MFC support for the Camellia block cipher

HEAD
Revision  Path
  1.16    src/lib/libipsec/pfkey_dump.c
  1.38    src/sbin/setkey/setkey.8
  1.12    src/sbin/setkey/token.l
  1.81    src/secure/lib/libcrypto/Makefile
  1.47    src/secure/lib/libcrypto/Makefile.inc
  1.8     src/secure/lib/libcrypto/opensslconf-amd64.h
  1.8     src/secure/lib/libcrypto/opensslconf-i386.h
  1.1205  src/sys/conf/files
  1.1     src/sys/crypto/camellia/camellia-api.c (new)
  1.1     src/sys/crypto/camellia/camellia.c (new)
  1.1     src/sys/crypto/camellia/camellia.h (new)
  1.6     src/sys/modules/crypto/Makefile
  1.15    src/sys/net/pfkeyv2.h
  1.1     src/sys/netinet6/esp_camellia.c (new)
  1.1     src/sys/netinet6/esp_camellia.h (new)
  1.25    src/sys/netinet6/esp_core.c
  1.19    src/sys/netipsec/xform_esp.c
  1.34    src/sys/opencrypto/cryptodev.c
  1.25    src/sys/opencrypto/cryptodev.h
  1.19    src/sys/opencrypto/cryptosoft.c
  1.9     src/sys/opencrypto/xform.c
  1.4     src/sys/opencrypto/xform.h

Approved by: re (kensmith)
Submitted by: Tomoyuki Okazaki <okazaki at kick dot gr dot jp>

lib/libipsec/pfkey_dump.c

@@ -187,6 +187,9 @@ static struct val2str str_alg_enc[] = {
 #endif
 #ifdef SADB_X_EALG_AESCTR
 	{ SADB_X_EALG_AESCTR, "aes-ctr", },
+#endif
+#ifdef SADB_X_EALG_CAMELLIACBC
+	{ SADB_X_EALG_CAMELLIACBC, "camellia-cbc", },
 #endif
 	{ -1, NULL, },
 };

sbin/setkey/setkey.8

@@ -615,6 +615,7 @@ des-deriv	64		ipsec-ciph-des-derived-01
 3des-deriv	192		no document
 rijndael-cbc	128/192/256	rfc3602
 aes-ctr		160/224/288	draft-ietf-ipsec-ciph-aes-ctr-03
+camllia-cbc	128/192/256	rfc4312
 .Ed
 .Pp
 Note that the first 128 bits of a key for

sbin/setkey/token.l

@@ -167,6 +167,7 @@ tcp		{ yylval.num = 0; return(PR_TCP); }
 <S_ENCALG>des-32iv	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DES32IV); }
 <S_ENCALG>rijndael-cbc	{ yylval.num = SADB_X_EALG_RIJNDAELCBC; BEGIN INITIAL; return(ALG_ENC); }
 <S_ENCALG>aes-ctr	{ yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC); }
+<S_ENCALG>camellia-cbc { yylval.num = SADB_X_EALG_CAMELLIACBC; BEGIN INITIAL; return(ALG_ENC); }
 
 	/* compression algorithms */
 {hyphen}C	{ return(F_COMP); }

sys/conf/files

@@ -294,6 +294,10 @@ contrib/pf/net/pf_osfp.c	optional pf
 contrib/pf/netinet/in4_cksum.c	optional pf inet
 crypto/blowfish/bf_ecb.c	optional ipsec ipsec_esp
 crypto/blowfish/bf_skey.c	optional crypto
+crypto/camellia/camellia.c	optional crypto
+crypto/camellia/camellia.c	optional ipsec ipsec_esp
+crypto/camellia/camellia-api.c	optional crypto
+crypto/camellia/camellia-api.c	optional ipsec ipsec_esp
 crypto/blowfish/bf_skey.c	optional ipsec ipsec_esp
 crypto/des/des_ecb.c		optional crypto
 crypto/des/des_ecb.c		optional ipsec ipsec_esp
@@ -1782,6 +1786,7 @@ netinet6/esp_core.c		optional ipsec ipsec_esp
 netinet6/esp_input.c		optional ipsec ipsec_esp
 netinet6/esp_output.c		optional ipsec ipsec_esp
 netinet6/esp_rijndael.c		optional ipsec ipsec_esp
+netinet6/esp_camellia.c		optional ipsec ipsec_esp
 netinet6/frag6.c		optional inet6
 netinet6/icmp6.c		optional inet6
 netinet6/in6.c			optional inet6

sys/modules/crypto/Makefile

@@ -6,6 +6,7 @@
 .PATH:	${.CURDIR}/../../crypto/des
 .PATH:	${.CURDIR}/../../crypto/rijndael
 .PATH:	${.CURDIR}/../../crypto/sha2
+.PATH:	${.CURDIR}/../../crypto/camellia
 
 KMOD	= crypto
 SRCS	= crypto.c
@@ -15,5 +16,6 @@ SRCS	+= skipjack.c bf_enc.c bf_skey.c
 SRCS	+= des_ecb.c des_enc.c des_setkey.c
 SRCS	+= sha1.c sha2.c
 SRCS	+= opt_param.h
+SRCS	+= camellia.c camellia-api.c
 
 .include <bsd.kmod.mk>

sys/net/pfkeyv2.h

@@ -325,6 +325,9 @@ struct sadb_x_ipsecrequest {
 #define SADB_X_EALG_BLOWFISHCBC	7
 #define SADB_X_EALG_RIJNDAELCBC	12
 #define SADB_X_EALG_AES		12
+/* private allocations - based on RFC4312/IANA assignment */
+#define SADB_X_EALG_CAMELLIACBC	22
+
 /* private allocations should use 249-255 (RFC2407) */
 #define SADB_X_EALG_SKIPJACK	249	/*250*/ /* for FAST_IPSEC */
 #define SADB_X_EALG_AESCTR	250	/*249*/ /* draft-ietf-ipsec-ciph-aes-ctr-03 */

sys/netinet6/esp_camellia.c

@@ -0,0 +1,91 @@
+/* $FreeBSD$
+ *
+ * Copyright (c) 2006
+ * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer as
+ *   the first lines of this file unmodified.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/socket.h>
+#include <sys/queue.h>
+
+#include <net/if.h>
+#include <net/route.h>
+#include <netinet/in.h>
+
+#include <netinet6/ipsec.h>
+#include <netinet6/esp.h>
+#include <netinet6/esp_camellia.h>
+
+#include <crypto/camellia/camellia.h>
+
+size_t
+esp_camellia_schedlen(algo)
+	const struct esp_algorithm *algo;
+{
+
+	return sizeof(camellia_ctx);
+}
+
+int
+esp_camellia_schedule(algo, sav)
+	const struct esp_algorithm *algo;
+	struct secasvar *sav;
+{
+	camellia_ctx *ctx;
+
+	ctx = (camellia_ctx *)sav->sched;
+	camellia_set_key(ctx,
+	    (u_char *)_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc) * 8);
+	return 0;
+}
+
+int
+esp_camellia_blockdecrypt(algo, sav, s, d)
+	const struct esp_algorithm *algo;
+	struct secasvar *sav;
+	u_int8_t *s;
+	u_int8_t *d;
+{
+	camellia_ctx *ctx;
+
+	ctx = (camellia_ctx *)sav->sched;
+	camellia_decrypt(ctx, s, d);
+	return 0;
+}
+
+int
+esp_camellia_blockencrypt(algo, sav, s, d)
+	const struct esp_algorithm *algo;
+	struct secasvar *sav;
+	u_int8_t *s;
+	u_int8_t *d;
+{
+	camellia_ctx *ctx;
+
+	ctx = (camellia_ctx *)sav->sched;
+	camellia_encrypt(ctx, s, d);
+	return 0;
+}

sys/netinet6/esp_camellia.h

@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2006
+ * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer as
+ *   the first lines of this file unmodified.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * $FreeBSD$
+ */
+
+size_t esp_camellia_schedlen __P((const struct esp_algorithm *));
+int esp_camellia_schedule __P((const struct esp_algorithm *,
+	struct secasvar *));
+int esp_camellia_blockdecrypt __P((const struct esp_algorithm *,
+	struct secasvar *, u_int8_t *, u_int8_t *));
+int esp_camellia_blockencrypt __P((const struct esp_algorithm *,
+	struct secasvar *, u_int8_t *, u_int8_t *));

sys/netinet6/esp_core.c

@@ -68,6 +68,7 @@
 #include <netinet6/esp6.h>
 #endif
 #include <netinet6/esp_rijndael.h>
+#include <netinet6/esp_camellia.h>
 #include <netinet6/esp_aesctr.h>
 #include <net/pfkeyv2.h>
 #include <netkey/keydb.h>
@@ -164,6 +165,11 @@ static const struct esp_algorithm esp_algorithms[] = {
 	{ 16, 8, esp_aesctr_mature, 160, 288, esp_aesctr_schedlen, "aes-ctr",
 		esp_common_ivlen, esp_aesctr_decrypt,
 		esp_aesctr_encrypt, esp_aesctr_schedule },
+	{ 16, 16, esp_cbc_mature, 128, 256, esp_camellia_schedlen,
+		"camellia-cbc",
+		esp_common_ivlen, esp_cbc_decrypt,
+		esp_cbc_encrypt, esp_camellia_schedule,
+		esp_camellia_blockdecrypt, esp_camellia_blockencrypt },
 };
 
 const struct esp_algorithm *
@@ -186,6 +192,8 @@ esp_algorithm_lookup(idx)
 		return &esp_algorithms[5];
 	case SADB_X_EALG_AESCTR:
 		return &esp_algorithms[6];
+	case SADB_X_EALG_CAMELLIACBC:
+		return &esp_algorithms[7];
 	default:
 		return NULL;
 	}
@@ -444,6 +452,7 @@ esp_cbc_mature(sav)
 	case SADB_X_EALG_CAST128CBC:
 		break;
 	case SADB_X_EALG_RIJNDAELCBC:
+	case SADB_X_EALG_CAMELLIACBC:
 		/* allows specific key sizes only */
 		if (!(keylen == 128 || keylen == 192 || keylen == 256)) {
 			ipseclog((LOG_ERR,

sys/netipsec/xform_esp.c

@@ -113,6 +113,8 @@ esp_algorithm_lookup(int alg)
 		return &enc_xform_skipjack;
 	case SADB_EALG_NULL:
 		return &enc_xform_null;
+	case SADB_X_EALG_CAMELLIACBC:
+		return &enc_xform_camellia;
 	}
 	return NULL;
 }
@@ -981,6 +983,7 @@ esp_attach(void)
 	MAXIV(enc_xform_cast5);		/* SADB_X_EALG_CAST128CBC */
 	MAXIV(enc_xform_skipjack);	/* SADB_X_EALG_SKIPJACK */
 	MAXIV(enc_xform_null);		/* SADB_EALG_NULL */
+	MAXIV(enc_xform_camellia);	/* SADB_EALG_CAMELLIACBC */
 
 	xform_register(&esp_xformsw);
 #undef MAXIV

sys/opencrypto/cryptodev.c

@@ -178,6 +178,9 @@ cryptof_ioctl(
 		case CRYPTO_ARC4:
 			txform = &enc_xform_arc4;
 			break;
+		case CRYPTO_CAMELLIA_CBC:
+			txform = &enc_xform_camellia;
+			break;
 		default:
 			mtx_unlock(&Giant);
 			return (EINVAL);

sys/opencrypto/cryptodev.h

@@ -96,6 +96,7 @@
 #define CAST128_BLOCK_LEN	8
 #define RIJNDAEL128_BLOCK_LEN	16
 #define AES_BLOCK_LEN		RIJNDAEL128_BLOCK_LEN
+#define CAMELLIA_BLOCK_LEN	16
 #define EALG_MAX_BLOCK_LEN	AES_BLOCK_LEN /* Keep this updated */
 
 #define	CRYPTO_ALGORITHM_MIN	1
@@ -120,7 +121,8 @@
 #define	CRYPTO_SHA2_256_HMAC	18
 #define	CRYPTO_SHA2_384_HMAC	19
 #define	CRYPTO_SHA2_512_HMAC	20
-#define	CRYPTO_ALGORITHM_MAX	20 /* Keep updated - see below */
+#define	CRYPTO_CAMELLIA_CBC	21
+#define	CRYPTO_ALGORITHM_MAX	21 /* Keep updated - see below */
 
 /* Algorithm flags */
 #define	CRYPTO_ALG_FLAG_SUPPORTED	0x01 /* Algorithm is supported */

sys/opencrypto/cryptosoft.c

@@ -657,6 +657,9 @@ swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri)
 		case CRYPTO_RIJNDAEL128_CBC:
 			txf = &enc_xform_rijndael128;
 			goto enccommon;
+		case CRYPTO_CAMELLIA_CBC:
+			txf = &enc_xform_camellia;
+			goto enccommon;
 		case CRYPTO_NULL_CBC:
 			txf = &enc_xform_null;
 			goto enccommon;
@@ -812,6 +815,7 @@ swcr_freesession(void *arg, u_int64_t tid)
 		case CRYPTO_CAST_CBC:
 		case CRYPTO_SKIPJACK_CBC:
 		case CRYPTO_RIJNDAEL128_CBC:
+		case CRYPTO_CAMELLIA_CBC:
 		case CRYPTO_NULL_CBC:
 			txf = swd->sw_exf;
 
@@ -924,6 +928,7 @@ swcr_process(void *arg, struct cryptop *crp, int hint)
 		case CRYPTO_CAST_CBC:
 		case CRYPTO_SKIPJACK_CBC:
 		case CRYPTO_RIJNDAEL128_CBC:
+		case CRYPTO_CAMELLIA_CBC:
 			if ((crp->crp_etype = swcr_encdec(crd, sw,
 			    crp->crp_buf, crp->crp_flags)) != 0)
 				goto done;
@@ -1006,6 +1011,7 @@ swcr_init(void)
 	REGISTER(CRYPTO_MD5);
 	REGISTER(CRYPTO_SHA1);
 	REGISTER(CRYPTO_RIJNDAEL128_CBC);
+	REGISTER(CRYPTO_CAMELLIA_CBC);
 	REGISTER(CRYPTO_DEFLATE_COMP);
 #undef REGISTER
 }

sys/opencrypto/xform.c

@@ -51,6 +51,7 @@ __FBSDID("$FreeBSD$");
 #include <crypto/blowfish/blowfish.h>
 #include <crypto/des/des.h>
 #include <crypto/rijndael/rijndael.h>
+#include <crypto/camellia/camellia.h>
 #include <crypto/sha1.h>
 
 #include <opencrypto/cast.h>
@@ -74,24 +75,28 @@ static	int blf_setkey(u_int8_t **, u_int8_t *, int);
 static	int cast5_setkey(u_int8_t **, u_int8_t *, int);
 static	int skipjack_setkey(u_int8_t **, u_int8_t *, int);
 static	int rijndael128_setkey(u_int8_t **, u_int8_t *, int);
+static	int cml_setkey(u_int8_t **, u_int8_t *, int);
 static	void des1_encrypt(caddr_t, u_int8_t *);
 static	void des3_encrypt(caddr_t, u_int8_t *);
 static	void blf_encrypt(caddr_t, u_int8_t *);
 static	void cast5_encrypt(caddr_t, u_int8_t *);
 static	void skipjack_encrypt(caddr_t, u_int8_t *);
 static	void rijndael128_encrypt(caddr_t, u_int8_t *);
+static	void cml_encrypt(caddr_t, u_int8_t *);
 static	void des1_decrypt(caddr_t, u_int8_t *);
 static	void des3_decrypt(caddr_t, u_int8_t *);
 static	void blf_decrypt(caddr_t, u_int8_t *);
 static	void cast5_decrypt(caddr_t, u_int8_t *);
 static	void skipjack_decrypt(caddr_t, u_int8_t *);
 static	void rijndael128_decrypt(caddr_t, u_int8_t *);
+static	void cml_decrypt(caddr_t, u_int8_t *);
 static	void des1_zerokey(u_int8_t **);
 static	void des3_zerokey(u_int8_t **);
 static	void blf_zerokey(u_int8_t **);
 static	void cast5_zerokey(u_int8_t **);
 static	void skipjack_zerokey(u_int8_t **);
 static	void rijndael128_zerokey(u_int8_t **);
+static	void cml_zerokey(u_int8_t **);
 
 static	void null_init(void *);
 static	int null_update(void *, u_int8_t *, u_int16_t);
@@ -184,6 +189,15 @@ struct enc_xform enc_xform_arc4 = {
 	NULL,
 };
 
+struct enc_xform enc_xform_camellia = {
+	CRYPTO_CAMELLIA_CBC, "Camellia",
+	CAMELLIA_BLOCK_LEN, 8, 32,
+	cml_encrypt,
+	cml_decrypt,
+	cml_setkey,
+	cml_zerokey,
+};
+
 /* Authentication instances */
 struct auth_hash auth_hash_null = {
 	CRYPTO_NULL_HMAC, "NULL-HMAC",
@@ -533,6 +547,45 @@ rijndael128_zerokey(u_int8_t **sched)
 	*sched = NULL;
 }
 
+static void
+cml_encrypt(caddr_t key, u_int8_t *blk)
+{
+	camellia_encrypt((camellia_ctx *) key, (u_char *) blk, (u_char *) blk);
+}
+
+static void
+cml_decrypt(caddr_t key, u_int8_t *blk)
+{
+	camellia_decrypt(((camellia_ctx *) key), (u_char *) blk,
+		(u_char *) blk);
+}
+
+static int
+cml_setkey(u_int8_t **sched, u_int8_t *key, int len)
+{
+	int err;
+
+	if (len != 16 && len != 24 && len != 32)
+		return (EINVAL);
+	MALLOC(*sched, u_int8_t *, sizeof(camellia_ctx), M_CRYPTO_DATA,
+		M_NOWAIT|M_ZERO);
+	if (*sched != NULL) {
+		camellia_set_key((camellia_ctx *) *sched, (u_char *) key,
+				len * 8);
+		err = 0;
+	} else
+		err = ENOMEM;
+	return err;
+}
+
+static void
+cml_zerokey(u_int8_t **sched)
+{
+	bzero(*sched, sizeof(camellia_ctx));
+	FREE(*sched, M_CRYPTO_DATA);
+	*sched = NULL;
+}
+
 /*
  * And now for auth.
  */

sys/opencrypto/xform.h

@@ -81,6 +81,7 @@ extern struct enc_xform enc_xform_cast5;
 extern struct enc_xform enc_xform_skipjack;
 extern struct enc_xform enc_xform_rijndael128;
 extern struct enc_xform enc_xform_arc4;
+extern struct enc_xform enc_xform_camellia;
 
 extern struct auth_hash auth_hash_null;
 extern struct auth_hash auth_hash_key_md5;