_checked(const des_cblock *, des_key_schedule); +void des_set_key_unchecked(const des_cblock *, des_key_schedule); +int des_check_key_parity(const des_cblock *); #ifdef __cplusplus } #endif #endif Index: head/sys/crypto/des/des_setkey.c =================================================================== --- head/sys/crypto/des/des_setkey.c (revision 351363) +++ head/sys/crypto/des/des_setkey.c (revision 351364) @@ -1,236 +1,236 @@ /* $KAME: des_setkey.c,v 1.7 2001/09/10 04:03:58 itojun Exp $ */ /* crypto/des/set_key.c */ /* Copyright (C) 1995-1996 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This file is part of an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL * specification. This library and applications are * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE * as long as the following conditions are aheared to. * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. If this code is used in a product, * Eric Young should be given attribution as the author of the parts used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Eric Young (eay@mincom.oz.au) * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* set_key.c v 1.4 eay 24/9/91 * 1.4 Speed up by 400% :-) * 1.3 added register declarations. * 1.2 unrolled make_key_sched a bit more * 1.1 added norm_expand_bits * 1.0 First working version */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include int des_check_key=0; void des_set_odd_parity(des_cblock *key) { int i; for (i=0; i>(n))^(b))&(m)),\ * (b)^=(t),\ * (a)=((a)^((t)<<(n)))) */ #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ (a)=(a)^(t)^(t>>(16-(n)))) -int des_set_key(des_cblock *key, des_key_schedule schedule) +int des_set_key(const des_cblock *key, des_key_schedule schedule) { if (des_check_key) { return des_set_key_checked(key, schedule); } else { des_set_key_unchecked(key, schedule); return 0; } } /* return 0 if key parity is odd (correct), * return -1 if key parity error, * return -2 if illegal weak key. */ -int des_set_key_checked(des_cblock *key, des_key_schedule schedule) +int des_set_key_checked(const des_cblock *key, des_key_schedule schedule) { if (!des_check_key_parity(key)) return(-1); if (des_is_weak_key(key)) return(-2); des_set_key_unchecked(key, schedule); return 0; } -void des_set_key_unchecked(des_cblock *key, des_key_schedule schedule) +void des_set_key_unchecked(const des_cblock *key, des_key_schedule schedule) { static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0}; DES_LONG c,d,t,s,t2; const unsigned char *in; DES_LONG *k; int i; k = &schedule->ks.deslong[0]; in = &(*key)[0]; c2l(in,c); c2l(in,d); /* do PC1 in 47 simple operations :-) * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov) * for the inspiration. :-) */ PERM_OP (d,c,t,4,0x0f0f0f0fL); HPERM_OP(c,t,-2,0xcccc0000L); HPERM_OP(d,t,-2,0xcccc0000L); PERM_OP (d,c,t,1,0x55555555L); PERM_OP (c,d,t,8,0x00ff00ffL); PERM_OP (d,c,t,1,0x55555555L); d= (((d&0x000000ffL)<<16L)| (d&0x0000ff00L) | ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L)); c&=0x0fffffffL; for (i=0; i>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); } else { c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); } c&=0x0fffffffL; d&=0x0fffffffL; /* could be a few less shifts but I am to lazy at this * point in time to investigate */ s= des_skb[0][ (c )&0x3f ]| des_skb[1][((c>> 6L)&0x03)|((c>> 7L)&0x3c)]| des_skb[2][((c>>13L)&0x0f)|((c>>14L)&0x30)]| des_skb[3][((c>>20L)&0x01)|((c>>21L)&0x06) | ((c>>22L)&0x38)]; t= des_skb[4][ (d )&0x3f ]| des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]| des_skb[6][ (d>>15L)&0x3f ]| des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)]; /* table contained 0213 4657 */ t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL; *(k++)=ROTATE(t2,30)&0xffffffffL; t2=((s>>16L)|(t&0xffff0000L)); *(k++)=ROTATE(t2,26)&0xffffffffL; } } -int des_key_sched(des_cblock *key, des_key_schedule schedule) +int des_key_sched(const des_cblock *key, des_key_schedule schedule) { return(des_set_key(key,schedule)); } void des_fixup_key_parity(des_cblock *key) { des_set_odd_parity(key); } Index: head/sys/opencrypto/cast.c =================================================================== --- head/sys/opencrypto/cast.c (revision 351363) +++ head/sys/opencrypto/cast.c (revision 351364) @@ -1,244 +1,244 @@ /* $OpenBSD: cast.c,v 1.2 2000/06/06 06:49:47 deraadt Exp $ */ /*- * CAST-128 in C * Written by Steve Reid * 100% Public Domain - no warranty * Released 1997.10.11 */ #include __FBSDID("$FreeBSD$"); #include #include #include /* Macros to access 8-bit bytes out of a 32-bit word */ #define U_INT8_Ta(x) ( (u_int8_t) (x>>24) ) #define U_INT8_Tb(x) ( (u_int8_t) ((x>>16)&255) ) #define U_INT8_Tc(x) ( (u_int8_t) ((x>>8)&255) ) #define U_INT8_Td(x) ( (u_int8_t) ((x)&255) ) /* Circular left shift */ #define ROL(x, n) ( ((x)<<(n)) | ((x)>>(32-(n))) ) /* CAST-128 uses three different round functions */ #define F1(l, r, i) \ t = ROL(key->xkey[i] + r, key->xkey[i+16]); \ l ^= ((cast_sbox1[U_INT8_Ta(t)] ^ cast_sbox2[U_INT8_Tb(t)]) - \ cast_sbox3[U_INT8_Tc(t)]) + cast_sbox4[U_INT8_Td(t)]; #define F2(l, r, i) \ t = ROL(key->xkey[i] ^ r, key->xkey[i+16]); \ l ^= ((cast_sbox1[U_INT8_Ta(t)] - cast_sbox2[U_INT8_Tb(t)]) + \ cast_sbox3[U_INT8_Tc(t)]) ^ cast_sbox4[U_INT8_Td(t)]; #define F3(l, r, i) \ t = ROL(key->xkey[i] - r, key->xkey[i+16]); \ l ^= ((cast_sbox1[U_INT8_Ta(t)] + cast_sbox2[U_INT8_Tb(t)]) ^ \ cast_sbox3[U_INT8_Tc(t)]) - cast_sbox4[U_INT8_Td(t)]; /***** Encryption Function *****/ void cast_encrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock) { u_int32_t t, l, r; /* Get inblock into l,r */ l = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) | ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3]; r = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) | ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7]; /* Do the work */ F1(l, r, 0); F2(r, l, 1); F3(l, r, 2); F1(r, l, 3); F2(l, r, 4); F3(r, l, 5); F1(l, r, 6); F2(r, l, 7); F3(l, r, 8); F1(r, l, 9); F2(l, r, 10); F3(r, l, 11); /* Only do full 16 rounds if key length > 80 bits */ if (key->rounds > 12) { F1(l, r, 12); F2(r, l, 13); F3(l, r, 14); F1(r, l, 15); } /* Put l,r into outblock */ outblock[0] = U_INT8_Ta(r); outblock[1] = U_INT8_Tb(r); outblock[2] = U_INT8_Tc(r); outblock[3] = U_INT8_Td(r); outblock[4] = U_INT8_Ta(l); outblock[5] = U_INT8_Tb(l); outblock[6] = U_INT8_Tc(l); outblock[7] = U_INT8_Td(l); /* Wipe clean */ t = l = r = 0; } /***** Decryption Function *****/ void cast_decrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock) { u_int32_t t, l, r; /* Get inblock into l,r */ r = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) | ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3]; l = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) | ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7]; /* Do the work */ /* Only do full 16 rounds if key length > 80 bits */ if (key->rounds > 12) { F1(r, l, 15); F3(l, r, 14); F2(r, l, 13); F1(l, r, 12); } F3(r, l, 11); F2(l, r, 10); F1(r, l, 9); F3(l, r, 8); F2(r, l, 7); F1(l, r, 6); F3(r, l, 5); F2(l, r, 4); F1(r, l, 3); F3(l, r, 2); F2(r, l, 1); F1(l, r, 0); /* Put l,r into outblock */ outblock[0] = U_INT8_Ta(l); outblock[1] = U_INT8_Tb(l); outblock[2] = U_INT8_Tc(l); outblock[3] = U_INT8_Td(l); outblock[4] = U_INT8_Ta(r); outblock[5] = U_INT8_Tb(r); outblock[6] = U_INT8_Tc(r); outblock[7] = U_INT8_Td(r); /* Wipe clean */ t = l = r = 0; } /***** Key Schedule *****/ -void cast_setkey(cast_key* key, u_int8_t* rawkey, int keybytes) +void cast_setkey(cast_key* key, const u_int8_t* rawkey, int keybytes) { u_int32_t t[4] = {0, 0, 0, 0}, z[4] = {0, 0, 0, 0}, x[4]; int i; /* Set number of rounds to 12 or 16, depending on key length */ key->rounds = (keybytes <= 10 ? 12 : 16); /* Copy key to workspace x */ for (i = 0; i < 4; i++) { x[i] = 0; if ((i*4+0) < keybytes) x[i] = (u_int32_t)rawkey[i*4+0] << 24; if ((i*4+1) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+1] << 16; if ((i*4+2) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+2] << 8; if ((i*4+3) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+3]; } /* Generate 32 subkeys, four at a time */ for (i = 0; i < 32; i+=4) { switch (i & 4) { case 0: t[0] = z[0] = x[0] ^ cast_sbox5[U_INT8_Tb(x[3])] ^ cast_sbox6[U_INT8_Td(x[3])] ^ cast_sbox7[U_INT8_Ta(x[3])] ^ cast_sbox8[U_INT8_Tc(x[3])] ^ cast_sbox7[U_INT8_Ta(x[2])]; t[1] = z[1] = x[2] ^ cast_sbox5[U_INT8_Ta(z[0])] ^ cast_sbox6[U_INT8_Tc(z[0])] ^ cast_sbox7[U_INT8_Tb(z[0])] ^ cast_sbox8[U_INT8_Td(z[0])] ^ cast_sbox8[U_INT8_Tc(x[2])]; t[2] = z[2] = x[3] ^ cast_sbox5[U_INT8_Td(z[1])] ^ cast_sbox6[U_INT8_Tc(z[1])] ^ cast_sbox7[U_INT8_Tb(z[1])] ^ cast_sbox8[U_INT8_Ta(z[1])] ^ cast_sbox5[U_INT8_Tb(x[2])]; t[3] = z[3] = x[1] ^ cast_sbox5[U_INT8_Tc(z[2])] ^ cast_sbox6[U_INT8_Tb(z[2])] ^ cast_sbox7[U_INT8_Td(z[2])] ^ cast_sbox8[U_INT8_Ta(z[2])] ^ cast_sbox6[U_INT8_Td(x[2])]; break; case 4: t[0] = x[0] = z[2] ^ cast_sbox5[U_INT8_Tb(z[1])] ^ cast_sbox6[U_INT8_Td(z[1])] ^ cast_sbox7[U_INT8_Ta(z[1])] ^ cast_sbox8[U_INT8_Tc(z[1])] ^ cast_sbox7[U_INT8_Ta(z[0])]; t[1] = x[1] = z[0] ^ cast_sbox5[U_INT8_Ta(x[0])] ^ cast_sbox6[U_INT8_Tc(x[0])] ^ cast_sbox7[U_INT8_Tb(x[0])] ^ cast_sbox8[U_INT8_Td(x[0])] ^ cast_sbox8[U_INT8_Tc(z[0])]; t[2] = x[2] = z[1] ^ cast_sbox5[U_INT8_Td(x[1])] ^ cast_sbox6[U_INT8_Tc(x[1])] ^ cast_sbox7[U_INT8_Tb(x[1])] ^ cast_sbox8[U_INT8_Ta(x[1])] ^ cast_sbox5[U_INT8_Tb(z[0])]; t[3] = x[3] = z[3] ^ cast_sbox5[U_INT8_Tc(x[2])] ^ cast_sbox6[U_INT8_Tb(x[2])] ^ cast_sbox7[U_INT8_Td(x[2])] ^ cast_sbox8[U_INT8_Ta(x[2])] ^ cast_sbox6[U_INT8_Td(z[0])]; break; } switch (i & 12) { case 0: case 12: key->xkey[i+0] = cast_sbox5[U_INT8_Ta(t[2])] ^ cast_sbox6[U_INT8_Tb(t[2])] ^ cast_sbox7[U_INT8_Td(t[1])] ^ cast_sbox8[U_INT8_Tc(t[1])]; key->xkey[i+1] = cast_sbox5[U_INT8_Tc(t[2])] ^ cast_sbox6[U_INT8_Td(t[2])] ^ cast_sbox7[U_INT8_Tb(t[1])] ^ cast_sbox8[U_INT8_Ta(t[1])]; key->xkey[i+2] = cast_sbox5[U_INT8_Ta(t[3])] ^ cast_sbox6[U_INT8_Tb(t[3])] ^ cast_sbox7[U_INT8_Td(t[0])] ^ cast_sbox8[U_INT8_Tc(t[0])]; key->xkey[i+3] = cast_sbox5[U_INT8_Tc(t[3])] ^ cast_sbox6[U_INT8_Td(t[3])] ^ cast_sbox7[U_INT8_Tb(t[0])] ^ cast_sbox8[U_INT8_Ta(t[0])]; break; case 4: case 8: key->xkey[i+0] = cast_sbox5[U_INT8_Td(t[0])] ^ cast_sbox6[U_INT8_Tc(t[0])] ^ cast_sbox7[U_INT8_Ta(t[3])] ^ cast_sbox8[U_INT8_Tb(t[3])]; key->xkey[i+1] = cast_sbox5[U_INT8_Tb(t[0])] ^ cast_sbox6[U_INT8_Ta(t[0])] ^ cast_sbox7[U_INT8_Tc(t[3])] ^ cast_sbox8[U_INT8_Td(t[3])]; key->xkey[i+2] = cast_sbox5[U_INT8_Td(t[1])] ^ cast_sbox6[U_INT8_Tc(t[1])] ^ cast_sbox7[U_INT8_Ta(t[2])] ^ cast_sbox8[U_INT8_Tb(t[2])]; key->xkey[i+3] = cast_sbox5[U_INT8_Tb(t[1])] ^ cast_sbox6[U_INT8_Ta(t[1])] ^ cast_sbox7[U_INT8_Tc(t[2])] ^ cast_sbox8[U_INT8_Td(t[2])]; break; } switch (i & 12) { case 0: key->xkey[i+0] ^= cast_sbox5[U_INT8_Tc(z[0])]; key->xkey[i+1] ^= cast_sbox6[U_INT8_Tc(z[1])]; key->xkey[i+2] ^= cast_sbox7[U_INT8_Tb(z[2])]; key->xkey[i+3] ^= cast_sbox8[U_INT8_Ta(z[3])]; break; case 4: key->xkey[i+0] ^= cast_sbox5[U_INT8_Ta(x[2])]; key->xkey[i+1] ^= cast_sbox6[U_INT8_Tb(x[3])]; key->xkey[i+2] ^= cast_sbox7[U_INT8_Td(x[0])]; key->xkey[i+3] ^= cast_sbox8[U_INT8_Td(x[1])]; break; case 8: key->xkey[i+0] ^= cast_sbox5[U_INT8_Tb(z[2])]; key->xkey[i+1] ^= cast_sbox6[U_INT8_Ta(z[3])]; key->xkey[i+2] ^= cast_sbox7[U_INT8_Tc(z[0])]; key->xkey[i+3] ^= cast_sbox8[U_INT8_Tc(z[1])]; break; case 12: key->xkey[i+0] ^= cast_sbox5[U_INT8_Td(x[0])]; key->xkey[i+1] ^= cast_sbox6[U_INT8_Td(x[1])]; key->xkey[i+2] ^= cast_sbox7[U_INT8_Ta(x[2])]; key->xkey[i+3] ^= cast_sbox8[U_INT8_Tb(x[3])]; break; } if (i >= 16) { key->xkey[i+0] &= 31; key->xkey[i+1] &= 31; key->xkey[i+2] &= 31; key->xkey[i+3] &= 31; } } /* Wipe clean */ for (i = 0; i < 4; i++) { t[i] = x[i] = z[i] = 0; } } /* Made in Canada */ Index: head/sys/opencrypto/cast.h =================================================================== --- head/sys/opencrypto/cast.h (revision 351363) +++ head/sys/opencrypto/cast.h (revision 351364) @@ -1,23 +1,23 @@ /* $FreeBSD$ */ /* $OpenBSD: cast.h,v 1.2 2002/03/14 01:26:51 millert Exp $ */ /*- * CAST-128 in C * Written by Steve Reid * 100% Public Domain - no warranty * Released 1997.10.11 */ #ifndef _CAST_H_ #define _CAST_H_ typedef struct { u_int32_t xkey[32]; /* Key, after expansion */ int rounds; /* Number of rounds to use, 12 or 16 */ } cast_key; -void cast_setkey(cast_key * key, u_int8_t * rawkey, int keybytes); +void cast_setkey(cast_key * key, const u_int8_t * rawkey, int keybytes); void cast_encrypt(cast_key * key, u_int8_t * inblock, u_int8_t * outblock); void cast_decrypt(cast_key * key, u_int8_t * inblock, u_int8_t * outblock); #endif /* ifndef _CAST_H_ */ Index: head/sys/opencrypto/skipjack.c =================================================================== --- head/sys/opencrypto/skipjack.c (revision 351363) +++ head/sys/opencrypto/skipjack.c (revision 351364) @@ -1,260 +1,260 @@ /* $OpenBSD: skipjack.c,v 1.3 2001/05/05 00:31:34 angelos Exp $ */ /*- * Further optimized test implementation of SKIPJACK algorithm * Mark Tillotson , 25 June 98 * Optimizations suit RISC (lots of registers) machine best. * * based on unoptimized implementation of * Panu Rissanen 960624 * * SKIPJACK and KEA Algorithm Specifications * Version 2.0 * 29 May 1998 */ #include __FBSDID("$FreeBSD$"); #include #include static const u_int8_t ftable[0x100] = { 0xa3, 0xd7, 0x09, 0x83, 0xf8, 0x48, 0xf6, 0xf4, 0xb3, 0x21, 0x15, 0x78, 0x99, 0xb1, 0xaf, 0xf9, 0xe7, 0x2d, 0x4d, 0x8a, 0xce, 0x4c, 0xca, 0x2e, 0x52, 0x95, 0xd9, 0x1e, 0x4e, 0x38, 0x44, 0x28, 0x0a, 0xdf, 0x02, 0xa0, 0x17, 0xf1, 0x60, 0x68, 0x12, 0xb7, 0x7a, 0xc3, 0xe9, 0xfa, 0x3d, 0x53, 0x96, 0x84, 0x6b, 0xba, 0xf2, 0x63, 0x9a, 0x19, 0x7c, 0xae, 0xe5, 0xf5, 0xf7, 0x16, 0x6a, 0xa2, 0x39, 0xb6, 0x7b, 0x0f, 0xc1, 0x93, 0x81, 0x1b, 0xee, 0xb4, 0x1a, 0xea, 0xd0, 0x91, 0x2f, 0xb8, 0x55, 0xb9, 0xda, 0x85, 0x3f, 0x41, 0xbf, 0xe0, 0x5a, 0x58, 0x80, 0x5f, 0x66, 0x0b, 0xd8, 0x90, 0x35, 0xd5, 0xc0, 0xa7, 0x33, 0x06, 0x65, 0x69, 0x45, 0x00, 0x94, 0x56, 0x6d, 0x98, 0x9b, 0x76, 0x97, 0xfc, 0xb2, 0xc2, 0xb0, 0xfe, 0xdb, 0x20, 0xe1, 0xeb, 0xd6, 0xe4, 0xdd, 0x47, 0x4a, 0x1d, 0x42, 0xed, 0x9e, 0x6e, 0x49, 0x3c, 0xcd, 0x43, 0x27, 0xd2, 0x07, 0xd4, 0xde, 0xc7, 0x67, 0x18, 0x89, 0xcb, 0x30, 0x1f, 0x8d, 0xc6, 0x8f, 0xaa, 0xc8, 0x74, 0xdc, 0xc9, 0x5d, 0x5c, 0x31, 0xa4, 0x70, 0x88, 0x61, 0x2c, 0x9f, 0x0d, 0x2b, 0x87, 0x50, 0x82, 0x54, 0x64, 0x26, 0x7d, 0x03, 0x40, 0x34, 0x4b, 0x1c, 0x73, 0xd1, 0xc4, 0xfd, 0x3b, 0xcc, 0xfb, 0x7f, 0xab, 0xe6, 0x3e, 0x5b, 0xa5, 0xad, 0x04, 0x23, 0x9c, 0x14, 0x51, 0x22, 0xf0, 0x29, 0x79, 0x71, 0x7e, 0xff, 0x8c, 0x0e, 0xe2, 0x0c, 0xef, 0xbc, 0x72, 0x75, 0x6f, 0x37, 0xa1, 0xec, 0xd3, 0x8e, 0x62, 0x8b, 0x86, 0x10, 0xe8, 0x08, 0x77, 0x11, 0xbe, 0x92, 0x4f, 0x24, 0xc5, 0x32, 0x36, 0x9d, 0xcf, 0xf3, 0xa6, 0xbb, 0xac, 0x5e, 0x6c, 0xa9, 0x13, 0x57, 0x25, 0xb5, 0xe3, 0xbd, 0xa8, 0x3a, 0x01, 0x05, 0x59, 0x2a, 0x46 }; /* * For each key byte generate a table to represent the function * ftable [in ^ keybyte] * * These tables used to save an XOR in each stage of the G-function * the tables are hopefully pointed to by register allocated variables * k0, k1..k9 */ void -subkey_table_gen (u_int8_t *key, u_int8_t **key_tables) +subkey_table_gen (const u_int8_t *key, u_int8_t **key_tables) { int i, k; for (k = 0; k < 10; k++) { u_int8_t key_byte = key [k]; u_int8_t * table = key_tables[k]; for (i = 0; i < 0x100; i++) table [i] = ftable [i ^ key_byte]; } } #define g(k0, k1, k2, k3, ih, il, oh, ol) \ { \ oh = k##k0 [il] ^ ih; \ ol = k##k1 [oh] ^ il; \ oh = k##k2 [ol] ^ oh; \ ol = k##k3 [oh] ^ ol; \ } #define g0(ih, il, oh, ol) g(0, 1, 2, 3, ih, il, oh, ol) #define g4(ih, il, oh, ol) g(4, 5, 6, 7, ih, il, oh, ol) #define g8(ih, il, oh, ol) g(8, 9, 0, 1, ih, il, oh, ol) #define g2(ih, il, oh, ol) g(2, 3, 4, 5, ih, il, oh, ol) #define g6(ih, il, oh, ol) g(6, 7, 8, 9, ih, il, oh, ol) #define g_inv(k0, k1, k2, k3, ih, il, oh, ol) \ { \ ol = k##k3 [ih] ^ il; \ oh = k##k2 [ol] ^ ih; \ ol = k##k1 [oh] ^ ol; \ oh = k##k0 [ol] ^ oh; \ } #define g0_inv(ih, il, oh, ol) g_inv(0, 1, 2, 3, ih, il, oh, ol) #define g4_inv(ih, il, oh, ol) g_inv(4, 5, 6, 7, ih, il, oh, ol) #define g8_inv(ih, il, oh, ol) g_inv(8, 9, 0, 1, ih, il, oh, ol) #define g2_inv(ih, il, oh, ol) g_inv(2, 3, 4, 5, ih, il, oh, ol) #define g6_inv(ih, il, oh, ol) g_inv(6, 7, 8, 9, ih, il, oh, ol) /* optimized version of Skipjack algorithm * * the appropriate g-function is inlined for each round * * the data movement is minimized by rotating the names of the * variables w1..w4, not their contents (saves 3 moves per round) * * the loops are completely unrolled (needed to staticize choice of g) * * compiles to about 470 instructions on a Sparc (gcc -O) * which is about 58 instructions per byte, 14 per round. * gcc seems to leave in some unnecessary and with 0xFF operations * but only in the latter part of the functions. Perhaps it * runs out of resources to properly optimize long inlined function? * in theory should get about 11 instructions per round, not 14 */ void skipjack_forwards(u_int8_t *plain, u_int8_t *cipher, u_int8_t **key_tables) { u_int8_t wh1 = plain[0]; u_int8_t wl1 = plain[1]; u_int8_t wh2 = plain[2]; u_int8_t wl2 = plain[3]; u_int8_t wh3 = plain[4]; u_int8_t wl3 = plain[5]; u_int8_t wh4 = plain[6]; u_int8_t wl4 = plain[7]; u_int8_t * k0 = key_tables [0]; u_int8_t * k1 = key_tables [1]; u_int8_t * k2 = key_tables [2]; u_int8_t * k3 = key_tables [3]; u_int8_t * k4 = key_tables [4]; u_int8_t * k5 = key_tables [5]; u_int8_t * k6 = key_tables [6]; u_int8_t * k7 = key_tables [7]; u_int8_t * k8 = key_tables [8]; u_int8_t * k9 = key_tables [9]; /* first 8 rounds */ g0 (wh1,wl1, wh1,wl1); wl4 ^= wl1 ^ 1; wh4 ^= wh1; g4 (wh4,wl4, wh4,wl4); wl3 ^= wl4 ^ 2; wh3 ^= wh4; g8 (wh3,wl3, wh3,wl3); wl2 ^= wl3 ^ 3; wh2 ^= wh3; g2 (wh2,wl2, wh2,wl2); wl1 ^= wl2 ^ 4; wh1 ^= wh2; g6 (wh1,wl1, wh1,wl1); wl4 ^= wl1 ^ 5; wh4 ^= wh1; g0 (wh4,wl4, wh4,wl4); wl3 ^= wl4 ^ 6; wh3 ^= wh4; g4 (wh3,wl3, wh3,wl3); wl2 ^= wl3 ^ 7; wh2 ^= wh3; g8 (wh2,wl2, wh2,wl2); wl1 ^= wl2 ^ 8; wh1 ^= wh2; /* second 8 rounds */ wh2 ^= wh1; wl2 ^= wl1 ^ 9 ; g2 (wh1,wl1, wh1,wl1); wh1 ^= wh4; wl1 ^= wl4 ^ 10; g6 (wh4,wl4, wh4,wl4); wh4 ^= wh3; wl4 ^= wl3 ^ 11; g0 (wh3,wl3, wh3,wl3); wh3 ^= wh2; wl3 ^= wl2 ^ 12; g4 (wh2,wl2, wh2,wl2); wh2 ^= wh1; wl2 ^= wl1 ^ 13; g8 (wh1,wl1, wh1,wl1); wh1 ^= wh4; wl1 ^= wl4 ^ 14; g2 (wh4,wl4, wh4,wl4); wh4 ^= wh3; wl4 ^= wl3 ^ 15; g6 (wh3,wl3, wh3,wl3); wh3 ^= wh2; wl3 ^= wl2 ^ 16; g0 (wh2,wl2, wh2,wl2); /* third 8 rounds */ g4 (wh1,wl1, wh1,wl1); wl4 ^= wl1 ^ 17; wh4 ^= wh1; g8 (wh4,wl4, wh4,wl4); wl3 ^= wl4 ^ 18; wh3 ^= wh4; g2 (wh3,wl3, wh3,wl3); wl2 ^= wl3 ^ 19; wh2 ^= wh3; g6 (wh2,wl2, wh2,wl2); wl1 ^= wl2 ^ 20; wh1 ^= wh2; g0 (wh1,wl1, wh1,wl1); wl4 ^= wl1 ^ 21; wh4 ^= wh1; g4 (wh4,wl4, wh4,wl4); wl3 ^= wl4 ^ 22; wh3 ^= wh4; g8 (wh3,wl3, wh3,wl3); wl2 ^= wl3 ^ 23; wh2 ^= wh3; g2 (wh2,wl2, wh2,wl2); wl1 ^= wl2 ^ 24; wh1 ^= wh2; /* last 8 rounds */ wh2 ^= wh1; wl2 ^= wl1 ^ 25; g6 (wh1,wl1, wh1,wl1); wh1 ^= wh4; wl1 ^= wl4 ^ 26; g0 (wh4,wl4, wh4,wl4); wh4 ^= wh3; wl4 ^= wl3 ^ 27; g4 (wh3,wl3, wh3,wl3); wh3 ^= wh2; wl3 ^= wl2 ^ 28; g8 (wh2,wl2, wh2,wl2); wh2 ^= wh1; wl2 ^= wl1 ^ 29; g2 (wh1,wl1, wh1,wl1); wh1 ^= wh4; wl1 ^= wl4 ^ 30; g6 (wh4,wl4, wh4,wl4); wh4 ^= wh3; wl4 ^= wl3 ^ 31; g0 (wh3,wl3, wh3,wl3); wh3 ^= wh2; wl3 ^= wl2 ^ 32; g4 (wh2,wl2, wh2,wl2); /* pack into byte vector */ cipher [0] = wh1; cipher [1] = wl1; cipher [2] = wh2; cipher [3] = wl2; cipher [4] = wh3; cipher [5] = wl3; cipher [6] = wh4; cipher [7] = wl4; } void skipjack_backwards (u_int8_t *cipher, u_int8_t *plain, u_int8_t **key_tables) { /* setup 4 16-bit portions */ u_int8_t wh1 = cipher[0]; u_int8_t wl1 = cipher[1]; u_int8_t wh2 = cipher[2]; u_int8_t wl2 = cipher[3]; u_int8_t wh3 = cipher[4]; u_int8_t wl3 = cipher[5]; u_int8_t wh4 = cipher[6]; u_int8_t wl4 = cipher[7]; u_int8_t * k0 = key_tables [0]; u_int8_t * k1 = key_tables [1]; u_int8_t * k2 = key_tables [2]; u_int8_t * k3 = key_tables [3]; u_int8_t * k4 = key_tables [4]; u_int8_t * k5 = key_tables [5]; u_int8_t * k6 = key_tables [6]; u_int8_t * k7 = key_tables [7]; u_int8_t * k8 = key_tables [8]; u_int8_t * k9 = key_tables [9]; /* first 8 rounds */ g4_inv (wh2,wl2, wh2,wl2); wl3 ^= wl2 ^ 32; wh3 ^= wh2; g0_inv (wh3,wl3, wh3,wl3); wl4 ^= wl3 ^ 31; wh4 ^= wh3; g6_inv (wh4,wl4, wh4,wl4); wl1 ^= wl4 ^ 30; wh1 ^= wh4; g2_inv (wh1,wl1, wh1,wl1); wl2 ^= wl1 ^ 29; wh2 ^= wh1; g8_inv (wh2,wl2, wh2,wl2); wl3 ^= wl2 ^ 28; wh3 ^= wh2; g4_inv (wh3,wl3, wh3,wl3); wl4 ^= wl3 ^ 27; wh4 ^= wh3; g0_inv (wh4,wl4, wh4,wl4); wl1 ^= wl4 ^ 26; wh1 ^= wh4; g6_inv (wh1,wl1, wh1,wl1); wl2 ^= wl1 ^ 25; wh2 ^= wh1; /* second 8 rounds */ wh1 ^= wh2; wl1 ^= wl2 ^ 24; g2_inv (wh2,wl2, wh2,wl2); wh2 ^= wh3; wl2 ^= wl3 ^ 23; g8_inv (wh3,wl3, wh3,wl3); wh3 ^= wh4; wl3 ^= wl4 ^ 22; g4_inv (wh4,wl4, wh4,wl4); wh4 ^= wh1; wl4 ^= wl1 ^ 21; g0_inv (wh1,wl1, wh1,wl1); wh1 ^= wh2; wl1 ^= wl2 ^ 20; g6_inv (wh2,wl2, wh2,wl2); wh2 ^= wh3; wl2 ^= wl3 ^ 19; g2_inv (wh3,wl3, wh3,wl3); wh3 ^= wh4; wl3 ^= wl4 ^ 18; g8_inv (wh4,wl4, wh4,wl4); wh4 ^= wh1; wl4 ^= wl1 ^ 17; g4_inv (wh1,wl1, wh1,wl1); /* third 8 rounds */ g0_inv (wh2,wl2, wh2,wl2); wl3 ^= wl2 ^ 16; wh3 ^= wh2; g6_inv (wh3,wl3, wh3,wl3); wl4 ^= wl3 ^ 15; wh4 ^= wh3; g2_inv (wh4,wl4, wh4,wl4); wl1 ^= wl4 ^ 14; wh1 ^= wh4; g8_inv (wh1,wl1, wh1,wl1); wl2 ^= wl1 ^ 13; wh2 ^= wh1; g4_inv (wh2,wl2, wh2,wl2); wl3 ^= wl2 ^ 12; wh3 ^= wh2; g0_inv (wh3,wl3, wh3,wl3); wl4 ^= wl3 ^ 11; wh4 ^= wh3; g6_inv (wh4,wl4, wh4,wl4); wl1 ^= wl4 ^ 10; wh1 ^= wh4; g2_inv (wh1,wl1, wh1,wl1); wl2 ^= wl1 ^ 9; wh2 ^= wh1; /* last 8 rounds */ wh1 ^= wh2; wl1 ^= wl2 ^ 8; g8_inv (wh2,wl2, wh2,wl2); wh2 ^= wh3; wl2 ^= wl3 ^ 7; g4_inv (wh3,wl3, wh3,wl3); wh3 ^= wh4; wl3 ^= wl4 ^ 6; g0_inv (wh4,wl4, wh4,wl4); wh4 ^= wh1; wl4 ^= wl1 ^ 5; g6_inv (wh1,wl1, wh1,wl1); wh1 ^= wh2; wl1 ^= wl2 ^ 4; g2_inv (wh2,wl2, wh2,wl2); wh2 ^= wh3; wl2 ^= wl3 ^ 3; g8_inv (wh3,wl3, wh3,wl3); wh3 ^= wh4; wl3 ^= wl4 ^ 2; g4_inv (wh4,wl4, wh4,wl4); wh4 ^= wh1; wl4 ^= wl1 ^ 1; g0_inv (wh1,wl1, wh1,wl1); /* pack into byte vector */ plain [0] = wh1; plain [1] = wl1; plain [2] = wh2; plain [3] = wl2; plain [4] = wh3; plain [5] = wl3; plain [6] = wh4; plain [7] = wl4; } Index: head/sys/opencrypto/skipjack.h =================================================================== --- head/sys/opencrypto/skipjack.h (revision 351363) +++ head/sys/opencrypto/skipjack.h (revision 351364) @@ -1,24 +1,24 @@ /* $FreeBSD$ */ /* $OpenBSD: skipjack.h,v 1.3 2002/03/14 01:26:51 millert Exp $ */ /*- * Further optimized test implementation of SKIPJACK algorithm * Mark Tillotson , 25 June 98 * Optimizations suit RISC (lots of registers) machine best. * * based on unoptimized implementation of * Panu Rissanen 960624 * * SKIPJACK and KEA Algorithm Specifications * Version 2.0 * 29 May 1998 */ #ifndef _SKIPJACK_H_ #define _SKIPJACK_H_ extern void skipjack_forwards(u_int8_t *plain, u_int8_t *cipher, u_int8_t **key); extern void skipjack_backwards(u_int8_t *cipher, u_int8_t *plain, u_int8_t **key); -extern void subkey_table_gen(u_int8_t *key, u_int8_t **key_tables); +extern void subkey_table_gen(const u_int8_t *key, u_int8_t **key_tables); #endif Index: head/sys/opencrypto/xform_aes_icm.c =================================================================== --- head/sys/opencrypto/xform_aes_icm.c (revision 351363) +++ head/sys/opencrypto/xform_aes_icm.c (revision 351364) @@ -1,180 +1,180 @@ /* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */ /*- * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), * Niels Provos (provos@physnet.uni-hamburg.de) and * Damien Miller (djm@mindrot.org). * * This code was written by John Ioannidis for BSD/OS in Athens, Greece, * in November 1995. * * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, * by Angelos D. Keromytis. * * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis * and Niels Provos. * * Additional features in 1999 by Angelos D. Keromytis. * * AES XTS implementation in 2008 by Damien Miller * * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, * Angelos D. Keromytis and Niels Provos. * * Copyright (C) 2001, Angelos D. Keromytis. * * Copyright (C) 2008, Damien Miller * Copyright (c) 2014 The FreeBSD Foundation * All rights reserved. * * Portions of this software were developed by John-Mark Gurney * under sponsorship of the FreeBSD Foundation and * Rubicon Communications, LLC (Netgate). * * Permission to use, copy, and modify this software with or without fee * is hereby granted, provided that this entire notice is included in * all copies of any software which is or includes a copy or * modification of this software. * You may use this code under the GNU public license if you so wish. Please * contribute changes back to the authors under this freer than GPL license * so that we may further the use of strong encryption without limitations to * all. * * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR * PURPOSE. */ #include __FBSDID("$FreeBSD$"); #include -static int aes_icm_setkey(u_int8_t **, u_int8_t *, int); +static int aes_icm_setkey(u_int8_t **, const u_int8_t *, int); static void aes_icm_crypt(caddr_t, u_int8_t *); static void aes_icm_zerokey(u_int8_t **); -static void aes_icm_reinit(caddr_t, u_int8_t *); -static void aes_gcm_reinit(caddr_t, u_int8_t *); -static void aes_ccm_reinit(caddr_t, u_int8_t *); +static void aes_icm_reinit(caddr_t, const u_int8_t *); +static void aes_gcm_reinit(caddr_t, const u_int8_t *); +static void aes_ccm_reinit(caddr_t, const u_int8_t *); /* Encryption instances */ struct enc_xform enc_xform_aes_icm = { CRYPTO_AES_ICM, "AES-ICM", AES_BLOCK_LEN, AES_BLOCK_LEN, AES_MIN_KEY, AES_MAX_KEY, aes_icm_crypt, aes_icm_crypt, aes_icm_setkey, aes_icm_zerokey, aes_icm_reinit, }; struct enc_xform enc_xform_aes_nist_gcm = { CRYPTO_AES_NIST_GCM_16, "AES-GCM", AES_ICM_BLOCK_LEN, AES_GCM_IV_LEN, AES_MIN_KEY, AES_MAX_KEY, aes_icm_crypt, aes_icm_crypt, aes_icm_setkey, aes_icm_zerokey, aes_gcm_reinit, }; struct enc_xform enc_xform_ccm = { .type = CRYPTO_AES_CCM_16, .name = "AES-CCM", .blocksize = AES_ICM_BLOCK_LEN, .ivsize = AES_CCM_IV_LEN, .minkey = AES_MIN_KEY, .maxkey = AES_MAX_KEY, .encrypt = aes_icm_crypt, .decrypt = aes_icm_crypt, .setkey = aes_icm_setkey, .zerokey = aes_icm_zerokey, .reinit = aes_ccm_reinit, }; /* * Encryption wrapper routines. */ static void -aes_icm_reinit(caddr_t key, u_int8_t *iv) +aes_icm_reinit(caddr_t key, const u_int8_t *iv) { struct aes_icm_ctx *ctx; ctx = (struct aes_icm_ctx *)key; bcopy(iv, ctx->ac_block, AESICM_BLOCKSIZE); } static void -aes_gcm_reinit(caddr_t key, u_int8_t *iv) +aes_gcm_reinit(caddr_t key, const u_int8_t *iv) { struct aes_icm_ctx *ctx; aes_icm_reinit(key, iv); ctx = (struct aes_icm_ctx *)key; /* GCM starts with 2 as counter 1 is used for final xor of tag. */ bzero(&ctx->ac_block[AESICM_BLOCKSIZE - 4], 4); ctx->ac_block[AESICM_BLOCKSIZE - 1] = 2; } static void -aes_ccm_reinit(caddr_t key, u_int8_t *iv) +aes_ccm_reinit(caddr_t key, const u_int8_t *iv) { struct aes_icm_ctx *ctx; ctx = (struct aes_icm_ctx*)key; /* CCM has flags, then the IV, then the counter, which starts at 1 */ bzero(ctx->ac_block, sizeof(ctx->ac_block)); /* 3 bytes for length field; this gives a nonce of 12 bytes */ ctx->ac_block[0] = (15 - AES_CCM_IV_LEN) - 1; bcopy(iv, ctx->ac_block+1, AES_CCM_IV_LEN); ctx->ac_block[AESICM_BLOCKSIZE - 1] = 1; } static void aes_icm_crypt(caddr_t key, u_int8_t *data) { struct aes_icm_ctx *ctx; u_int8_t keystream[AESICM_BLOCKSIZE]; int i; ctx = (struct aes_icm_ctx *)key; rijndaelEncrypt(ctx->ac_ek, ctx->ac_nr, ctx->ac_block, keystream); for (i = 0; i < AESICM_BLOCKSIZE; i++) data[i] ^= keystream[i]; explicit_bzero(keystream, sizeof(keystream)); /* increment counter */ for (i = AESICM_BLOCKSIZE - 1; i >= 0; i--) if (++ctx->ac_block[i]) /* continue on overflow */ break; } static int -aes_icm_setkey(u_int8_t **sched, u_int8_t *key, int len) +aes_icm_setkey(u_int8_t **sched, const u_int8_t *key, int len) { struct aes_icm_ctx *ctx; if (len != 16 && len != 24 && len != 32) return EINVAL; *sched = KMALLOC(sizeof(struct aes_icm_ctx), M_CRYPTO_DATA, M_NOWAIT | M_ZERO); if (*sched == NULL) return ENOMEM; ctx = (struct aes_icm_ctx *)*sched; - ctx->ac_nr = rijndaelKeySetupEnc(ctx->ac_ek, (u_char *)key, len * 8); + ctx->ac_nr = rijndaelKeySetupEnc(ctx->ac_ek, key, len * 8); return 0; } static void aes_icm_zerokey(u_int8_t **sched) { bzero(*sched, sizeof(struct aes_icm_ctx)); KFREE(*sched, M_CRYPTO_DATA); *sched = NULL; } Index: head/sys/opencrypto/xform_aes_xts.c =================================================================== --- head/sys/opencrypto/xform_aes_xts.c (revision 351363) +++ head/sys/opencrypto/xform_aes_xts.c (revision 351364) @@ -1,164 +1,164 @@ /* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */ /*- * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), * Niels Provos (provos@physnet.uni-hamburg.de) and * Damien Miller (djm@mindrot.org). * * This code was written by John Ioannidis for BSD/OS in Athens, Greece, * in November 1995. * * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, * by Angelos D. Keromytis. * * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis * and Niels Provos. * * Additional features in 1999 by Angelos D. Keromytis. * * AES XTS implementation in 2008 by Damien Miller * * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, * Angelos D. Keromytis and Niels Provos. * * Copyright (C) 2001, Angelos D. Keromytis. * * Copyright (C) 2008, Damien Miller * Copyright (c) 2014 The FreeBSD Foundation * All rights reserved. * * Portions of this software were developed by John-Mark Gurney * under sponsorship of the FreeBSD Foundation and * Rubicon Communications, LLC (Netgate). * * Permission to use, copy, and modify this software with or without fee * is hereby granted, provided that this entire notice is included in * all copies of any software which is or includes a copy or * modification of this software. * You may use this code under the GNU public license if you so wish. Please * contribute changes back to the authors under this freer than GPL license * so that we may further the use of strong encryption without limitations to * all. * * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR * PURPOSE. */ #include __FBSDID("$FreeBSD$"); #include -static int aes_xts_setkey(u_int8_t **, u_int8_t *, int); +static int aes_xts_setkey(u_int8_t **, const u_int8_t *, int); static void aes_xts_encrypt(caddr_t, u_int8_t *); static void aes_xts_decrypt(caddr_t, u_int8_t *); static void aes_xts_zerokey(u_int8_t **); -static void aes_xts_reinit(caddr_t, u_int8_t *); +static void aes_xts_reinit(caddr_t, const u_int8_t *); /* Encryption instances */ struct enc_xform enc_xform_aes_xts = { CRYPTO_AES_XTS, "AES-XTS", AES_BLOCK_LEN, AES_XTS_IV_LEN, AES_XTS_MIN_KEY, AES_XTS_MAX_KEY, aes_xts_encrypt, aes_xts_decrypt, aes_xts_setkey, aes_xts_zerokey, aes_xts_reinit }; /* * Encryption wrapper routines. */ static void -aes_xts_reinit(caddr_t key, u_int8_t *iv) +aes_xts_reinit(caddr_t key, const u_int8_t *iv) { struct aes_xts_ctx *ctx = (struct aes_xts_ctx *)key; u_int64_t blocknum; u_int i; /* * Prepare tweak as E_k2(IV). IV is specified as LE representation * of a 64-bit block number which we allow to be passed in directly. */ bcopy(iv, &blocknum, AES_XTS_IVSIZE); for (i = 0; i < AES_XTS_IVSIZE; i++) { ctx->tweak[i] = blocknum & 0xff; blocknum >>= 8; } /* Last 64 bits of IV are always zero */ bzero(ctx->tweak + AES_XTS_IVSIZE, AES_XTS_IVSIZE); rijndael_encrypt(&ctx->key2, ctx->tweak, ctx->tweak); } static void aes_xts_crypt(struct aes_xts_ctx *ctx, u_int8_t *data, u_int do_encrypt) { u_int8_t block[AES_XTS_BLOCKSIZE]; u_int i, carry_in, carry_out; for (i = 0; i < AES_XTS_BLOCKSIZE; i++) block[i] = data[i] ^ ctx->tweak[i]; if (do_encrypt) rijndael_encrypt(&ctx->key1, block, data); else rijndael_decrypt(&ctx->key1, block, data); for (i = 0; i < AES_XTS_BLOCKSIZE; i++) data[i] ^= ctx->tweak[i]; /* Exponentiate tweak */ carry_in = 0; for (i = 0; i < AES_XTS_BLOCKSIZE; i++) { carry_out = ctx->tweak[i] & 0x80; ctx->tweak[i] = (ctx->tweak[i] << 1) | (carry_in ? 1 : 0); carry_in = carry_out; } if (carry_in) ctx->tweak[0] ^= AES_XTS_ALPHA; bzero(block, sizeof(block)); } static void aes_xts_encrypt(caddr_t key, u_int8_t *data) { aes_xts_crypt((struct aes_xts_ctx *)key, data, 1); } static void aes_xts_decrypt(caddr_t key, u_int8_t *data) { aes_xts_crypt((struct aes_xts_ctx *)key, data, 0); } static int -aes_xts_setkey(u_int8_t **sched, u_int8_t *key, int len) +aes_xts_setkey(u_int8_t **sched, const u_int8_t *key, int len) { struct aes_xts_ctx *ctx; if (len != 32 && len != 64) return EINVAL; *sched = KMALLOC(sizeof(struct aes_xts_ctx), M_CRYPTO_DATA, M_NOWAIT | M_ZERO); if (*sched == NULL) return ENOMEM; ctx = (struct aes_xts_ctx *)*sched; rijndael_set_key(&ctx->key1, key, len * 4); rijndael_set_key(&ctx->key2, key + (len / 2), len * 4); return 0; } static void aes_xts_zerokey(u_int8_t **sched) { bzero(*sched, sizeof(struct aes_xts_ctx)); KFREE(*sched, M_CRYPTO_DATA); *sched = NULL; } Index: head/sys/opencrypto/xform_blf.c =================================================================== --- head/sys/opencrypto/xform_blf.c (revision 351363) +++ head/sys/opencrypto/xform_blf.c (revision 351364) @@ -1,127 +1,127 @@ /* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */ /*- * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), * Niels Provos (provos@physnet.uni-hamburg.de) and * Damien Miller (djm@mindrot.org). * * This code was written by John Ioannidis for BSD/OS in Athens, Greece, * in November 1995. * * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, * by Angelos D. Keromytis. * * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis * and Niels Provos. * * Additional features in 1999 by Angelos D. Keromytis. * * AES XTS implementation in 2008 by Damien Miller * * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, * Angelos D. Keromytis and Niels Provos. * * Copyright (C) 2001, Angelos D. Keromytis. * * Copyright (C) 2008, Damien Miller * Copyright (c) 2014 The FreeBSD Foundation * All rights reserved. * * Portions of this software were developed by John-Mark Gurney * under sponsorship of the FreeBSD Foundation and * Rubicon Communications, LLC (Netgate). * * Permission to use, copy, and modify this software with or without fee * is hereby granted, provided that this entire notice is included in * all copies of any software which is or includes a copy or * modification of this software. * You may use this code under the GNU public license if you so wish. Please * contribute changes back to the authors under this freer than GPL license * so that we may further the use of strong encryption without limitations to * all. * * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR * PURPOSE. */ #include __FBSDID("$FreeBSD$"); #include #include -static int blf_setkey(u_int8_t **, u_int8_t *, int); +static int blf_setkey(u_int8_t **, const u_int8_t *, int); static void blf_encrypt(caddr_t, u_int8_t *); static void blf_decrypt(caddr_t, u_int8_t *); static void blf_zerokey(u_int8_t **); /* Encryption instances */ struct enc_xform enc_xform_blf = { CRYPTO_BLF_CBC, "Blowfish", BLOWFISH_BLOCK_LEN, BLOWFISH_BLOCK_LEN, BLOWFISH_MIN_KEY, BLOWFISH_MAX_KEY, blf_encrypt, blf_decrypt, blf_setkey, blf_zerokey, NULL, }; /* * Encryption wrapper routines. */ static void blf_encrypt(caddr_t key, u_int8_t *blk) { BF_LONG t[2]; memcpy(t, blk, sizeof (t)); t[0] = ntohl(t[0]); t[1] = ntohl(t[1]); /* NB: BF_encrypt expects the block in host order! */ BF_encrypt(t, (BF_KEY *) key); t[0] = htonl(t[0]); t[1] = htonl(t[1]); memcpy(blk, t, sizeof (t)); } static void blf_decrypt(caddr_t key, u_int8_t *blk) { BF_LONG t[2]; memcpy(t, blk, sizeof (t)); t[0] = ntohl(t[0]); t[1] = ntohl(t[1]); /* NB: BF_decrypt expects the block in host order! */ BF_decrypt(t, (BF_KEY *) key); t[0] = htonl(t[0]); t[1] = htonl(t[1]); memcpy(blk, t, sizeof (t)); } static int -blf_setkey(u_int8_t **sched, u_int8_t *key, int len) +blf_setkey(u_int8_t **sched, const u_int8_t *key, int len) { int err; *sched = KMALLOC(sizeof(BF_KEY), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); if (*sched != NULL) { BF_set_key((BF_KEY *) *sched, len, key); err = 0; } else err = ENOMEM; return err; } static void blf_zerokey(u_int8_t **sched) { bzero(*sched, sizeof(BF_KEY)); KFREE(*sched, M_CRYPTO_DATA); *sched = NULL; } Index: head/sys/opencrypto/xform_cast5.c =================================================================== --- head/sys/opencrypto/xform_cast5.c (revision 351363) +++ head/sys/opencrypto/xform_cast5.c (revision 351364) @@ -1,107 +1,107 @@ /* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */ /*- * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), * Niels Provos (provos@physnet.uni-hamburg.de) and * Damien Miller (djm@mindrot.org). * * This code was written by John Ioannidis for BSD/OS in Athens, Greece, * in November 1995. * * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, * by Angelos D. Keromytis. * * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis * and Niels Provos. * * Additional features in 1999 by Angelos D. Keromytis. * * AES XTS implementation in 2008 by Damien Miller * * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, * Angelos D. Keromytis and Niels Provos. * * Copyright (C) 2001, Angelos D. Keromytis. * * Copyright (C) 2008, Damien Miller * Copyright (c) 2014 The FreeBSD Foundation * All rights reserved. * * Portions of this software were developed by John-Mark Gurney * under sponsorship of the FreeBSD Foundation and * Rubicon Communications, LLC (Netgate). * * Permission to use, copy, and modify this software with or without fee * is hereby granted, provided that this entire notice is included in * all copies of any software which is or includes a copy or * modification of this software. * You may use this code under the GNU public license if you so wish. Please * contribute changes back to the authors under this freer than GPL license * so that we may further the use of strong encryption without limitations to * all. * * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR * PURPOSE. */ #include __FBSDID("$FreeBSD$"); #include #include -static int cast5_setkey(u_int8_t **, u_int8_t *, int); +static int cast5_setkey(u_int8_t **, const u_int8_t *, int); static void cast5_encrypt(caddr_t, u_int8_t *); static void cast5_decrypt(caddr_t, u_int8_t *); static void cast5_zerokey(u_int8_t **); /* Encryption instances */ struct enc_xform enc_xform_cast5 = { CRYPTO_CAST_CBC, "CAST-128", CAST128_BLOCK_LEN, CAST128_BLOCK_LEN, CAST_MIN_KEY, CAST_MAX_KEY, cast5_encrypt, cast5_decrypt, cast5_setkey, cast5_zerokey, NULL, }; /* * Encryption wrapper routines. */ static void cast5_encrypt(caddr_t key, u_int8_t *blk) { cast_encrypt((cast_key *) key, blk, blk); } static void cast5_decrypt(caddr_t key, u_int8_t *blk) { cast_decrypt((cast_key *) key, blk, blk); } static int -cast5_setkey(u_int8_t **sched, u_int8_t *key, int len) +cast5_setkey(u_int8_t **sched, const u_int8_t *key, int len) { int err; *sched = KMALLOC(sizeof(cast_key), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); if (*sched != NULL) { cast_setkey((cast_key *)*sched, key, len); err = 0; } else err = ENOMEM; return err; } static void cast5_zerokey(u_int8_t **sched) { bzero(*sched, sizeof(cast_key)); KFREE(*sched, M_CRYPTO_DATA); *sched = NULL; } Index: head/sys/opencrypto/xform_cml.c =================================================================== --- head/sys/opencrypto/xform_cml.c (revision 351363) +++ head/sys/opencrypto/xform_cml.c (revision 351364) @@ -1,113 +1,113 @@ /* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */ /*- * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), * Niels Provos (provos@physnet.uni-hamburg.de) and * Damien Miller (djm@mindrot.org). * * This code was written by John Ioannidis for BSD/OS in Athens, Greece, * in November 1995. * * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, * by Angelos D. Keromytis. * * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis * and Niels Provos. * * Additional features in 1999 by Angelos D. Keromytis. * * AES XTS implementation in 2008 by Damien Miller * * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, * Angelos D. Keromytis and Niels Provos. * * Copyright (C) 2001, Angelos D. Keromytis. * * Copyright (C) 2008, Damien Miller * Copyright (c) 2014 The FreeBSD Foundation * All rights reserved. * * Portions of this software were developed by John-Mark Gurney * under sponsorship of the FreeBSD Foundation and * Rubicon Communications, LLC (Netgate). * * Permission to use, copy, and modify this software with or without fee * is hereby granted, provided that this entire notice is included in * all copies of any software which is or includes a copy or * modification of this software. * You may use this code under the GNU public license if you so wish. Please * contribute changes back to the authors under this freer than GPL license * so that we may further the use of strong encryption without limitations to * all. * * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR * PURPOSE. */ #include __FBSDID("$FreeBSD$"); #include #include -static int cml_setkey(u_int8_t **, u_int8_t *, int); +static int cml_setkey(u_int8_t **, const u_int8_t *, int); static void cml_encrypt(caddr_t, u_int8_t *); static void cml_decrypt(caddr_t, u_int8_t *); static void cml_zerokey(u_int8_t **); /* Encryption instances */ struct enc_xform enc_xform_camellia = { CRYPTO_CAMELLIA_CBC, "Camellia", CAMELLIA_BLOCK_LEN, CAMELLIA_BLOCK_LEN, CAMELLIA_MIN_KEY, CAMELLIA_MAX_KEY, cml_encrypt, cml_decrypt, cml_setkey, cml_zerokey, NULL, }; /* * Encryption wrapper routines. */ static void cml_encrypt(caddr_t key, u_int8_t *blk) { camellia_encrypt((camellia_ctx *) key, (u_char *) blk, (u_char *) blk); } static void cml_decrypt(caddr_t key, u_int8_t *blk) { camellia_decrypt(((camellia_ctx *) key), (u_char *) blk, (u_char *) blk); } static int -cml_setkey(u_int8_t **sched, u_int8_t *key, int len) +cml_setkey(u_int8_t **sched, const u_int8_t *key, int len) { int err; if (len != 16 && len != 24 && len != 32) return (EINVAL); *sched = KMALLOC(sizeof(camellia_ctx), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); if (*sched != NULL) { - camellia_set_key((camellia_ctx *) *sched, (u_char *) key, + camellia_set_key((camellia_ctx *) *sched, key, len * 8); err = 0; } else err = ENOMEM; return err; } static void cml_zerokey(u_int8_t **sched) { bzero(*sched, sizeof(camellia_ctx)); KFREE(*sched, M_CRYPTO_DATA); *sched = NULL; } Index: head/sys/opencrypto/xform_des1.c =================================================================== --- head/sys/opencrypto/xform_des1.c (revision 351363) +++ head/sys/opencrypto/xform_des1.c (revision 351364) @@ -1,116 +1,116 @@ /* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */ /*- * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), * Niels Provos (provos@physnet.uni-hamburg.de) and * Damien Miller (djm@mindrot.org). * * This code was written by John Ioannidis for BSD/OS in Athens, Greece, * in November 1995. * * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, * by Angelos D. Keromytis. * * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis * and Niels Provos. * * Additional features in 1999 by Angelos D. Keromytis. * * AES XTS implementation in 2008 by Damien Miller * * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, * Angelos D. Keromytis and Niels Provos. * * Copyright (C) 2001, Angelos D. Keromytis. * * Copyright (C) 2008, Damien Miller * Copyright (c) 2014 The FreeBSD Foundation * All rights reserved. * * Portions of this software were developed by John-Mark Gurney * under sponsorship of the FreeBSD Foundation and * Rubicon Communications, LLC (Netgate). * * Permission to use, copy, and modify this software with or without fee * is hereby granted, provided that this entire notice is included in * all copies of any software which is or includes a copy or * modification of this software. * You may use this code under the GNU public license if you so wish. Please * contribute changes back to the authors under this freer than GPL license * so that we may further the use of strong encryption without limitations to * all. * * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR * PURPOSE. */ #include __FBSDID("$FreeBSD$"); #include #include -static int des1_setkey(u_int8_t **, u_int8_t *, int); +static int des1_setkey(u_int8_t **, const u_int8_t *, int); static void des1_encrypt(caddr_t, u_int8_t *); static void des1_decrypt(caddr_t, u_int8_t *); static void des1_zerokey(u_int8_t **); /* Encryption instances */ struct enc_xform enc_xform_des = { CRYPTO_DES_CBC, "DES", DES_BLOCK_LEN, DES_BLOCK_LEN, DES_MIN_KEY, DES_MAX_KEY, des1_encrypt, des1_decrypt, des1_setkey, des1_zerokey, NULL, }; /* * Encryption wrapper routines. */ static void des1_encrypt(caddr_t key, u_int8_t *blk) { des_cblock *cb = (des_cblock *) blk; des_key_schedule *p = (des_key_schedule *) key; des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT); } static void des1_decrypt(caddr_t key, u_int8_t *blk) { des_cblock *cb = (des_cblock *) blk; des_key_schedule *p = (des_key_schedule *) key; des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT); } static int -des1_setkey(u_int8_t **sched, u_int8_t *key, int len) +des1_setkey(u_int8_t **sched, const u_int8_t *key, int len) { des_key_schedule *p; int err; p = KMALLOC(sizeof (des_key_schedule), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); if (p != NULL) { - des_set_key((des_cblock *) key, p[0]); + des_set_key((const des_cblock *) key, p[0]); err = 0; } else err = ENOMEM; *sched = (u_int8_t *) p; return err; } static void des1_zerokey(u_int8_t **sched) { bzero(*sched, sizeof (des_key_schedule)); KFREE(*sched, M_CRYPTO_DATA); *sched = NULL; } Index: head/sys/opencrypto/xform_des3.c =================================================================== --- head/sys/opencrypto/xform_des3.c (revision 351363) +++ head/sys/opencrypto/xform_des3.c (revision 351364) @@ -1,119 +1,119 @@ /* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */ /*- * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), * Niels Provos (provos@physnet.uni-hamburg.de) and * Damien Miller (djm@mindrot.org). * * This code was written by John Ioannidis for BSD/OS in Athens, Greece, * in November 1995. * * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, * by Angelos D. Keromytis. * * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis * and Niels Provos. * * Additional features in 1999 by Angelos D. Keromytis. * * AES XTS implementation in 2008 by Damien Miller * * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, * Angelos D. Keromytis and Niels Provos. * * Copyright (C) 2001, Angelos D. Keromytis. * * Copyright (C) 2008, Damien Miller * Copyright (c) 2014 The FreeBSD Foundation * All rights reserved. * * Portions of this software were developed by John-Mark Gurney * under sponsorship of the FreeBSD Foundation and * Rubicon Communications, LLC (Netgate). * * Permission to use, copy, and modify this software with or without fee * is hereby granted, provided that this entire notice is included in * all copies of any software which is or includes a copy or * modification of this software. * You may use this code under the GNU public license if you so wish. Please * contribute changes back to the authors under this freer than GPL license * so that we may further the use of strong encryption without limitations to * all. * * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR * PURPOSE. */ #include __FBSDID("$FreeBSD$"); #include #include -static int des3_setkey(u_int8_t **, u_int8_t *, int); +static int des3_setkey(u_int8_t **, const u_int8_t *, int); static void des3_encrypt(caddr_t, u_int8_t *); static void des3_decrypt(caddr_t, u_int8_t *); static void des3_zerokey(u_int8_t **); /* Encryption instances */ struct enc_xform enc_xform_3des = { CRYPTO_3DES_CBC, "3DES", DES3_BLOCK_LEN, DES3_BLOCK_LEN, TRIPLE_DES_MIN_KEY, TRIPLE_DES_MAX_KEY, des3_encrypt, des3_decrypt, des3_setkey, des3_zerokey, NULL, }; /* * Encryption wrapper routines. */ static void des3_encrypt(caddr_t key, u_int8_t *blk) { des_cblock *cb = (des_cblock *) blk; des_key_schedule *p = (des_key_schedule *) key; des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT); } static void des3_decrypt(caddr_t key, u_int8_t *blk) { des_cblock *cb = (des_cblock *) blk; des_key_schedule *p = (des_key_schedule *) key; des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT); } static int -des3_setkey(u_int8_t **sched, u_int8_t *key, int len) +des3_setkey(u_int8_t **sched, const u_int8_t *key, int len) { des_key_schedule *p; int err; p = KMALLOC(3*sizeof (des_key_schedule), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); if (p != NULL) { - des_set_key((des_cblock *)(key + 0), p[0]); - des_set_key((des_cblock *)(key + 8), p[1]); - des_set_key((des_cblock *)(key + 16), p[2]); + des_set_key((const des_cblock *)(key + 0), p[0]); + des_set_key((const des_cblock *)(key + 8), p[1]); + des_set_key((const des_cblock *)(key + 16), p[2]); err = 0; } else err = ENOMEM; *sched = (u_int8_t *) p; return err; } static void des3_zerokey(u_int8_t **sched) { bzero(*sched, 3*sizeof (des_key_schedule)); KFREE(*sched, M_CRYPTO_DATA); *sched = NULL; } Index: head/sys/opencrypto/xform_enc.h =================================================================== --- head/sys/opencrypto/xform_enc.h (revision 351363) +++ head/sys/opencrypto/xform_enc.h (revision 351364) @@ -1,102 +1,102 @@ /* $FreeBSD$ */ /* $OpenBSD: xform.h,v 1.8 2001/08/28 12:20:43 ben Exp $ */ /*- * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * * This code was written by Angelos D. Keromytis in Athens, Greece, in * February 2000. Network Security Technologies Inc. (NSTI) kindly * supported the development of this code. * * Copyright (c) 2000 Angelos D. Keromytis * Copyright (c) 2014 The FreeBSD Foundation * All rights reserved. * * Portions of this software were developed by John-Mark Gurney * under sponsorship of the FreeBSD Foundation and * Rubicon Communications, LLC (Netgate). * * Permission to use, copy, and modify this software without fee * is hereby granted, provided that this entire notice is included in * all source code copies of any software which is or includes a copy or * modification of this software. * * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR * PURPOSE. */ #ifndef _CRYPTO_XFORM_ENC_H_ #define _CRYPTO_XFORM_ENC_H_ #include #include #include #include #include #include #include #include #include #include #define AESICM_BLOCKSIZE AES_BLOCK_LEN #define AES_XTS_BLOCKSIZE 16 #define AES_XTS_IVSIZE 8 #define AES_XTS_ALPHA 0x87 /* GF(2^128) generator polynomial */ /* Declarations */ struct enc_xform { int type; char *name; u_int16_t blocksize; /* Required input block size -- 1 for stream ciphers. */ u_int16_t ivsize; u_int16_t minkey, maxkey; void (*encrypt) (caddr_t, u_int8_t *); void (*decrypt) (caddr_t, u_int8_t *); - int (*setkey) (u_int8_t **, u_int8_t *, int len); + int (*setkey) (u_int8_t **, const u_int8_t *, int len); void (*zerokey) (u_int8_t **); - void (*reinit) (caddr_t, u_int8_t *); + void (*reinit) (caddr_t, const u_int8_t *); /* * Encrypt/decrypt 1+ blocks of input -- total size is 'len' bytes. * Len is guaranteed to be a multiple of the defined 'blocksize'. * Optional interface -- most useful for stream ciphers with a small * blocksize (1). */ void (*encrypt_multi) (void *, uint8_t *, size_t len); void (*decrypt_multi) (void *, uint8_t *, size_t len); }; extern struct enc_xform enc_xform_null; extern struct enc_xform enc_xform_des; extern struct enc_xform enc_xform_3des; extern struct enc_xform enc_xform_blf; extern struct enc_xform enc_xform_cast5; extern struct enc_xform enc_xform_skipjack; extern struct enc_xform enc_xform_rijndael128; extern struct enc_xform enc_xform_aes_icm; extern struct enc_xform enc_xform_aes_nist_gcm; extern struct enc_xform enc_xform_aes_nist_gmac; extern struct enc_xform enc_xform_aes_xts; extern struct enc_xform enc_xform_arc4; extern struct enc_xform enc_xform_camellia; extern struct enc_xform enc_xform_chacha20; extern struct enc_xform enc_xform_ccm; struct aes_icm_ctx { u_int32_t ac_ek[4*(RIJNDAEL_MAXNR + 1)]; /* ac_block is initalized to IV */ u_int8_t ac_block[AESICM_BLOCKSIZE]; int ac_nr; }; struct aes_xts_ctx { rijndael_ctx key1; rijndael_ctx key2; u_int8_t tweak[AES_XTS_BLOCKSIZE]; }; #endif /* _CRYPTO_XFORM_ENC_H_ */ Index: head/sys/opencrypto/xform_null.c =================================================================== --- head/sys/opencrypto/xform_null.c (revision 351363) +++ head/sys/opencrypto/xform_null.c (revision 351364) @@ -1,144 +1,144 @@ /* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */ /*- * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), * Niels Provos (provos@physnet.uni-hamburg.de) and * Damien Miller (djm@mindrot.org). * * This code was written by John Ioannidis for BSD/OS in Athens, Greece, * in November 1995. * * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, * by Angelos D. Keromytis. * * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis * and Niels Provos. * * Additional features in 1999 by Angelos D. Keromytis. * * AES XTS implementation in 2008 by Damien Miller * * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, * Angelos D. Keromytis and Niels Provos. * * Copyright (C) 2001, Angelos D. Keromytis. * * Copyright (C) 2008, Damien Miller * Copyright (c) 2014 The FreeBSD Foundation * All rights reserved. * * Portions of this software were developed by John-Mark Gurney * under sponsorship of the FreeBSD Foundation and * Rubicon Communications, LLC (Netgate). * * Permission to use, copy, and modify this software with or without fee * is hereby granted, provided that this entire notice is included in * all copies of any software which is or includes a copy or * modification of this software. * You may use this code under the GNU public license if you so wish. Please * contribute changes back to the authors under this freer than GPL license * so that we may further the use of strong encryption without limitations to * all. * * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR * PURPOSE. */ #include __FBSDID("$FreeBSD$"); #include #include -static int null_setkey(u_int8_t **, u_int8_t *, int); +static int null_setkey(u_int8_t **, const u_int8_t *, int); static void null_encrypt(caddr_t, u_int8_t *); static void null_decrypt(caddr_t, u_int8_t *); static void null_zerokey(u_int8_t **); static void null_init(void *); static void null_reinit(void *ctx, const u_int8_t *buf, u_int16_t len); static int null_update(void *, const u_int8_t *, u_int16_t); static void null_final(u_int8_t *, void *); /* Encryption instances */ struct enc_xform enc_xform_null = { CRYPTO_NULL_CBC, "NULL", /* NB: blocksize of 4 is to generate a properly aligned ESP header */ NULL_BLOCK_LEN, 0, NULL_MIN_KEY, NULL_MAX_KEY, null_encrypt, null_decrypt, null_setkey, null_zerokey, NULL, }; /* Authentication instances */ struct auth_hash auth_hash_null = { .type = CRYPTO_NULL_HMAC, .name = "NULL-HMAC", .keysize = 0, .hashsize = NULL_HASH_LEN, .ctxsize = sizeof(int), /* NB: context isn't used */ .blocksize = NULL_HMAC_BLOCK_LEN, .Init = null_init, .Setkey = null_reinit, .Reinit = null_reinit, .Update = null_update, .Final = null_final, }; /* * Encryption wrapper routines. */ static void null_encrypt(caddr_t key, u_int8_t *blk) { } static void null_decrypt(caddr_t key, u_int8_t *blk) { } static int -null_setkey(u_int8_t **sched, u_int8_t *key, int len) +null_setkey(u_int8_t **sched, const u_int8_t *key, int len) { *sched = NULL; return 0; } static void null_zerokey(u_int8_t **sched) { *sched = NULL; } /* * And now for auth. */ static void null_init(void *ctx) { } static void null_reinit(void *ctx, const u_int8_t *buf, u_int16_t len) { } static int null_update(void *ctx, const u_int8_t *buf, u_int16_t len) { return 0; } static void null_final(u_int8_t *buf, void *ctx) { if (buf != (u_int8_t *) 0) bzero(buf, 12); } Index: head/sys/opencrypto/xform_rijndael.c =================================================================== --- head/sys/opencrypto/xform_rijndael.c (revision 351363) +++ head/sys/opencrypto/xform_rijndael.c (revision 351364) @@ -1,113 +1,113 @@ /* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */ /*- * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), * Niels Provos (provos@physnet.uni-hamburg.de) and * Damien Miller (djm@mindrot.org). * * This code was written by John Ioannidis for BSD/OS in Athens, Greece, * in November 1995. * * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, * by Angelos D. Keromytis. * * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis * and Niels Provos. * * Additional features in 1999 by Angelos D. Keromytis. * * AES XTS implementation in 2008 by Damien Miller * * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, * Angelos D. Keromytis and Niels Provos. * * Copyright (C) 2001, Angelos D. Keromytis. * * Copyright (C) 2008, Damien Miller * Copyright (c) 2014 The FreeBSD Foundation * All rights reserved. * * Portions of this software were developed by John-Mark Gurney * under sponsorship of the FreeBSD Foundation and * Rubicon Communications, LLC (Netgate). * * Permission to use, copy, and modify this software with or without fee * is hereby granted, provided that this entire notice is included in * all copies of any software which is or includes a copy or * modification of this software. * You may use this code under the GNU public license if you so wish. Please * contribute changes back to the authors under this freer than GPL license * so that we may further the use of strong encryption without limitations to * all. * * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR * PURPOSE. */ #include __FBSDID("$FreeBSD$"); #include #include -static int rijndael128_setkey(u_int8_t **, u_int8_t *, int); +static int rijndael128_setkey(u_int8_t **, const u_int8_t *, int); static void rijndael128_encrypt(caddr_t, u_int8_t *); static void rijndael128_decrypt(caddr_t, u_int8_t *); static void rijndael128_zerokey(u_int8_t **); /* Encryption instances */ struct enc_xform enc_xform_rijndael128 = { CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES", RIJNDAEL128_BLOCK_LEN, RIJNDAEL128_BLOCK_LEN, RIJNDAEL_MIN_KEY, RIJNDAEL_MAX_KEY, rijndael128_encrypt, rijndael128_decrypt, rijndael128_setkey, rijndael128_zerokey, NULL, }; /* * Encryption wrapper routines. */ static void rijndael128_encrypt(caddr_t key, u_int8_t *blk) { rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk); } static void rijndael128_decrypt(caddr_t key, u_int8_t *blk) { rijndael_decrypt(((rijndael_ctx *) key), (u_char *) blk, (u_char *) blk); } static int -rijndael128_setkey(u_int8_t **sched, u_int8_t *key, int len) +rijndael128_setkey(u_int8_t **sched, const u_int8_t *key, int len) { int err; if (len != 16 && len != 24 && len != 32) return (EINVAL); *sched = KMALLOC(sizeof(rijndael_ctx), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); if (*sched != NULL) { - rijndael_set_key((rijndael_ctx *) *sched, (u_char *) key, + rijndael_set_key((rijndael_ctx *) *sched, key, len * 8); err = 0; } else err = ENOMEM; return err; } static void rijndael128_zerokey(u_int8_t **sched) { bzero(*sched, sizeof(rijndael_ctx)); KFREE(*sched, M_CRYPTO_DATA); *sched = NULL; } Index: head/sys/opencrypto/xform_skipjack.c =================================================================== --- head/sys/opencrypto/xform_skipjack.c (revision 351363) +++ head/sys/opencrypto/xform_skipjack.c (revision 351364) @@ -1,117 +1,117 @@ /* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */ /*- * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), * Niels Provos (provos@physnet.uni-hamburg.de) and * Damien Miller (djm@mindrot.org). * * This code was written by John Ioannidis for BSD/OS in Athens, Greece, * in November 1995. * * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, * by Angelos D. Keromytis. * * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis * and Niels Provos. * * Additional features in 1999 by Angelos D. Keromytis. * * AES XTS implementation in 2008 by Damien Miller * * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, * Angelos D. Keromytis and Niels Provos. * * Copyright (C) 2001, Angelos D. Keromytis. * * Copyright (C) 2008, Damien Miller * Copyright (c) 2014 The FreeBSD Foundation * All rights reserved. * * Portions of this software were developed by John-Mark Gurney * under sponsorship of the FreeBSD Foundation and * Rubicon Communications, LLC (Netgate). * * Permission to use, copy, and modify this software with or without fee * is hereby granted, provided that this entire notice is included in * all copies of any software which is or includes a copy or * modification of this software. * You may use this code under the GNU public license if you so wish. Please * contribute changes back to the authors under this freer than GPL license * so that we may further the use of strong encryption without limitations to * all. * * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR * PURPOSE. */ #include __FBSDID("$FreeBSD$"); #include #include -static int skipjack_setkey(u_int8_t **, u_int8_t *, int); +static int skipjack_setkey(u_int8_t **, const u_int8_t *, int); static void skipjack_encrypt(caddr_t, u_int8_t *); static void skipjack_decrypt(caddr_t, u_int8_t *); static void skipjack_zerokey(u_int8_t **); /* Encryption instances */ struct enc_xform enc_xform_skipjack = { CRYPTO_SKIPJACK_CBC, "Skipjack", SKIPJACK_BLOCK_LEN, SKIPJACK_BLOCK_LEN, SKIPJACK_MIN_KEY, SKIPJACK_MAX_KEY, skipjack_encrypt, skipjack_decrypt, skipjack_setkey, skipjack_zerokey, NULL, }; /* * Encryption wrapper routines. */ static void skipjack_encrypt(caddr_t key, u_int8_t *blk) { skipjack_forwards(blk, blk, (u_int8_t **) key); } static void skipjack_decrypt(caddr_t key, u_int8_t *blk) { skipjack_backwards(blk, blk, (u_int8_t **) key); } static int -skipjack_setkey(u_int8_t **sched, u_int8_t *key, int len) +skipjack_setkey(u_int8_t **sched, const u_int8_t *key, int len) { int err; /* NB: allocate all the memory that's needed at once */ *sched = KMALLOC(10 * (sizeof(u_int8_t *) + 0x100), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); if (*sched != NULL) { u_int8_t** key_tables = (u_int8_t**) *sched; u_int8_t* table = (u_int8_t*) &key_tables[10]; int k; for (k = 0; k < 10; k++) { key_tables[k] = table; table += 0x100; } subkey_table_gen(key, (u_int8_t **) *sched); err = 0; } else err = ENOMEM; return err; } static void skipjack_zerokey(u_int8_t **sched) { bzero(*sched, 10 * (sizeof(u_int8_t *) + 0x100)); KFREE(*sched, M_CRYPTO_DATA); *sched = NULL; }