git: f84d708b484b - main - crypto: Move CBC handling into enc_xform_camellia.

From: John Baldwin <jhb_at_FreeBSD.org>
Date: Thu, 16 Dec 2021 22:09:29 UTC
The branch main has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=f84d708b484bb5cf89e1b7943d7a896102831be4

commit f84d708b484bb5cf89e1b7943d7a896102831be4
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2021-12-16 21:48:02 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2021-12-16 21:48:02 +0000

    crypto: Move CBC handling into enc_xform_camellia.
    
    Add an IV to the context that is initialized by the reinit hook.
    Encrypt and decrypt operations handle cipher block chaining along with
    updating the IV saved in the context.
    
    Reviewed by:    markj
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D33488
---
 sys/opencrypto/xform_cml.c | 44 +++++++++++++++++++++++++++++++++++++-------
 1 file changed, 37 insertions(+), 7 deletions(-)

diff --git a/sys/opencrypto/xform_cml.c b/sys/opencrypto/xform_cml.c
index ac1dabd90d30..8ab18142489c 100644
--- a/sys/opencrypto/xform_cml.c
+++ b/sys/opencrypto/xform_cml.c
@@ -53,15 +53,21 @@ __FBSDID("$FreeBSD$");
 #include <crypto/camellia/camellia.h>
 #include <opencrypto/xform_enc.h>
 
+struct camellia_cbc_ctx {
+	camellia_ctx state;
+	char iv[CAMELLIA_BLOCK_LEN];
+};
+
 static	int cml_setkey(void *, const uint8_t *, int);
 static	void cml_encrypt(void *, const uint8_t *, uint8_t *);
 static	void cml_decrypt(void *, const uint8_t *, uint8_t *);
+static	void cml_reinit(void *, const uint8_t *, size_t);
 
 /* Encryption instances */
 const struct enc_xform enc_xform_camellia = {
 	.type = CRYPTO_CAMELLIA_CBC,
 	.name = "Camellia-CBC",
-	.ctxsize = sizeof(camellia_ctx),
+	.ctxsize = sizeof(struct camellia_cbc_ctx),
 	.blocksize = CAMELLIA_BLOCK_LEN,
 	.ivsize = CAMELLIA_BLOCK_LEN,
 	.minkey = CAMELLIA_MIN_KEY,
@@ -69,30 +75,54 @@ const struct enc_xform enc_xform_camellia = {
 	.encrypt = cml_encrypt,
 	.decrypt = cml_decrypt,
 	.setkey = cml_setkey,
+	.reinit = cml_reinit,
 };
 
 /*
  * Encryption wrapper routines.
  */
 static void
-cml_encrypt(void *ctx, const uint8_t *in, uint8_t *out)
+cml_encrypt(void *vctx, const uint8_t *in, uint8_t *out)
 {
-	camellia_encrypt(ctx, in, out);
+	struct camellia_cbc_ctx *ctx = vctx;
+
+	for (u_int i = 0; i < CAMELLIA_BLOCK_LEN; i++)
+		out[i] = in[i] ^ ctx->iv[i];
+	camellia_encrypt(&ctx->state, in, out);
+	memcpy(ctx->iv, out, CAMELLIA_BLOCK_LEN);
 }
 
 static void
-cml_decrypt(void *ctx, const uint8_t *in, uint8_t *out)
+cml_decrypt(void *vctx, const uint8_t *in, uint8_t *out)
 {
-	camellia_decrypt(ctx, in, out);
+	struct camellia_cbc_ctx *ctx = vctx;
+	char block[CAMELLIA_BLOCK_LEN];
+
+	memcpy(block, in, CAMELLIA_BLOCK_LEN);
+	camellia_decrypt(&ctx->state, in, out);
+	for (u_int i = 0; i < CAMELLIA_BLOCK_LEN; i++)
+		out[i] ^= ctx->iv[i];
+	memcpy(ctx->iv, block, CAMELLIA_BLOCK_LEN);
+	explicit_bzero(block, sizeof(block));
 }
 
 static int
-cml_setkey(void *ctx, const uint8_t *key, int len)
+cml_setkey(void *vctx, const uint8_t *key, int len)
 {
+	struct camellia_cbc_ctx *ctx = vctx;
 
 	if (len != 16 && len != 24 && len != 32)
 		return (EINVAL);
 
-	camellia_set_key(ctx, key, len * 8);
+	camellia_set_key(&ctx->state, key, len * 8);
 	return (0);
 }
+
+static void
+cml_reinit(void *vctx, const uint8_t *iv, size_t iv_len)
+{
+	struct camellia_cbc_ctx *ctx = vctx;
+
+	KASSERT(iv_len == sizeof(ctx->iv), ("%s: bad IV length", __func__));
+	memcpy(ctx->iv, iv, sizeof(ctx->iv));
+}