[crypto] Add our own general-purpose cipher-block chaining routines

4 files changed, 313 insertions, 29 deletions

diff --git a/src/crypto/axtls/aes.c b/src/crypto/axtls/aes.c
index 9154a515..0c0d7247 100644
--- a/src/crypto/axtls/aes.c
+++ b/src/crypto/axtls/aes.c
@@ -152,10 +152,6 @@ static const unsigned char Rcon[30]=
 	0xb3,0x7d,0xfa,0xef,0xc5,0x91,
 };
 
-/* ----- static functions ----- */
-static void AES_encrypt(const AES_CTX *ctx, uint32_t *data);
-static void AES_decrypt(const AES_CTX *ctx, uint32_t *data);
-
 /* Perform doubling in Galois Field GF(2^8) using the irreducible polynomial
    x^8+x^4+x^3+x+1 */
 static unsigned char AES_xtime(uint32_t x)
@@ -257,6 +253,7 @@ void AES_convert_key(AES_CTX *ctx)
     }
 }
 
+#if 0
 /**
  * Encrypt a byte sequence (with a block size 16) using the AES cipher.
  */
@@ -358,11 +355,12 @@ void AES_cbc_decrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
     l2n(xor2, iv);
     l2n(xor3, iv);
 }
+#endif
 
 /**
  * Encrypt a single block (16 bytes) of data
  */
-static void AES_encrypt(const AES_CTX *ctx, uint32_t *data)
+void AES_encrypt(const AES_CTX *ctx, uint32_t *data)
 {
     /* To make this code smaller, generate the sbox entries on the fly.
      * This will have a really heavy effect upon performance.
@@ -418,7 +416,7 @@ static void AES_encrypt(const AES_CTX *ctx, uint32_t *data)
 /**
  * Decrypt a single block (16 bytes) of data
  */
-static void AES_decrypt(const AES_CTX *ctx, uint32_t *data)
+void AES_decrypt(const AES_CTX *ctx, uint32_t *data)
 { 
     uint32_t tmp[4];
     uint32_t xt0,xt1,xt2,xt3,xt4,xt5,xt6;
diff --git a/src/crypto/axtls/crypto.h b/src/crypto/axtls/crypto.h
index de1dbeb4..12acb27f 100644
--- a/src/crypto/axtls/crypto.h
+++ b/src/crypto/axtls/crypto.h
@@ -55,6 +55,8 @@ void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg,
         uint8_t *out, int length);
 void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
 void AES_convert_key(AES_CTX *ctx);
+void AES_encrypt(const AES_CTX *ctx, uint32_t *data);
+void AES_decrypt(const AES_CTX *ctx, uint32_t *data);
 
 /**************************************************************************
  * RC4 declarations 
diff --git a/src/crypto/axtls_aes.c b/src/crypto/axtls_aes.c
index a19ad3c4..04d274d3 100644
--- a/src/crypto/axtls_aes.c
+++ b/src/crypto/axtls_aes.c
@@ -1,17 +1,65 @@
-#include "crypto/axtls/crypto.h"
+/*
+ * Copyright (C) 2007 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
 #include <string.h>
 #include <errno.h>
+#include <byteswap.h>
 #include <gpxe/crypto.h>
+#include <gpxe/cbc.h>
 #include <gpxe/aes.h>
+#include "crypto/axtls/crypto.h"
 
-struct aes_cbc_context {
-	AES_CTX ctx;
+/** @file
+ *
+ * AES algorithm
+ *
+ */
+
+/** Basic AES blocksize */
+#define AES_BLOCKSIZE 16
+
+/****************************************************************************
+ *
+ * Basic AES algorithm (independent of mode of operation)
+ *
+ ****************************************************************************
+ */
+
+/** AES context */
+struct aes_context {
+	/** AES context for AXTLS */
+	AES_CTX axtls_ctx;
+	/** Cipher is being used for decrypting */
 	int decrypting;
 };
 
-static int aes_cbc_setkey ( void *ctx, const void *key, size_t keylen ) {
-	struct aes_cbc_context *aesctx = ctx;
+/**
+ * Set key
+ *
+ * @v ctx		Context
+ * @v key		Key
+ * @v keylen		Key length
+ * @ret rc		Return status code
+ */
+static int aes_setkey ( void *ctx, const void *key, size_t keylen ) {
+	struct aes_context *aes_ctx = ctx;
 	AES_MODE mode;
+	void *iv;
 
 	switch ( keylen ) {
 	case ( 128 / 8 ):
@@ -24,45 +72,182 @@ static int aes_cbc_setkey ( void *ctx, const void *key, size_t keylen ) {
 		return -EINVAL;
 	}
 
-	AES_set_key ( &aesctx->ctx, key, aesctx->ctx.iv, mode );
+	/* IV is not a relevant concept at this stage; use a dummy
+	 * value that will have no side-effects.
+	 */
+	iv = &aes_ctx->axtls_ctx.iv;
+
+	AES_set_key ( &aes_ctx->axtls_ctx, key, iv, mode );
 
-	aesctx->decrypting = 0;
+	aes_ctx->decrypting = 0;
 
 	return 0;
 }
 
-static void aes_cbc_setiv ( void *ctx, const void *iv ) {
-	struct aes_cbc_context *aesctx = ctx;
+/**
+ * Set initialisation vector
+ *
+ * @v ctx		Context
+ * @v iv		Initialisation vector
+ */
+static void aes_setiv ( void *ctx __unused, const void *iv __unused ) {
+	/* Nothing to do */
+}
 
-	memcpy ( aesctx->ctx.iv, iv, sizeof ( aesctx->ctx.iv ) );
+/**
+ * Call AXTLS' AES_encrypt() or AES_decrypt() functions
+ *
+ * @v axtls_ctx		AXTLS AES context
+ * @v src		Data to process
+ * @v dst		Buffer for output
+ * @v func		AXTLS AES function to call
+ */
+static void aes_call_axtls ( AES_CTX *axtls_ctx, const void *src, void *dst,
+			     void ( * func ) ( const AES_CTX *axtls_ctx,
+					       uint32_t *data ) ){
+	const uint32_t *srcl = src;
+	uint32_t *dstl = dst;
+	unsigned int i;
+
+	/* AXTLS' AES_encrypt() and AES_decrypt() functions both
+	 * expect to deal with an array of four dwords in host-endian
+	 * order.
+	 */
+	for ( i = 0 ; i < 4 ; i++ )
+		dstl[i] = ntohl ( srcl[i] );
+	func ( axtls_ctx, dstl );
+	for ( i = 0 ; i < 4 ; i++ )
+		dstl[i] = htonl ( dstl[i] );
 }
 
-static void aes_cbc_encrypt ( void *ctx, const void *data, void *dst,
-			      size_t len ) {
-	struct aes_cbc_context *aesctx = ctx;
+/**
+ * Encrypt data
+ *
+ * @v ctx		Context
+ * @v src		Data to encrypt
+ * @v dst		Buffer for encrypted data
+ * @v len		Length of data
+ */
+static void aes_encrypt ( void *ctx, const void *src, void *dst,
+			  size_t len ) {
+	struct aes_context *aes_ctx = ctx;
 
-	if ( aesctx->decrypting )
+	assert ( len == AES_BLOCKSIZE );
+	if ( aes_ctx->decrypting )
 		assert ( 0 );
+	aes_call_axtls ( &aes_ctx->axtls_ctx, src, dst, AES_encrypt );
+}
+
+/**
+ * Decrypt data
+ *
+ * @v ctx		Context
+ * @v src		Data to decrypt
+ * @v dst		Buffer for decrypted data
+ * @v len		Length of data
+ */
+static void aes_decrypt ( void *ctx, const void *src, void *dst,
+			  size_t len ) {
+	struct aes_context *aes_ctx = ctx;
+
+	assert ( len == AES_BLOCKSIZE );
+	if ( ! aes_ctx->decrypting ) {
+		AES_convert_key ( &aes_ctx->axtls_ctx );
+		aes_ctx->decrypting = 1;
+	}
+	aes_call_axtls ( &aes_ctx->axtls_ctx, src, dst, AES_decrypt );
+}
+
+/** Basic AES algorithm */
+static struct cipher_algorithm aes_algorithm = {
+	.name = "aes",
+	.ctxsize = sizeof ( struct aes_context ),
+	.blocksize = AES_BLOCKSIZE,
+	.setkey = aes_setkey,
+	.setiv = aes_setiv,
+	.encrypt = aes_encrypt,
+	.decrypt = aes_decrypt,
+};
+
+/****************************************************************************
+ *
+ * AES with cipher-block chaining (CBC)
+ *
+ ****************************************************************************
+ */
+
+/** AES with CBC context */
+struct aes_cbc_context {
+	/** AES context */
+	struct aes_context aes_ctx;
+	/** CBC context */
+	uint8_t cbc_ctx[AES_BLOCKSIZE];
+};
+
+/**
+ * Set key
+ *
+ * @v ctx		Context
+ * @v key		Key
+ * @v keylen		Key length
+ * @ret rc		Return status code
+ */
+static int aes_cbc_setkey ( void *ctx, const void *key, size_t keylen ) {
+	struct aes_cbc_context *aes_cbc_ctx = ctx;
 
-	AES_cbc_encrypt ( &aesctx->ctx, data, dst, len );
+	return cbc_setkey ( ctx, key, keylen, &aes_algorithm,
+			    &aes_cbc_ctx->cbc_ctx );
 }
 
-static void aes_cbc_decrypt ( void *ctx, const void *data, void *dst,
+/**
+ * Set initialisation vector
+ *
+ * @v ctx		Context
+ * @v iv		Initialisation vector
+ */
+static void aes_cbc_setiv ( void *ctx, const void *iv ) {
+	struct aes_cbc_context *aes_cbc_ctx = ctx;
+
+	cbc_setiv ( ctx, iv, &aes_algorithm, &aes_cbc_ctx->cbc_ctx );
+}
+
+/**
+ * Encrypt data
+ *
+ * @v ctx		Context
+ * @v src		Data to encrypt
+ * @v dst		Buffer for encrypted data
+ * @v len		Length of data
+ */
+static void aes_cbc_encrypt ( void *ctx, const void *src, void *dst,
 			      size_t len ) {
-	struct aes_cbc_context *aesctx = ctx;
+	struct aes_cbc_context *aes_cbc_ctx = ctx;
 
-	if ( ! aesctx->decrypting ) {
-		AES_convert_key ( &aesctx->ctx );
-		aesctx->decrypting = 1;
-	}
+	cbc_encrypt ( &aes_cbc_ctx->aes_ctx, src, dst, len,
+		      &aes_algorithm, &aes_cbc_ctx->cbc_ctx );
+}
+
+/**
+ * Decrypt data
+ *
+ * @v ctx		Context
+ * @v src		Data to decrypt
+ * @v dst		Buffer for decrypted data
+ * @v len		Length of data
+ */
+static void aes_cbc_decrypt ( void *ctx, const void *src, void *dst,
+			      size_t len ) {
+	struct aes_cbc_context *aes_cbc_ctx = ctx;
 
-	AES_cbc_decrypt ( &aesctx->ctx, data, dst, len );
+	cbc_decrypt ( &aes_cbc_ctx->aes_ctx, src, dst, len,
+		      &aes_algorithm, &aes_cbc_ctx->cbc_ctx );
 }
 
+/* AES with cipher-block chaining */
 struct cipher_algorithm aes_cbc_algorithm = {
 	.name		= "aes_cbc",
 	.ctxsize	= sizeof ( struct aes_cbc_context ),
-	.blocksize	= 16,
+	.blocksize	= AES_BLOCKSIZE,
 	.setkey		= aes_cbc_setkey,
 	.setiv		= aes_cbc_setiv,
 	.encrypt	= aes_cbc_encrypt,
diff --git a/src/crypto/cbc.c b/src/crypto/cbc.c
new file mode 100644
index 00000000..a25d826e
--- /dev/null
+++ b/src/crypto/cbc.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright (C) 2009 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include <string.h>
+#include <assert.h>
+#include <gpxe/crypto.h>
+#include <gpxe/cbc.h>
+
+/** @file
+ *
+ * Cipher-block chaining
+ *
+ */
+
+/**
+ * XOR data blocks
+ *
+ * @v src		Input data
+ * @v dst		Second input data and output data buffer
+ * @v len		Length of data
+ */
+static void cbc_xor ( const void *src, void *dst, size_t len ) {
+	const uint32_t *srcl = src;
+	uint32_t *dstl = dst;
+	unsigned int i;
+
+	/* Assume that block sizes will always be dword-aligned, for speed */
+	assert ( ( len % sizeof ( *srcl ) ) == 0 );
+
+	for ( i = 0 ; i < ( len / sizeof ( *srcl ) ) ; i++ )
+		dstl[i] ^= srcl[i];
+}
+
+/**
+ * Encrypt data
+ *
+ * @v ctx		Context
+ * @v src		Data to encrypt
+ * @v dst		Buffer for encrypted data
+ * @v len		Length of data
+ * @v cipher		Underlying cipher algorithm
+ * @v cbc_ctx		CBC context
+ */
+void cbc_encrypt ( void *ctx, const void *src, void *dst, size_t len,
+		   struct cipher_algorithm *cipher, void *cbc_ctx ) {
+	size_t blocksize = cipher->blocksize;
+
+	assert ( ( len % blocksize ) == 0 );
+
+	while ( len ) {
+		cbc_xor ( src, cbc_ctx, blocksize );
+		cipher_encrypt ( cipher, ctx, cbc_ctx, dst, blocksize );
+		memcpy ( cbc_ctx, dst, blocksize );
+		dst += blocksize;
+		src += blocksize;
+		len -= blocksize;
+	}
+}
+
+/**
+ * Decrypt data
+ *
+ * @v ctx		Context
+ * @v src		Data to decrypt
+ * @v dst		Buffer for decrypted data
+ * @v len		Length of data
+ * @v cipher		Underlying cipher algorithm
+ * @v cbc_ctx		CBC context
+ */
+void cbc_decrypt ( void *ctx, const void *src, void *dst, size_t len,
+		   struct cipher_algorithm *cipher, void *cbc_ctx ) {
+	size_t blocksize = cipher->blocksize;
+
+	assert ( ( len % blocksize ) == 0 );
+
+	while ( len ) {
+		cipher_decrypt ( cipher, ctx, src, dst, blocksize );
+		cbc_xor ( cbc_ctx, dst, blocksize );
+		memcpy ( cbc_ctx, src, blocksize );
+		dst += blocksize;
+		src += blocksize;
+		len -= blocksize;
+	}
+}