Move rtems/freebsd to freebsd and contrib to freebsd/contrib

freebsd/opencrypto/cast.c

@@ -0,0 +1,246 @@
+#include <rtems/freebsd/machine/rtems-bsd-config.h>
+
+/*      $OpenBSD: cast.c,v 1.2 2000/06/06 06:49:47 deraadt Exp $       */
+/*-
+ *	CAST-128 in C
+ *	Written by Steve Reid <sreid@sea-to-sky.net>
+ *	100% Public Domain - no warranty
+ *	Released 1997.10.11
+ */
+
+#include <rtems/freebsd/sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <rtems/freebsd/sys/types.h>
+#include <rtems/freebsd/opencrypto/cast.h>
+#include <rtems/freebsd/opencrypto/castsb.h>
+
+/* Macros to access 8-bit bytes out of a 32-bit word */
+#define U_INT8_Ta(x) ( (u_int8_t) (x>>24) )
+#define U_INT8_Tb(x) ( (u_int8_t) ((x>>16)&255) )
+#define U_INT8_Tc(x) ( (u_int8_t) ((x>>8)&255) )
+#define U_INT8_Td(x) ( (u_int8_t) ((x)&255) )
+
+/* Circular left shift */
+#define ROL(x, n) ( ((x)<<(n)) | ((x)>>(32-(n))) )
+
+/* CAST-128 uses three different round functions */
+#define F1(l, r, i) \
+	t = ROL(key->xkey[i] + r, key->xkey[i+16]); \
+	l ^= ((cast_sbox1[U_INT8_Ta(t)] ^ cast_sbox2[U_INT8_Tb(t)]) - \
+	 cast_sbox3[U_INT8_Tc(t)]) + cast_sbox4[U_INT8_Td(t)];
+#define F2(l, r, i) \
+	t = ROL(key->xkey[i] ^ r, key->xkey[i+16]); \
+	l ^= ((cast_sbox1[U_INT8_Ta(t)] - cast_sbox2[U_INT8_Tb(t)]) + \
+	 cast_sbox3[U_INT8_Tc(t)]) ^ cast_sbox4[U_INT8_Td(t)];
+#define F3(l, r, i) \
+	t = ROL(key->xkey[i] - r, key->xkey[i+16]); \
+	l ^= ((cast_sbox1[U_INT8_Ta(t)] + cast_sbox2[U_INT8_Tb(t)]) ^ \
+	 cast_sbox3[U_INT8_Tc(t)]) - cast_sbox4[U_INT8_Td(t)];
+
+
+/***** Encryption Function *****/
+
+void cast_encrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock)
+{
+u_int32_t t, l, r;
+
+	/* Get inblock into l,r */
+	l = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) |
+	 ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3];
+	r = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) |
+	 ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7];
+	/* Do the work */
+	F1(l, r,  0);
+	F2(r, l,  1);
+	F3(l, r,  2);
+	F1(r, l,  3);
+	F2(l, r,  4);
+	F3(r, l,  5);
+	F1(l, r,  6);
+	F2(r, l,  7);
+	F3(l, r,  8);
+	F1(r, l,  9);
+	F2(l, r, 10);
+	F3(r, l, 11);
+	/* Only do full 16 rounds if key length > 80 bits */
+	if (key->rounds > 12) {
+		F1(l, r, 12);
+		F2(r, l, 13);
+		F3(l, r, 14);
+		F1(r, l, 15);
+	}
+	/* Put l,r into outblock */
+	outblock[0] = U_INT8_Ta(r);
+	outblock[1] = U_INT8_Tb(r);
+	outblock[2] = U_INT8_Tc(r);
+	outblock[3] = U_INT8_Td(r);
+	outblock[4] = U_INT8_Ta(l);
+	outblock[5] = U_INT8_Tb(l);
+	outblock[6] = U_INT8_Tc(l);
+	outblock[7] = U_INT8_Td(l);
+	/* Wipe clean */
+	t = l = r = 0;
+}
+
+
+/***** Decryption Function *****/
+
+void cast_decrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock)
+{
+u_int32_t t, l, r;
+
+	/* Get inblock into l,r */
+	r = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) |
+	 ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3];
+	l = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) |
+	 ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7];
+	/* Do the work */
+	/* Only do full 16 rounds if key length > 80 bits */
+	if (key->rounds > 12) {
+		F1(r, l, 15);
+		F3(l, r, 14);
+		F2(r, l, 13);
+		F1(l, r, 12);
+	}
+	F3(r, l, 11);
+	F2(l, r, 10);
+	F1(r, l,  9);
+	F3(l, r,  8);
+	F2(r, l,  7);
+	F1(l, r,  6);
+	F3(r, l,  5);
+	F2(l, r,  4);
+	F1(r, l,  3);
+	F3(l, r,  2);
+	F2(r, l,  1);
+	F1(l, r,  0);
+	/* Put l,r into outblock */
+	outblock[0] = U_INT8_Ta(l);
+	outblock[1] = U_INT8_Tb(l);
+	outblock[2] = U_INT8_Tc(l);
+	outblock[3] = U_INT8_Td(l);
+	outblock[4] = U_INT8_Ta(r);
+	outblock[5] = U_INT8_Tb(r);
+	outblock[6] = U_INT8_Tc(r);
+	outblock[7] = U_INT8_Td(r);
+	/* Wipe clean */
+	t = l = r = 0;
+}
+
+
+/***** Key Schedual *****/
+
+void cast_setkey(cast_key* key, u_int8_t* rawkey, int keybytes)
+{
+u_int32_t t[4] = {0, 0, 0, 0}, z[4] = {0, 0, 0, 0}, x[4];
+int i;
+
+	/* Set number of rounds to 12 or 16, depending on key length */
+	key->rounds = (keybytes <= 10 ? 12 : 16);
+
+	/* Copy key to workspace x */
+	for (i = 0; i < 4; i++) {
+		x[i] = 0;
+		if ((i*4+0) < keybytes) x[i] = (u_int32_t)rawkey[i*4+0] << 24;
+		if ((i*4+1) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+1] << 16;
+		if ((i*4+2) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+2] << 8;
+		if ((i*4+3) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+3];
+	}
+	/* Generate 32 subkeys, four at a time */
+	for (i = 0; i < 32; i+=4) {
+		switch (i & 4) {
+		 case 0:
+			t[0] = z[0] = x[0] ^ cast_sbox5[U_INT8_Tb(x[3])] ^
+			 cast_sbox6[U_INT8_Td(x[3])] ^ cast_sbox7[U_INT8_Ta(x[3])] ^
+			 cast_sbox8[U_INT8_Tc(x[3])] ^ cast_sbox7[U_INT8_Ta(x[2])];
+			t[1] = z[1] = x[2] ^ cast_sbox5[U_INT8_Ta(z[0])] ^
+			 cast_sbox6[U_INT8_Tc(z[0])] ^ cast_sbox7[U_INT8_Tb(z[0])] ^
+			 cast_sbox8[U_INT8_Td(z[0])] ^ cast_sbox8[U_INT8_Tc(x[2])];
+			t[2] = z[2] = x[3] ^ cast_sbox5[U_INT8_Td(z[1])] ^
+			 cast_sbox6[U_INT8_Tc(z[1])] ^ cast_sbox7[U_INT8_Tb(z[1])] ^
+			 cast_sbox8[U_INT8_Ta(z[1])] ^ cast_sbox5[U_INT8_Tb(x[2])];
+			t[3] = z[3] = x[1] ^ cast_sbox5[U_INT8_Tc(z[2])] ^
+			 cast_sbox6[U_INT8_Tb(z[2])] ^ cast_sbox7[U_INT8_Td(z[2])] ^
+			 cast_sbox8[U_INT8_Ta(z[2])] ^ cast_sbox6[U_INT8_Td(x[2])];
+			break;
+		 case 4:
+			t[0] = x[0] = z[2] ^ cast_sbox5[U_INT8_Tb(z[1])] ^
+			 cast_sbox6[U_INT8_Td(z[1])] ^ cast_sbox7[U_INT8_Ta(z[1])] ^
+			 cast_sbox8[U_INT8_Tc(z[1])] ^ cast_sbox7[U_INT8_Ta(z[0])];
+			t[1] = x[1] = z[0] ^ cast_sbox5[U_INT8_Ta(x[0])] ^
+			 cast_sbox6[U_INT8_Tc(x[0])] ^ cast_sbox7[U_INT8_Tb(x[0])] ^
+			 cast_sbox8[U_INT8_Td(x[0])] ^ cast_sbox8[U_INT8_Tc(z[0])];
+			t[2] = x[2] = z[1] ^ cast_sbox5[U_INT8_Td(x[1])] ^
+			 cast_sbox6[U_INT8_Tc(x[1])] ^ cast_sbox7[U_INT8_Tb(x[1])] ^
+			 cast_sbox8[U_INT8_Ta(x[1])] ^ cast_sbox5[U_INT8_Tb(z[0])];
+			t[3] = x[3] = z[3] ^ cast_sbox5[U_INT8_Tc(x[2])] ^
+			 cast_sbox6[U_INT8_Tb(x[2])] ^ cast_sbox7[U_INT8_Td(x[2])] ^
+			 cast_sbox8[U_INT8_Ta(x[2])] ^ cast_sbox6[U_INT8_Td(z[0])];
+			break;
+		}
+		switch (i & 12) {
+		 case 0:
+		 case 12:
+			key->xkey[i+0] = cast_sbox5[U_INT8_Ta(t[2])] ^ cast_sbox6[U_INT8_Tb(t[2])] ^
+			 cast_sbox7[U_INT8_Td(t[1])] ^ cast_sbox8[U_INT8_Tc(t[1])];
+			key->xkey[i+1] = cast_sbox5[U_INT8_Tc(t[2])] ^ cast_sbox6[U_INT8_Td(t[2])] ^
+			 cast_sbox7[U_INT8_Tb(t[1])] ^ cast_sbox8[U_INT8_Ta(t[1])];
+			key->xkey[i+2] = cast_sbox5[U_INT8_Ta(t[3])] ^ cast_sbox6[U_INT8_Tb(t[3])] ^
+			 cast_sbox7[U_INT8_Td(t[0])] ^ cast_sbox8[U_INT8_Tc(t[0])];
+			key->xkey[i+3] = cast_sbox5[U_INT8_Tc(t[3])] ^ cast_sbox6[U_INT8_Td(t[3])] ^
+			 cast_sbox7[U_INT8_Tb(t[0])] ^ cast_sbox8[U_INT8_Ta(t[0])];
+			break;
+		 case 4:
+		 case 8:
+			key->xkey[i+0] = cast_sbox5[U_INT8_Td(t[0])] ^ cast_sbox6[U_INT8_Tc(t[0])] ^
+			 cast_sbox7[U_INT8_Ta(t[3])] ^ cast_sbox8[U_INT8_Tb(t[3])];
+			key->xkey[i+1] = cast_sbox5[U_INT8_Tb(t[0])] ^ cast_sbox6[U_INT8_Ta(t[0])] ^
+			 cast_sbox7[U_INT8_Tc(t[3])] ^ cast_sbox8[U_INT8_Td(t[3])];
+			key->xkey[i+2] = cast_sbox5[U_INT8_Td(t[1])] ^ cast_sbox6[U_INT8_Tc(t[1])] ^
+			 cast_sbox7[U_INT8_Ta(t[2])] ^ cast_sbox8[U_INT8_Tb(t[2])];
+			key->xkey[i+3] = cast_sbox5[U_INT8_Tb(t[1])] ^ cast_sbox6[U_INT8_Ta(t[1])] ^
+			 cast_sbox7[U_INT8_Tc(t[2])] ^ cast_sbox8[U_INT8_Td(t[2])];
+			break;
+		}
+		switch (i & 12) {
+		 case 0:
+			key->xkey[i+0] ^= cast_sbox5[U_INT8_Tc(z[0])];
+			key->xkey[i+1] ^= cast_sbox6[U_INT8_Tc(z[1])];
+			key->xkey[i+2] ^= cast_sbox7[U_INT8_Tb(z[2])];
+			key->xkey[i+3] ^= cast_sbox8[U_INT8_Ta(z[3])];
+			break;
+		 case 4:
+			key->xkey[i+0] ^= cast_sbox5[U_INT8_Ta(x[2])];
+			key->xkey[i+1] ^= cast_sbox6[U_INT8_Tb(x[3])];
+			key->xkey[i+2] ^= cast_sbox7[U_INT8_Td(x[0])];
+			key->xkey[i+3] ^= cast_sbox8[U_INT8_Td(x[1])];
+			break;
+		 case 8:
+			key->xkey[i+0] ^= cast_sbox5[U_INT8_Tb(z[2])];
+			key->xkey[i+1] ^= cast_sbox6[U_INT8_Ta(z[3])];
+			key->xkey[i+2] ^= cast_sbox7[U_INT8_Tc(z[0])];
+			key->xkey[i+3] ^= cast_sbox8[U_INT8_Tc(z[1])];
+			break;
+		 case 12:
+			key->xkey[i+0] ^= cast_sbox5[U_INT8_Td(x[0])];
+			key->xkey[i+1] ^= cast_sbox6[U_INT8_Td(x[1])];
+			key->xkey[i+2] ^= cast_sbox7[U_INT8_Ta(x[2])];
+			key->xkey[i+3] ^= cast_sbox8[U_INT8_Tb(x[3])];
+			break;
+		}
+		if (i >= 16) {
+			key->xkey[i+0] &= 31;
+			key->xkey[i+1] &= 31;
+			key->xkey[i+2] &= 31;
+			key->xkey[i+3] &= 31;
+		}
+	}
+	/* Wipe clean */
+	for (i = 0; i < 4; i++) {
+		t[i] = x[i] = z[i] = 0;
+	}
+}
+
+/* Made in Canada */
+

freebsd/opencrypto/cast.h

@@ -0,0 +1,23 @@
+/*	$FreeBSD$	*/
+/*      $OpenBSD: cast.h,v 1.2 2002/03/14 01:26:51 millert Exp $       */
+
+/*-
+ *	CAST-128 in C
+ *	Written by Steve Reid <sreid@sea-to-sky.net>
+ *	100% Public Domain - no warranty
+ *	Released 1997.10.11
+ */
+
+#ifndef _CAST_HH_
+#define _CAST_HH_
+
+typedef struct {
+	u_int32_t	xkey[32];	/* Key, after expansion */
+	int		rounds;		/* Number of rounds to use, 12 or 16 */
+} cast_key;
+
+void cast_setkey(cast_key * key, u_int8_t * rawkey, int keybytes);
+void cast_encrypt(cast_key * key, u_int8_t * inblock, u_int8_t * outblock);
+void cast_decrypt(cast_key * key, u_int8_t * inblock, u_int8_t * outblock);
+
+#endif /* ifndef _CAST_HH_ */

freebsd/opencrypto/castsb.h

@@ -0,0 +1,545 @@
+/*	$FreeBSD$	*/
+/*      $OpenBSD: castsb.h,v 1.1 2000/02/28 23:13:04 deraadt Exp $       */
+/*-
+ *	CAST-128 in C
+ *	Written by Steve Reid <sreid@sea-to-sky.net>
+ *	100% Public Domain - no warranty
+ *	Released 1997.10.11
+ */
+
+static const u_int32_t cast_sbox1[256] = {
+	0x30FB40D4, 0x9FA0FF0B, 0x6BECCD2F, 0x3F258C7A,
+	0x1E213F2F, 0x9C004DD3, 0x6003E540, 0xCF9FC949,
+	0xBFD4AF27, 0x88BBBDB5, 0xE2034090, 0x98D09675,
+	0x6E63A0E0, 0x15C361D2, 0xC2E7661D, 0x22D4FF8E,
+	0x28683B6F, 0xC07FD059, 0xFF2379C8, 0x775F50E2,
+	0x43C340D3, 0xDF2F8656, 0x887CA41A, 0xA2D2BD2D,
+	0xA1C9E0D6, 0x346C4819, 0x61B76D87, 0x22540F2F,
+	0x2ABE32E1, 0xAA54166B, 0x22568E3A, 0xA2D341D0,
+	0x66DB40C8, 0xA784392F, 0x004DFF2F, 0x2DB9D2DE,
+	0x97943FAC, 0x4A97C1D8, 0x527644B7, 0xB5F437A7,
+	0xB82CBAEF, 0xD751D159, 0x6FF7F0ED, 0x5A097A1F,
+	0x827B68D0, 0x90ECF52E, 0x22B0C054, 0xBC8E5935,
+	0x4B6D2F7F, 0x50BB64A2, 0xD2664910, 0xBEE5812D,
+	0xB7332290, 0xE93B159F, 0xB48EE411, 0x4BFF345D,
+	0xFD45C240, 0xAD31973F, 0xC4F6D02E, 0x55FC8165,
+	0xD5B1CAAD, 0xA1AC2DAE, 0xA2D4B76D, 0xC19B0C50,
+	0x882240F2, 0x0C6E4F38, 0xA4E4BFD7, 0x4F5BA272,
+	0x564C1D2F, 0xC59C5319, 0xB949E354, 0xB04669FE,
+	0xB1B6AB8A, 0xC71358DD, 0x6385C545, 0x110F935D,
+	0x57538AD5, 0x6A390493, 0xE63D37E0, 0x2A54F6B3,
+	0x3A787D5F, 0x6276A0B5, 0x19A6FCDF, 0x7A42206A,
+	0x29F9D4D5, 0xF61B1891, 0xBB72275E, 0xAA508167,
+	0x38901091, 0xC6B505EB, 0x84C7CB8C, 0x2AD75A0F,
+	0x874A1427, 0xA2D1936B, 0x2AD286AF, 0xAA56D291,
+	0xD7894360, 0x425C750D, 0x93B39E26, 0x187184C9,
+	0x6C00B32D, 0x73E2BB14, 0xA0BEBC3C, 0x54623779,
+	0x64459EAB, 0x3F328B82, 0x7718CF82, 0x59A2CEA6,
+	0x04EE002E, 0x89FE78E6, 0x3FAB0950, 0x325FF6C2,
+	0x81383F05, 0x6963C5C8, 0x76CB5AD6, 0xD49974C9,
+	0xCA180DCF, 0x380782D5, 0xC7FA5CF6, 0x8AC31511,
+	0x35E79E13, 0x47DA91D0, 0xF40F9086, 0xA7E2419E,
+	0x31366241, 0x051EF495, 0xAA573B04, 0x4A805D8D,
+	0x548300D0, 0x00322A3C, 0xBF64CDDF, 0xBA57A68E,
+	0x75C6372B, 0x50AFD341, 0xA7C13275, 0x915A0BF5,
+	0x6B54BFAB, 0x2B0B1426, 0xAB4CC9D7, 0x449CCD82,
+	0xF7FBF265, 0xAB85C5F3, 0x1B55DB94, 0xAAD4E324,
+	0xCFA4BD3F, 0x2DEAA3E2, 0x9E204D02, 0xC8BD25AC,
+	0xEADF55B3, 0xD5BD9E98, 0xE31231B2, 0x2AD5AD6C,
+	0x954329DE, 0xADBE4528, 0xD8710F69, 0xAA51C90F,
+	0xAA786BF6, 0x22513F1E, 0xAA51A79B, 0x2AD344CC,
+	0x7B5A41F0, 0xD37CFBAD, 0x1B069505, 0x41ECE491,
+	0xB4C332E6, 0x032268D4, 0xC9600ACC, 0xCE387E6D,
+	0xBF6BB16C, 0x6A70FB78, 0x0D03D9C9, 0xD4DF39DE,
+	0xE01063DA, 0x4736F464, 0x5AD328D8, 0xB347CC96,
+	0x75BB0FC3, 0x98511BFB, 0x4FFBCC35, 0xB58BCF6A,
+	0xE11F0ABC, 0xBFC5FE4A, 0xA70AEC10, 0xAC39570A,
+	0x3F04442F, 0x6188B153, 0xE0397A2E, 0x5727CB79,
+	0x9CEB418F, 0x1CACD68D, 0x2AD37C96, 0x0175CB9D,
+	0xC69DFF09, 0xC75B65F0, 0xD9DB40D8, 0xEC0E7779,
+	0x4744EAD4, 0xB11C3274, 0xDD24CB9E, 0x7E1C54BD,
+	0xF01144F9, 0xD2240EB1, 0x9675B3FD, 0xA3AC3755,
+	0xD47C27AF, 0x51C85F4D, 0x56907596, 0xA5BB15E6,
+	0x580304F0, 0xCA042CF1, 0x011A37EA, 0x8DBFAADB,
+	0x35BA3E4A, 0x3526FFA0, 0xC37B4D09, 0xBC306ED9,
+	0x98A52666, 0x5648F725, 0xFF5E569D, 0x0CED63D0,
+	0x7C63B2CF, 0x700B45E1, 0xD5EA50F1, 0x85A92872,
+	0xAF1FBDA7, 0xD4234870, 0xA7870BF3, 0x2D3B4D79,
+	0x42E04198, 0x0CD0EDE7, 0x26470DB8, 0xF881814C,
+	0x474D6AD7, 0x7C0C5E5C, 0xD1231959, 0x381B7298,
+	0xF5D2F4DB, 0xAB838653, 0x6E2F1E23, 0x83719C9E,
+	0xBD91E046, 0x9A56456E, 0xDC39200C, 0x20C8C571,
+	0x962BDA1C, 0xE1E696FF, 0xB141AB08, 0x7CCA89B9,
+	0x1A69E783, 0x02CC4843, 0xA2F7C579, 0x429EF47D,
+	0x427B169C, 0x5AC9F049, 0xDD8F0F00, 0x5C8165BF
+};
+
+static const u_int32_t cast_sbox2[256] = {
+	0x1F201094, 0xEF0BA75B, 0x69E3CF7E, 0x393F4380,
+	0xFE61CF7A, 0xEEC5207A, 0x55889C94, 0x72FC0651,
+	0xADA7EF79, 0x4E1D7235, 0xD55A63CE, 0xDE0436BA,
+	0x99C430EF, 0x5F0C0794, 0x18DCDB7D, 0xA1D6EFF3,
+	0xA0B52F7B, 0x59E83605, 0xEE15B094, 0xE9FFD909,
+	0xDC440086, 0xEF944459, 0xBA83CCB3, 0xE0C3CDFB,
+	0xD1DA4181, 0x3B092AB1, 0xF997F1C1, 0xA5E6CF7B,
+	0x01420DDB, 0xE4E7EF5B, 0x25A1FF41, 0xE180F806,
+	0x1FC41080, 0x179BEE7A, 0xD37AC6A9, 0xFE5830A4,
+	0x98DE8B7F, 0x77E83F4E, 0x79929269, 0x24FA9F7B,
+	0xE113C85B, 0xACC40083, 0xD7503525, 0xF7EA615F,
+	0x62143154, 0x0D554B63, 0x5D681121, 0xC866C359,
+	0x3D63CF73, 0xCEE234C0, 0xD4D87E87, 0x5C672B21,
+	0x071F6181, 0x39F7627F, 0x361E3084, 0xE4EB573B,
+	0x602F64A4, 0xD63ACD9C, 0x1BBC4635, 0x9E81032D,
+	0x2701F50C, 0x99847AB4, 0xA0E3DF79, 0xBA6CF38C,
+	0x10843094, 0x2537A95E, 0xF46F6FFE, 0xA1FF3B1F,
+	0x208CFB6A, 0x8F458C74, 0xD9E0A227, 0x4EC73A34,
+	0xFC884F69, 0x3E4DE8DF, 0xEF0E0088, 0x3559648D,
+	0x8A45388C, 0x1D804366, 0x721D9BFD, 0xA58684BB,
+	0xE8256333, 0x844E8212, 0x128D8098, 0xFED33FB4,
+	0xCE280AE1, 0x27E19BA5, 0xD5A6C252, 0xE49754BD,
+	0xC5D655DD, 0xEB667064, 0x77840B4D, 0xA1B6A801,
+	0x84DB26A9, 0xE0B56714, 0x21F043B7, 0xE5D05860,
+	0x54F03084, 0x066FF472, 0xA31AA153, 0xDADC4755,
+	0xB5625DBF, 0x68561BE6, 0x83CA6B94, 0x2D6ED23B,
+	0xECCF01DB, 0xA6D3D0BA, 0xB6803D5C, 0xAF77A709,
+	0x33B4A34C, 0x397BC8D6, 0x5EE22B95, 0x5F0E5304,
+	0x81ED6F61, 0x20E74364, 0xB45E1378, 0xDE18639B,
+	0x881CA122, 0xB96726D1, 0x8049A7E8, 0x22B7DA7B,
+	0x5E552D25, 0x5272D237, 0x79D2951C, 0xC60D894C,
+	0x488CB402, 0x1BA4FE5B, 0xA4B09F6B, 0x1CA815CF,
+	0xA20C3005, 0x8871DF63, 0xB9DE2FCB, 0x0CC6C9E9,
+	0x0BEEFF53, 0xE3214517, 0xB4542835, 0x9F63293C,
+	0xEE41E729, 0x6E1D2D7C, 0x50045286, 0x1E6685F3,
+	0xF33401C6, 0x30A22C95, 0x31A70850, 0x60930F13,
+	0x73F98417, 0xA1269859, 0xEC645C44, 0x52C877A9,
+	0xCDFF33A6, 0xA02B1741, 0x7CBAD9A2, 0x2180036F,
+	0x50D99C08, 0xCB3F4861, 0xC26BD765, 0x64A3F6AB,
+	0x80342676, 0x25A75E7B, 0xE4E6D1FC, 0x20C710E6,
+	0xCDF0B680, 0x17844D3B, 0x31EEF84D, 0x7E0824E4,
+	0x2CCB49EB, 0x846A3BAE, 0x8FF77888, 0xEE5D60F6,
+	0x7AF75673, 0x2FDD5CDB, 0xA11631C1, 0x30F66F43,
+	0xB3FAEC54, 0x157FD7FA, 0xEF8579CC, 0xD152DE58,
+	0xDB2FFD5E, 0x8F32CE19, 0x306AF97A, 0x02F03EF8,
+	0x99319AD5, 0xC242FA0F, 0xA7E3EBB0, 0xC68E4906,
+	0xB8DA230C, 0x80823028, 0xDCDEF3C8, 0xD35FB171,
+	0x088A1BC8, 0xBEC0C560, 0x61A3C9E8, 0xBCA8F54D,
+	0xC72FEFFA, 0x22822E99, 0x82C570B4, 0xD8D94E89,
+	0x8B1C34BC, 0x301E16E6, 0x273BE979, 0xB0FFEAA6,
+	0x61D9B8C6, 0x00B24869, 0xB7FFCE3F, 0x08DC283B,
+	0x43DAF65A, 0xF7E19798, 0x7619B72F, 0x8F1C9BA4,
+	0xDC8637A0, 0x16A7D3B1, 0x9FC393B7, 0xA7136EEB,
+	0xC6BCC63E, 0x1A513742, 0xEF6828BC, 0x520365D6,
+	0x2D6A77AB, 0x3527ED4B, 0x821FD216, 0x095C6E2E,
+	0xDB92F2FB, 0x5EEA29CB, 0x145892F5, 0x91584F7F,
+	0x5483697B, 0x2667A8CC, 0x85196048, 0x8C4BACEA,
+	0x833860D4, 0x0D23E0F9, 0x6C387E8A, 0x0AE6D249,
+	0xB284600C, 0xD835731D, 0xDCB1C647, 0xAC4C56EA,
+	0x3EBD81B3, 0x230EABB0, 0x6438BC87, 0xF0B5B1FA,
+	0x8F5EA2B3, 0xFC184642, 0x0A036B7A, 0x4FB089BD,
+	0x649DA589, 0xA345415E, 0x5C038323, 0x3E5D3BB9,
+	0x43D79572, 0x7E6DD07C, 0x06DFDF1E, 0x6C6CC4EF,
+	0x7160A539, 0x73BFBE70, 0x83877605, 0x4523ECF1
+};
+
+static const u_int32_t cast_sbox3[256] = {
+	0x8DEFC240, 0x25FA5D9F, 0xEB903DBF, 0xE810C907,
+	0x47607FFF, 0x369FE44B, 0x8C1FC644, 0xAECECA90,
+	0xBEB1F9BF, 0xEEFBCAEA, 0xE8CF1950, 0x51DF07AE,
+	0x920E8806, 0xF0AD0548, 0xE13C8D83, 0x927010D5,
+	0x11107D9F, 0x07647DB9, 0xB2E3E4D4, 0x3D4F285E,
+	0xB9AFA820, 0xFADE82E0, 0xA067268B, 0x8272792E,
+	0x553FB2C0, 0x489AE22B, 0xD4EF9794, 0x125E3FBC,
+	0x21FFFCEE, 0x825B1BFD, 0x9255C5ED, 0x1257A240,
+	0x4E1A8302, 0xBAE07FFF, 0x528246E7, 0x8E57140E,
+	0x3373F7BF, 0x8C9F8188, 0xA6FC4EE8, 0xC982B5A5,
+	0xA8C01DB7, 0x579FC264, 0x67094F31, 0xF2BD3F5F,
+	0x40FFF7C1, 0x1FB78DFC, 0x8E6BD2C1, 0x437BE59B,
+	0x99B03DBF, 0xB5DBC64B, 0x638DC0E6, 0x55819D99,
+	0xA197C81C, 0x4A012D6E, 0xC5884A28, 0xCCC36F71,
+	0xB843C213, 0x6C0743F1, 0x8309893C, 0x0FEDDD5F,
+	0x2F7FE850, 0xD7C07F7E, 0x02507FBF, 0x5AFB9A04,
+	0xA747D2D0, 0x1651192E, 0xAF70BF3E, 0x58C31380,
+	0x5F98302E, 0x727CC3C4, 0x0A0FB402, 0x0F7FEF82,
+	0x8C96FDAD, 0x5D2C2AAE, 0x8EE99A49, 0x50DA88B8,
+	0x8427F4A0, 0x1EAC5790, 0x796FB449, 0x8252DC15,
+	0xEFBD7D9B, 0xA672597D, 0xADA840D8, 0x45F54504,
+	0xFA5D7403, 0xE83EC305, 0x4F91751A, 0x925669C2,
+	0x23EFE941, 0xA903F12E, 0x60270DF2, 0x0276E4B6,
+	0x94FD6574, 0x927985B2, 0x8276DBCB, 0x02778176,
+	0xF8AF918D, 0x4E48F79E, 0x8F616DDF, 0xE29D840E,
+	0x842F7D83, 0x340CE5C8, 0x96BBB682, 0x93B4B148,
+	0xEF303CAB, 0x984FAF28, 0x779FAF9B, 0x92DC560D,
+	0x224D1E20, 0x8437AA88, 0x7D29DC96, 0x2756D3DC,
+	0x8B907CEE, 0xB51FD240, 0xE7C07CE3, 0xE566B4A1,
+	0xC3E9615E, 0x3CF8209D, 0x6094D1E3, 0xCD9CA341,
+	0x5C76460E, 0x00EA983B, 0xD4D67881, 0xFD47572C,
+	0xF76CEDD9, 0xBDA8229C, 0x127DADAA, 0x438A074E,
+	0x1F97C090, 0x081BDB8A, 0x93A07EBE, 0xB938CA15,
+	0x97B03CFF, 0x3DC2C0F8, 0x8D1AB2EC, 0x64380E51,
+	0x68CC7BFB, 0xD90F2788, 0x12490181, 0x5DE5FFD4,
+	0xDD7EF86A, 0x76A2E214, 0xB9A40368, 0x925D958F,
+	0x4B39FFFA, 0xBA39AEE9, 0xA4FFD30B, 0xFAF7933B,
+	0x6D498623, 0x193CBCFA, 0x27627545, 0x825CF47A,
+	0x61BD8BA0, 0xD11E42D1, 0xCEAD04F4, 0x127EA392,
+	0x10428DB7, 0x8272A972, 0x9270C4A8, 0x127DE50B,
+	0x285BA1C8, 0x3C62F44F, 0x35C0EAA5, 0xE805D231,
+	0x428929FB, 0xB4FCDF82, 0x4FB66A53, 0x0E7DC15B,
+	0x1F081FAB, 0x108618AE, 0xFCFD086D, 0xF9FF2889,
+	0x694BCC11, 0x236A5CAE, 0x12DECA4D, 0x2C3F8CC5,
+	0xD2D02DFE, 0xF8EF5896, 0xE4CF52DA, 0x95155B67,
+	0x494A488C, 0xB9B6A80C, 0x5C8F82BC, 0x89D36B45,
+	0x3A609437, 0xEC00C9A9, 0x44715253, 0x0A874B49,
+	0xD773BC40, 0x7C34671C, 0x02717EF6, 0x4FEB5536,
+	0xA2D02FFF, 0xD2BF60C4, 0xD43F03C0, 0x50B4EF6D,
+	0x07478CD1, 0x006E1888, 0xA2E53F55, 0xB9E6D4BC,
+	0xA2048016, 0x97573833, 0xD7207D67, 0xDE0F8F3D,
+	0x72F87B33, 0xABCC4F33, 0x7688C55D, 0x7B00A6B0,
+	0x947B0001, 0x570075D2, 0xF9BB88F8, 0x8942019E,
+	0x4264A5FF, 0x856302E0, 0x72DBD92B, 0xEE971B69,
+	0x6EA22FDE, 0x5F08AE2B, 0xAF7A616D, 0xE5C98767,
+	0xCF1FEBD2, 0x61EFC8C2, 0xF1AC2571, 0xCC8239C2,
+	0x67214CB8, 0xB1E583D1, 0xB7DC3E62, 0x7F10BDCE,
+	0xF90A5C38, 0x0FF0443D, 0x606E6DC6, 0x60543A49,
+	0x5727C148, 0x2BE98A1D, 0x8AB41738, 0x20E1BE24,
+	0xAF96DA0F, 0x68458425, 0x99833BE5, 0x600D457D,
+	0x282F9350, 0x8334B362, 0xD91D1120, 0x2B6D8DA0,
+	0x642B1E31, 0x9C305A00, 0x52BCE688, 0x1B03588A,
+	0xF7BAEFD5, 0x4142ED9C, 0xA4315C11, 0x83323EC5,
+	0xDFEF4636, 0xA133C501, 0xE9D3531C, 0xEE353783
+};
+
+static const u_int32_t cast_sbox4[256] = {
+	0x9DB30420, 0x1FB6E9DE, 0xA7BE7BEF, 0xD273A298,
+	0x4A4F7BDB, 0x64AD8C57, 0x85510443, 0xFA020ED1,
+	0x7E287AFF, 0xE60FB663, 0x095F35A1, 0x79EBF120,
+	0xFD059D43, 0x6497B7B1, 0xF3641F63, 0x241E4ADF,
+	0x28147F5F, 0x4FA2B8CD, 0xC9430040, 0x0CC32220,
+	0xFDD30B30, 0xC0A5374F, 0x1D2D00D9, 0x24147B15,
+	0xEE4D111A, 0x0FCA5167, 0x71FF904C, 0x2D195FFE,
+	0x1A05645F, 0x0C13FEFE, 0x081B08CA, 0x05170121,
+	0x80530100, 0xE83E5EFE, 0xAC9AF4F8, 0x7FE72701,
+	0xD2B8EE5F, 0x06DF4261, 0xBB9E9B8A, 0x7293EA25,
+	0xCE84FFDF, 0xF5718801, 0x3DD64B04, 0xA26F263B,
+	0x7ED48400, 0x547EEBE6, 0x446D4CA0, 0x6CF3D6F5,
+	0x2649ABDF, 0xAEA0C7F5, 0x36338CC1, 0x503F7E93,
+	0xD3772061, 0x11B638E1, 0x72500E03, 0xF80EB2BB,
+	0xABE0502E, 0xEC8D77DE, 0x57971E81, 0xE14F6746,
+	0xC9335400, 0x6920318F, 0x081DBB99, 0xFFC304A5,
+	0x4D351805, 0x7F3D5CE3, 0xA6C866C6, 0x5D5BCCA9,
+	0xDAEC6FEA, 0x9F926F91, 0x9F46222F, 0x3991467D,
+	0xA5BF6D8E, 0x1143C44F, 0x43958302, 0xD0214EEB,
+	0x022083B8, 0x3FB6180C, 0x18F8931E, 0x281658E6,
+	0x26486E3E, 0x8BD78A70, 0x7477E4C1, 0xB506E07C,
+	0xF32D0A25, 0x79098B02, 0xE4EABB81, 0x28123B23,
+	0x69DEAD38, 0x1574CA16, 0xDF871B62, 0x211C40B7,
+	0xA51A9EF9, 0x0014377B, 0x041E8AC8, 0x09114003,
+	0xBD59E4D2, 0xE3D156D5, 0x4FE876D5, 0x2F91A340,
+	0x557BE8DE, 0x00EAE4A7, 0x0CE5C2EC, 0x4DB4BBA6,
+	0xE756BDFF, 0xDD3369AC, 0xEC17B035, 0x06572327,
+	0x99AFC8B0, 0x56C8C391, 0x6B65811C, 0x5E146119,
+	0x6E85CB75, 0xBE07C002, 0xC2325577, 0x893FF4EC,
+	0x5BBFC92D, 0xD0EC3B25, 0xB7801AB7, 0x8D6D3B24,
+	0x20C763EF, 0xC366A5FC, 0x9C382880, 0x0ACE3205,
+	0xAAC9548A, 0xECA1D7C7, 0x041AFA32, 0x1D16625A,
+	0x6701902C, 0x9B757A54, 0x31D477F7, 0x9126B031,
+	0x36CC6FDB, 0xC70B8B46, 0xD9E66A48, 0x56E55A79,
+	0x026A4CEB, 0x52437EFF, 0x2F8F76B4, 0x0DF980A5,
+	0x8674CDE3, 0xEDDA04EB, 0x17A9BE04, 0x2C18F4DF,
+	0xB7747F9D, 0xAB2AF7B4, 0xEFC34D20, 0x2E096B7C,
+	0x1741A254, 0xE5B6A035, 0x213D42F6, 0x2C1C7C26,
+	0x61C2F50F, 0x6552DAF9, 0xD2C231F8, 0x25130F69,
+	0xD8167FA2, 0x0418F2C8, 0x001A96A6, 0x0D1526AB,
+	0x63315C21, 0x5E0A72EC, 0x49BAFEFD, 0x187908D9,
+	0x8D0DBD86, 0x311170A7, 0x3E9B640C, 0xCC3E10D7,
+	0xD5CAD3B6, 0x0CAEC388, 0xF73001E1, 0x6C728AFF,
+	0x71EAE2A1, 0x1F9AF36E, 0xCFCBD12F, 0xC1DE8417,
+	0xAC07BE6B, 0xCB44A1D8, 0x8B9B0F56, 0x013988C3,
+	0xB1C52FCA, 0xB4BE31CD, 0xD8782806, 0x12A3A4E2,
+	0x6F7DE532, 0x58FD7EB6, 0xD01EE900, 0x24ADFFC2,
+	0xF4990FC5, 0x9711AAC5, 0x001D7B95, 0x82E5E7D2,
+	0x109873F6, 0x00613096, 0xC32D9521, 0xADA121FF,
+	0x29908415, 0x7FBB977F, 0xAF9EB3DB, 0x29C9ED2A,
+	0x5CE2A465, 0xA730F32C, 0xD0AA3FE8, 0x8A5CC091,
+	0xD49E2CE7, 0x0CE454A9, 0xD60ACD86, 0x015F1919,
+	0x77079103, 0xDEA03AF6, 0x78A8565E, 0xDEE356DF,
+	0x21F05CBE, 0x8B75E387, 0xB3C50651, 0xB8A5C3EF,
+	0xD8EEB6D2, 0xE523BE77, 0xC2154529, 0x2F69EFDF,
+	0xAFE67AFB, 0xF470C4B2, 0xF3E0EB5B, 0xD6CC9876,
+	0x39E4460C, 0x1FDA8538, 0x1987832F, 0xCA007367,
+	0xA99144F8, 0x296B299E, 0x492FC295, 0x9266BEAB,
+	0xB5676E69, 0x9BD3DDDA, 0xDF7E052F, 0xDB25701C,
+	0x1B5E51EE, 0xF65324E6, 0x6AFCE36C, 0x0316CC04,
+	0x8644213E, 0xB7DC59D0, 0x7965291F, 0xCCD6FD43,
+	0x41823979, 0x932BCDF6, 0xB657C34D, 0x4EDFD282,
+	0x7AE5290C, 0x3CB9536B, 0x851E20FE, 0x9833557E,
+	0x13ECF0B0, 0xD3FFB372, 0x3F85C5C1, 0x0AEF7ED2
+};
+
+static const u_int32_t cast_sbox5[256] = {
+	0x7EC90C04, 0x2C6E74B9, 0x9B0E66DF, 0xA6337911,
+	0xB86A7FFF, 0x1DD358F5, 0x44DD9D44, 0x1731167F,
+	0x08FBF1FA, 0xE7F511CC, 0xD2051B00, 0x735ABA00,
+	0x2AB722D8, 0x386381CB, 0xACF6243A, 0x69BEFD7A,
+	0xE6A2E77F, 0xF0C720CD, 0xC4494816, 0xCCF5C180,
+	0x38851640, 0x15B0A848, 0xE68B18CB, 0x4CAADEFF,
+	0x5F480A01, 0x0412B2AA, 0x259814FC, 0x41D0EFE2,
+	0x4E40B48D, 0x248EB6FB, 0x8DBA1CFE, 0x41A99B02,
+	0x1A550A04, 0xBA8F65CB, 0x7251F4E7, 0x95A51725,
+	0xC106ECD7, 0x97A5980A, 0xC539B9AA, 0x4D79FE6A,
+	0xF2F3F763, 0x68AF8040, 0xED0C9E56, 0x11B4958B,
+	0xE1EB5A88, 0x8709E6B0, 0xD7E07156, 0x4E29FEA7,
+	0x6366E52D, 0x02D1C000, 0xC4AC8E05, 0x9377F571,
+	0x0C05372A, 0x578535F2, 0x2261BE02, 0xD642A0C9,
+	0xDF13A280, 0x74B55BD2, 0x682199C0, 0xD421E5EC,
+	0x53FB3CE8, 0xC8ADEDB3, 0x28A87FC9, 0x3D959981,
+	0x5C1FF900, 0xFE38D399, 0x0C4EFF0B, 0x062407EA,
+	0xAA2F4FB1, 0x4FB96976, 0x90C79505, 0xB0A8A774,
+	0xEF55A1FF, 0xE59CA2C2, 0xA6B62D27, 0xE66A4263,
+	0xDF65001F, 0x0EC50966, 0xDFDD55BC, 0x29DE0655,
+	0x911E739A, 0x17AF8975, 0x32C7911C, 0x89F89468,
+	0x0D01E980, 0x524755F4, 0x03B63CC9, 0x0CC844B2,
+	0xBCF3F0AA, 0x87AC36E9, 0xE53A7426, 0x01B3D82B,
+	0x1A9E7449, 0x64EE2D7E, 0xCDDBB1DA, 0x01C94910,
+	0xB868BF80, 0x0D26F3FD, 0x9342EDE7, 0x04A5C284,
+	0x636737B6, 0x50F5B616, 0xF24766E3, 0x8ECA36C1,
+	0x136E05DB, 0xFEF18391, 0xFB887A37, 0xD6E7F7D4,
+	0xC7FB7DC9, 0x3063FCDF, 0xB6F589DE, 0xEC2941DA,
+	0x26E46695, 0xB7566419, 0xF654EFC5, 0xD08D58B7,
+	0x48925401, 0xC1BACB7F, 0xE5FF550F, 0xB6083049,
+	0x5BB5D0E8, 0x87D72E5A, 0xAB6A6EE1, 0x223A66CE,
+	0xC62BF3CD, 0x9E0885F9, 0x68CB3E47, 0x086C010F,
+	0xA21DE820, 0xD18B69DE, 0xF3F65777, 0xFA02C3F6,
+	0x407EDAC3, 0xCBB3D550, 0x1793084D, 0xB0D70EBA,
+	0x0AB378D5, 0xD951FB0C, 0xDED7DA56, 0x4124BBE4,
+	0x94CA0B56, 0x0F5755D1, 0xE0E1E56E, 0x6184B5BE,
+	0x580A249F, 0x94F74BC0, 0xE327888E, 0x9F7B5561,
+	0xC3DC0280, 0x05687715, 0x646C6BD7, 0x44904DB3,
+	0x66B4F0A3, 0xC0F1648A, 0x697ED5AF, 0x49E92FF6,
+	0x309E374F, 0x2CB6356A, 0x85808573, 0x4991F840,
+	0x76F0AE02, 0x083BE84D, 0x28421C9A, 0x44489406,
+	0x736E4CB8, 0xC1092910, 0x8BC95FC6, 0x7D869CF4,
+	0x134F616F, 0x2E77118D, 0xB31B2BE1, 0xAA90B472,
+	0x3CA5D717, 0x7D161BBA, 0x9CAD9010, 0xAF462BA2,
+	0x9FE459D2, 0x45D34559, 0xD9F2DA13, 0xDBC65487,
+	0xF3E4F94E, 0x176D486F, 0x097C13EA, 0x631DA5C7,
+	0x445F7382, 0x175683F4, 0xCDC66A97, 0x70BE0288,
+	0xB3CDCF72, 0x6E5DD2F3, 0x20936079, 0x459B80A5,
+	0xBE60E2DB, 0xA9C23101, 0xEBA5315C, 0x224E42F2,
+	0x1C5C1572, 0xF6721B2C, 0x1AD2FFF3, 0x8C25404E,
+	0x324ED72F, 0x4067B7FD, 0x0523138E, 0x5CA3BC78,
+	0xDC0FD66E, 0x75922283, 0x784D6B17, 0x58EBB16E,
+	0x44094F85, 0x3F481D87, 0xFCFEAE7B, 0x77B5FF76,
+	0x8C2302BF, 0xAAF47556, 0x5F46B02A, 0x2B092801,
+	0x3D38F5F7, 0x0CA81F36, 0x52AF4A8A, 0x66D5E7C0,
+	0xDF3B0874, 0x95055110, 0x1B5AD7A8, 0xF61ED5AD,
+	0x6CF6E479, 0x20758184, 0xD0CEFA65, 0x88F7BE58,
+	0x4A046826, 0x0FF6F8F3, 0xA09C7F70, 0x5346ABA0,
+	0x5CE96C28, 0xE176EDA3, 0x6BAC307F, 0x376829D2,
+	0x85360FA9, 0x17E3FE2A, 0x24B79767, 0xF5A96B20,
+	0xD6CD2595, 0x68FF1EBF, 0x7555442C, 0xF19F06BE,
+	0xF9E0659A, 0xEEB9491D, 0x34010718, 0xBB30CAB8,
+	0xE822FE15, 0x88570983, 0x750E6249, 0xDA627E55,
+	0x5E76FFA8, 0xB1534546, 0x6D47DE08, 0xEFE9E7D4
+};
+
+static const u_int32_t cast_sbox6[256] = {
+	0xF6FA8F9D, 0x2CAC6CE1, 0x4CA34867, 0xE2337F7C,
+	0x95DB08E7, 0x016843B4, 0xECED5CBC, 0x325553AC,
+	0xBF9F0960, 0xDFA1E2ED, 0x83F0579D, 0x63ED86B9,
+	0x1AB6A6B8, 0xDE5EBE39, 0xF38FF732, 0x8989B138,
+	0x33F14961, 0xC01937BD, 0xF506C6DA, 0xE4625E7E,
+	0xA308EA99, 0x4E23E33C, 0x79CBD7CC, 0x48A14367,
+	0xA3149619, 0xFEC94BD5, 0xA114174A, 0xEAA01866,
+	0xA084DB2D, 0x09A8486F, 0xA888614A, 0x2900AF98,
+	0x01665991, 0xE1992863, 0xC8F30C60, 0x2E78EF3C,
+	0xD0D51932, 0xCF0FEC14, 0xF7CA07D2, 0xD0A82072,
+	0xFD41197E, 0x9305A6B0, 0xE86BE3DA, 0x74BED3CD,
+	0x372DA53C, 0x4C7F4448, 0xDAB5D440, 0x6DBA0EC3,
+	0x083919A7, 0x9FBAEED9, 0x49DBCFB0, 0x4E670C53,
+	0x5C3D9C01, 0x64BDB941, 0x2C0E636A, 0xBA7DD9CD,
+	0xEA6F7388, 0xE70BC762, 0x35F29ADB, 0x5C4CDD8D,
+	0xF0D48D8C, 0xB88153E2, 0x08A19866, 0x1AE2EAC8,
+	0x284CAF89, 0xAA928223, 0x9334BE53, 0x3B3A21BF,
+	0x16434BE3, 0x9AEA3906, 0xEFE8C36E, 0xF890CDD9,
+	0x80226DAE, 0xC340A4A3, 0xDF7E9C09, 0xA694A807,
+	0x5B7C5ECC, 0x221DB3A6, 0x9A69A02F, 0x68818A54,
+	0xCEB2296F, 0x53C0843A, 0xFE893655, 0x25BFE68A,
+	0xB4628ABC, 0xCF222EBF, 0x25AC6F48, 0xA9A99387,
+	0x53BDDB65, 0xE76FFBE7, 0xE967FD78, 0x0BA93563,
+	0x8E342BC1, 0xE8A11BE9, 0x4980740D, 0xC8087DFC,
+	0x8DE4BF99, 0xA11101A0, 0x7FD37975, 0xDA5A26C0,
+	0xE81F994F, 0x9528CD89, 0xFD339FED, 0xB87834BF,
+	0x5F04456D, 0x22258698, 0xC9C4C83B, 0x2DC156BE,
+	0x4F628DAA, 0x57F55EC5, 0xE2220ABE, 0xD2916EBF,
+	0x4EC75B95, 0x24F2C3C0, 0x42D15D99, 0xCD0D7FA0,
+	0x7B6E27FF, 0xA8DC8AF0, 0x7345C106, 0xF41E232F,
+	0x35162386, 0xE6EA8926, 0x3333B094, 0x157EC6F2,
+	0x372B74AF, 0x692573E4, 0xE9A9D848, 0xF3160289,
+	0x3A62EF1D, 0xA787E238, 0xF3A5F676, 0x74364853,
+	0x20951063, 0x4576698D, 0xB6FAD407, 0x592AF950,
+	0x36F73523, 0x4CFB6E87, 0x7DA4CEC0, 0x6C152DAA,
+	0xCB0396A8, 0xC50DFE5D, 0xFCD707AB, 0x0921C42F,
+	0x89DFF0BB, 0x5FE2BE78, 0x448F4F33, 0x754613C9,
+	0x2B05D08D, 0x48B9D585, 0xDC049441, 0xC8098F9B,
+	0x7DEDE786, 0xC39A3373, 0x42410005, 0x6A091751,
+	0x0EF3C8A6, 0x890072D6, 0x28207682, 0xA9A9F7BE,
+	0xBF32679D, 0xD45B5B75, 0xB353FD00, 0xCBB0E358,
+	0x830F220A, 0x1F8FB214, 0xD372CF08, 0xCC3C4A13,
+	0x8CF63166, 0x061C87BE, 0x88C98F88, 0x6062E397,
+	0x47CF8E7A, 0xB6C85283, 0x3CC2ACFB, 0x3FC06976,
+	0x4E8F0252, 0x64D8314D, 0xDA3870E3, 0x1E665459,
+	0xC10908F0, 0x513021A5, 0x6C5B68B7, 0x822F8AA0,
+	0x3007CD3E, 0x74719EEF, 0xDC872681, 0x073340D4,
+	0x7E432FD9, 0x0C5EC241, 0x8809286C, 0xF592D891,
+	0x08A930F6, 0x957EF305, 0xB7FBFFBD, 0xC266E96F,
+	0x6FE4AC98, 0xB173ECC0, 0xBC60B42A, 0x953498DA,
+	0xFBA1AE12, 0x2D4BD736, 0x0F25FAAB, 0xA4F3FCEB,
+	0xE2969123, 0x257F0C3D, 0x9348AF49, 0x361400BC,
+	0xE8816F4A, 0x3814F200, 0xA3F94043, 0x9C7A54C2,
+	0xBC704F57, 0xDA41E7F9, 0xC25AD33A, 0x54F4A084,
+	0xB17F5505, 0x59357CBE, 0xEDBD15C8, 0x7F97C5AB,
+	0xBA5AC7B5, 0xB6F6DEAF, 0x3A479C3A, 0x5302DA25,
+	0x653D7E6A, 0x54268D49, 0x51A477EA, 0x5017D55B,
+	0xD7D25D88, 0x44136C76, 0x0404A8C8, 0xB8E5A121,
+	0xB81A928A, 0x60ED5869, 0x97C55B96, 0xEAEC991B,
+	0x29935913, 0x01FDB7F1, 0x088E8DFA, 0x9AB6F6F5,
+	0x3B4CBF9F, 0x4A5DE3AB, 0xE6051D35, 0xA0E1D855,
+	0xD36B4CF1, 0xF544EDEB, 0xB0E93524, 0xBEBB8FBD,
+	0xA2D762CF, 0x49C92F54, 0x38B5F331, 0x7128A454,
+	0x48392905, 0xA65B1DB8, 0x851C97BD, 0xD675CF2F
+};
+
+static const u_int32_t cast_sbox7[256] = {
+	0x85E04019, 0x332BF567, 0x662DBFFF, 0xCFC65693,
+	0x2A8D7F6F, 0xAB9BC912, 0xDE6008A1, 0x2028DA1F,
+	0x0227BCE7, 0x4D642916, 0x18FAC300, 0x50F18B82,
+	0x2CB2CB11, 0xB232E75C, 0x4B3695F2, 0xB28707DE,
+	0xA05FBCF6, 0xCD4181E9, 0xE150210C, 0xE24EF1BD,
+	0xB168C381, 0xFDE4E789, 0x5C79B0D8, 0x1E8BFD43,
+	0x4D495001, 0x38BE4341, 0x913CEE1D, 0x92A79C3F,
+	0x089766BE, 0xBAEEADF4, 0x1286BECF, 0xB6EACB19,
+	0x2660C200, 0x7565BDE4, 0x64241F7A, 0x8248DCA9,
+	0xC3B3AD66, 0x28136086, 0x0BD8DFA8, 0x356D1CF2,
+	0x107789BE, 0xB3B2E9CE, 0x0502AA8F, 0x0BC0351E,
+	0x166BF52A, 0xEB12FF82, 0xE3486911, 0xD34D7516,
+	0x4E7B3AFF, 0x5F43671B, 0x9CF6E037, 0x4981AC83,
+	0x334266CE, 0x8C9341B7, 0xD0D854C0, 0xCB3A6C88,
+	0x47BC2829, 0x4725BA37, 0xA66AD22B, 0x7AD61F1E,
+	0x0C5CBAFA, 0x4437F107, 0xB6E79962, 0x42D2D816,
+	0x0A961288, 0xE1A5C06E, 0x13749E67, 0x72FC081A,
+	0xB1D139F7, 0xF9583745, 0xCF19DF58, 0xBEC3F756,
+	0xC06EBA30, 0x07211B24, 0x45C28829, 0xC95E317F,
+	0xBC8EC511, 0x38BC46E9, 0xC6E6FA14, 0xBAE8584A,
+	0xAD4EBC46, 0x468F508B, 0x7829435F, 0xF124183B,
+	0x821DBA9F, 0xAFF60FF4, 0xEA2C4E6D, 0x16E39264,
+	0x92544A8B, 0x009B4FC3, 0xABA68CED, 0x9AC96F78,
+	0x06A5B79A, 0xB2856E6E, 0x1AEC3CA9, 0xBE838688,
+	0x0E0804E9, 0x55F1BE56, 0xE7E5363B, 0xB3A1F25D,
+	0xF7DEBB85, 0x61FE033C, 0x16746233, 0x3C034C28,
+	0xDA6D0C74, 0x79AAC56C, 0x3CE4E1AD, 0x51F0C802,
+	0x98F8F35A, 0x1626A49F, 0xEED82B29, 0x1D382FE3,
+	0x0C4FB99A, 0xBB325778, 0x3EC6D97B, 0x6E77A6A9,
+	0xCB658B5C, 0xD45230C7, 0x2BD1408B, 0x60C03EB7,
+	0xB9068D78, 0xA33754F4, 0xF430C87D, 0xC8A71302,
+	0xB96D8C32, 0xEBD4E7BE, 0xBE8B9D2D, 0x7979FB06,
+	0xE7225308, 0x8B75CF77, 0x11EF8DA4, 0xE083C858,
+	0x8D6B786F, 0x5A6317A6, 0xFA5CF7A0, 0x5DDA0033,
+	0xF28EBFB0, 0xF5B9C310, 0xA0EAC280, 0x08B9767A,
+	0xA3D9D2B0, 0x79D34217, 0x021A718D, 0x9AC6336A,
+	0x2711FD60, 0x438050E3, 0x069908A8, 0x3D7FEDC4,
+	0x826D2BEF, 0x4EEB8476, 0x488DCF25, 0x36C9D566,
+	0x28E74E41, 0xC2610ACA, 0x3D49A9CF, 0xBAE3B9DF,
+	0xB65F8DE6, 0x92AEAF64, 0x3AC7D5E6, 0x9EA80509,
+	0xF22B017D, 0xA4173F70, 0xDD1E16C3, 0x15E0D7F9,
+	0x50B1B887, 0x2B9F4FD5, 0x625ABA82, 0x6A017962,
+	0x2EC01B9C, 0x15488AA9, 0xD716E740, 0x40055A2C,
+	0x93D29A22, 0xE32DBF9A, 0x058745B9, 0x3453DC1E,
+	0xD699296E, 0x496CFF6F, 0x1C9F4986, 0xDFE2ED07,
+	0xB87242D1, 0x19DE7EAE, 0x053E561A, 0x15AD6F8C,
+	0x66626C1C, 0x7154C24C, 0xEA082B2A, 0x93EB2939,
+	0x17DCB0F0, 0x58D4F2AE, 0x9EA294FB, 0x52CF564C,
+	0x9883FE66, 0x2EC40581, 0x763953C3, 0x01D6692E,
+	0xD3A0C108, 0xA1E7160E, 0xE4F2DFA6, 0x693ED285,
+	0x74904698, 0x4C2B0EDD, 0x4F757656, 0x5D393378,
+	0xA132234F, 0x3D321C5D, 0xC3F5E194, 0x4B269301,
+	0xC79F022F, 0x3C997E7E, 0x5E4F9504, 0x3FFAFBBD,
+	0x76F7AD0E, 0x296693F4, 0x3D1FCE6F, 0xC61E45BE,
+	0xD3B5AB34, 0xF72BF9B7, 0x1B0434C0, 0x4E72B567,
+	0x5592A33D, 0xB5229301, 0xCFD2A87F, 0x60AEB767,
+	0x1814386B, 0x30BCC33D, 0x38A0C07D, 0xFD1606F2,
+	0xC363519B, 0x589DD390, 0x5479F8E6, 0x1CB8D647,
+	0x97FD61A9, 0xEA7759F4, 0x2D57539D, 0x569A58CF,
+	0xE84E63AD, 0x462E1B78, 0x6580F87E, 0xF3817914,
+	0x91DA55F4, 0x40A230F3, 0xD1988F35, 0xB6E318D2,
+	0x3FFA50BC, 0x3D40F021, 0xC3C0BDAE, 0x4958C24C,
+	0x518F36B2, 0x84B1D370, 0x0FEDCE83, 0x878DDADA,
+	0xF2A279C7, 0x94E01BE8, 0x90716F4B, 0x954B8AA3
+};
+
+static const u_int32_t cast_sbox8[256] = {
+	0xE216300D, 0xBBDDFFFC, 0xA7EBDABD, 0x35648095,
+	0x7789F8B7, 0xE6C1121B, 0x0E241600, 0x052CE8B5,
+	0x11A9CFB0, 0xE5952F11, 0xECE7990A, 0x9386D174,
+	0x2A42931C, 0x76E38111, 0xB12DEF3A, 0x37DDDDFC,
+	0xDE9ADEB1, 0x0A0CC32C, 0xBE197029, 0x84A00940,
+	0xBB243A0F, 0xB4D137CF, 0xB44E79F0, 0x049EEDFD,
+	0x0B15A15D, 0x480D3168, 0x8BBBDE5A, 0x669DED42,
+	0xC7ECE831, 0x3F8F95E7, 0x72DF191B, 0x7580330D,
+	0x94074251, 0x5C7DCDFA, 0xABBE6D63, 0xAA402164,
+	0xB301D40A, 0x02E7D1CA, 0x53571DAE, 0x7A3182A2,
+	0x12A8DDEC, 0xFDAA335D, 0x176F43E8, 0x71FB46D4,
+	0x38129022, 0xCE949AD4, 0xB84769AD, 0x965BD862,
+	0x82F3D055, 0x66FB9767, 0x15B80B4E, 0x1D5B47A0,
+	0x4CFDE06F, 0xC28EC4B8, 0x57E8726E, 0x647A78FC,
+	0x99865D44, 0x608BD593, 0x6C200E03, 0x39DC5FF6,
+	0x5D0B00A3, 0xAE63AFF2, 0x7E8BD632, 0x70108C0C,
+	0xBBD35049, 0x2998DF04, 0x980CF42A, 0x9B6DF491,
+	0x9E7EDD53, 0x06918548, 0x58CB7E07, 0x3B74EF2E,
+	0x522FFFB1, 0xD24708CC, 0x1C7E27CD, 0xA4EB215B,
+	0x3CF1D2E2, 0x19B47A38, 0x424F7618, 0x35856039,
+	0x9D17DEE7, 0x27EB35E6, 0xC9AFF67B, 0x36BAF5B8,
+	0x09C467CD, 0xC18910B1, 0xE11DBF7B, 0x06CD1AF8,
+	0x7170C608, 0x2D5E3354, 0xD4DE495A, 0x64C6D006,
+	0xBCC0C62C, 0x3DD00DB3, 0x708F8F34, 0x77D51B42,
+	0x264F620F, 0x24B8D2BF, 0x15C1B79E, 0x46A52564,
+	0xF8D7E54E, 0x3E378160, 0x7895CDA5, 0x859C15A5,
+	0xE6459788, 0xC37BC75F, 0xDB07BA0C, 0x0676A3AB,
+	0x7F229B1E, 0x31842E7B, 0x24259FD7, 0xF8BEF472,
+	0x835FFCB8, 0x6DF4C1F2, 0x96F5B195, 0xFD0AF0FC,
+	0xB0FE134C, 0xE2506D3D, 0x4F9B12EA, 0xF215F225,
+	0xA223736F, 0x9FB4C428, 0x25D04979, 0x34C713F8,
+	0xC4618187, 0xEA7A6E98, 0x7CD16EFC, 0x1436876C,
+	0xF1544107, 0xBEDEEE14, 0x56E9AF27, 0xA04AA441,
+	0x3CF7C899, 0x92ECBAE6, 0xDD67016D, 0x151682EB,
+	0xA842EEDF, 0xFDBA60B4, 0xF1907B75, 0x20E3030F,
+	0x24D8C29E, 0xE139673B, 0xEFA63FB8, 0x71873054,
+	0xB6F2CF3B, 0x9F326442, 0xCB15A4CC, 0xB01A4504,
+	0xF1E47D8D, 0x844A1BE5, 0xBAE7DFDC, 0x42CBDA70,
+	0xCD7DAE0A, 0x57E85B7A, 0xD53F5AF6, 0x20CF4D8C,
+	0xCEA4D428, 0x79D130A4, 0x3486EBFB, 0x33D3CDDC,
+	0x77853B53, 0x37EFFCB5, 0xC5068778, 0xE580B3E6,
+	0x4E68B8F4, 0xC5C8B37E, 0x0D809EA2, 0x398FEB7C,
+	0x132A4F94, 0x43B7950E, 0x2FEE7D1C, 0x223613BD,
+	0xDD06CAA2, 0x37DF932B, 0xC4248289, 0xACF3EBC3,
+	0x5715F6B7, 0xEF3478DD, 0xF267616F, 0xC148CBE4,
+	0x9052815E, 0x5E410FAB, 0xB48A2465, 0x2EDA7FA4,
+	0xE87B40E4, 0xE98EA084, 0x5889E9E1, 0xEFD390FC,
+	0xDD07D35B, 0xDB485694, 0x38D7E5B2, 0x57720101,
+	0x730EDEBC, 0x5B643113, 0x94917E4F, 0x503C2FBA,
+	0x646F1282, 0x7523D24A, 0xE0779695, 0xF9C17A8F,
+	0x7A5B2121, 0xD187B896, 0x29263A4D, 0xBA510CDF,
+	0x81F47C9F, 0xAD1163ED, 0xEA7B5965, 0x1A00726E,
+	0x11403092, 0x00DA6D77, 0x4A0CDD61, 0xAD1F4603,
+	0x605BDFB0, 0x9EEDC364, 0x22EBE6A8, 0xCEE7D28A,
+	0xA0E736A0, 0x5564A6B9, 0x10853209, 0xC7EB8F37,
+	0x2DE705CA, 0x8951570F, 0xDF09822B, 0xBD691A6C,
+	0xAA12E4F2, 0x87451C0F, 0xE0F6A27A, 0x3ADA4819,
+	0x4CF1764F, 0x0D771C2B, 0x67CDB156, 0x350D8384,
+	0x5938FA0F, 0x42399EF3, 0x36997B07, 0x0E84093D,
+	0x4AA93E61, 0x8360D87B, 0x1FA98B0C, 0x1149382C,
+	0xE97625A5, 0x0614D1B7, 0x0E25244B, 0x0C768347,
+	0x589E8D82, 0x0D2059D1, 0xA466BB1E, 0xF8DA0A82,
+	0x04F19130, 0xBA6E4EC0, 0x99265164, 0x1EE7230D,
+	0x50B2AD80, 0xEAEE6801, 0x8DB2A283, 0xEA8BF59E
+};
+

freebsd/opencrypto/criov.c

@@ -0,0 +1,200 @@
+#include <rtems/freebsd/machine/rtems-bsd-config.h>
+
+/*      $OpenBSD: criov.c,v 1.9 2002/01/29 15:48:29 jason Exp $	*/
+
+/*-
+ * Copyright (c) 1999 Theo de Raadt
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <rtems/freebsd/sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <rtems/freebsd/sys/param.h>
+#include <rtems/freebsd/sys/systm.h>
+#include <rtems/freebsd/sys/proc.h>
+#include <rtems/freebsd/sys/errno.h>
+#include <rtems/freebsd/sys/malloc.h>
+#include <rtems/freebsd/sys/kernel.h>
+#include <rtems/freebsd/sys/mbuf.h>
+#include <rtems/freebsd/sys/uio.h>
+
+#include <rtems/freebsd/opencrypto/cryptodev.h>
+
+/*
+ * This macro is only for avoiding code duplication, as we need to skip
+ * given number of bytes in the same way in three functions below.
+ */
+#define	CUIO_SKIP()	do {						\
+	KASSERT(off >= 0, ("%s: off %d < 0", __func__, off));		\
+	KASSERT(len >= 0, ("%s: len %d < 0", __func__, len));		\
+	while (off > 0) {						\
+		KASSERT(iol >= 0, ("%s: empty in skip", __func__));	\
+		if (off < iov->iov_len)					\
+			break;						\
+		off -= iov->iov_len;					\
+		iol--;							\
+		iov++;							\
+	}								\
+} while (0)
+
+void
+cuio_copydata(struct uio* uio, int off, int len, caddr_t cp)
+{
+	struct iovec *iov = uio->uio_iov;
+	int iol = uio->uio_iovcnt;
+	unsigned count;
+
+	CUIO_SKIP();
+	while (len > 0) {
+		KASSERT(iol >= 0, ("%s: empty", __func__));
+		count = min(iov->iov_len - off, len);
+		bcopy(((caddr_t)iov->iov_base) + off, cp, count);
+		len -= count;
+		cp += count;
+		off = 0;
+		iol--;
+		iov++;
+	}
+}
+
+void
+cuio_copyback(struct uio* uio, int off, int len, caddr_t cp)
+{
+	struct iovec *iov = uio->uio_iov;
+	int iol = uio->uio_iovcnt;
+	unsigned count;
+
+	CUIO_SKIP();
+	while (len > 0) {
+		KASSERT(iol >= 0, ("%s: empty", __func__));
+		count = min(iov->iov_len - off, len);
+		bcopy(cp, ((caddr_t)iov->iov_base) + off, count);
+		len -= count;
+		cp += count;
+		off = 0;
+		iol--;
+		iov++;
+	}
+}
+
+/*
+ * Return a pointer to iov/offset of location in iovec list.
+ */
+struct iovec *
+cuio_getptr(struct uio *uio, int loc, int *off)
+{
+	struct iovec *iov = uio->uio_iov;
+	int iol = uio->uio_iovcnt;
+
+	while (loc >= 0) {
+		/* Normal end of search */
+		if (loc < iov->iov_len) {
+	    		*off = loc;
+	    		return (iov);
+		}
+
+		loc -= iov->iov_len;
+		if (iol == 0) {
+			if (loc == 0) {
+				/* Point at the end of valid data */
+				*off = iov->iov_len;
+				return (iov);
+			} else
+				return (NULL);
+		} else {
+			iov++, iol--;
+		}
+    	}
+
+	return (NULL);
+}
+
+/*
+ * Apply function f to the data in an iovec list starting "off" bytes from
+ * the beginning, continuing for "len" bytes.
+ */
+int
+cuio_apply(struct uio *uio, int off, int len, int (*f)(void *, void *, u_int),
+    void *arg)
+{
+	struct iovec *iov = uio->uio_iov;
+	int iol = uio->uio_iovcnt;
+	unsigned count;
+	int rval;
+
+	CUIO_SKIP();
+	while (len > 0) {
+		KASSERT(iol >= 0, ("%s: empty", __func__));
+		count = min(iov->iov_len - off, len);
+		rval = (*f)(arg, ((caddr_t)iov->iov_base) + off, count);
+		if (rval)
+			return (rval);
+		len -= count;
+		off = 0;
+		iol--;
+		iov++;
+	}
+	return (0);
+}
+
+void
+crypto_copyback(int flags, caddr_t buf, int off, int size, caddr_t in)
+{
+
+	if ((flags & CRYPTO_F_IMBUF) != 0)
+		m_copyback((struct mbuf *)buf, off, size, in);
+	else if ((flags & CRYPTO_F_IOV) != 0)
+		cuio_copyback((struct uio *)buf, off, size, in);
+	else
+		bcopy(in, buf + off, size);
+}
+
+void
+crypto_copydata(int flags, caddr_t buf, int off, int size, caddr_t out)
+{
+
+	if ((flags & CRYPTO_F_IMBUF) != 0)
+		m_copydata((struct mbuf *)buf, off, size, out);
+	else if ((flags & CRYPTO_F_IOV) != 0)
+		cuio_copydata((struct uio *)buf, off, size, out);
+	else
+		bcopy(buf + off, out, size);
+}
+
+int
+crypto_apply(int flags, caddr_t buf, int off, int len,
+    int (*f)(void *, void *, u_int), void *arg)
+{
+	int error;
+
+	if ((flags & CRYPTO_F_IMBUF) != 0)
+		error = m_apply((struct mbuf *)buf, off, len, f, arg);
+	else if ((flags & CRYPTO_F_IOV) != 0)
+		error = cuio_apply((struct uio *)buf, off, len, f, arg);
+	else
+		error = (*f)(arg, buf + off, len);
+	return (error);
+}

freebsd/opencrypto/cryptodev.h

@@ -0,0 +1,432 @@
+/*	$FreeBSD$	*/
+/*	$OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $	*/
+
+/*-
+ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
+ * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting
+ *
+ * This code was written by Angelos D. Keromytis in Athens, Greece, in
+ * February 2000. Network Security Technologies Inc. (NSTI) kindly
+ * supported the development of this code.
+ *
+ * Copyright (c) 2000 Angelos D. Keromytis
+ *
+ * Permission to use, copy, and modify this software with or without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all source code copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ *
+ * Copyright (c) 2001 Theo de Raadt
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Effort sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F30602-01-2-0537.
+ *
+ */
+
+#ifndef _CRYPTO_CRYPTO_HH_
+#define _CRYPTO_CRYPTO_HH_
+
+#include <rtems/freebsd/sys/ioccom.h>
+
+/* Some initial values */
+#define CRYPTO_DRIVERS_INITIAL	4
+#define CRYPTO_SW_SESSIONS	32
+
+/* Hash values */
+#define	NULL_HASH_LEN		16
+#define	MD5_HASH_LEN		16
+#define	SHA1_HASH_LEN		20
+#define	RIPEMD160_HASH_LEN	20
+#define	SHA2_256_HASH_LEN	32
+#define	SHA2_384_HASH_LEN	48
+#define	SHA2_512_HASH_LEN	64
+#define	MD5_KPDK_HASH_LEN	16
+#define	SHA1_KPDK_HASH_LEN	20
+/* Maximum hash algorithm result length */
+#define	HASH_MAX_LEN		SHA2_512_HASH_LEN /* Keep this updated */
+
+/* HMAC values */
+#define	NULL_HMAC_BLOCK_LEN		64
+#define	MD5_HMAC_BLOCK_LEN		64
+#define	SHA1_HMAC_BLOCK_LEN		64
+#define	RIPEMD160_HMAC_BLOCK_LEN	64
+#define	SHA2_256_HMAC_BLOCK_LEN		64
+#define	SHA2_384_HMAC_BLOCK_LEN		128
+#define	SHA2_512_HMAC_BLOCK_LEN		128
+/* Maximum HMAC block length */
+#define	HMAC_MAX_BLOCK_LEN		SHA2_512_HMAC_BLOCK_LEN /* Keep this updated */
+#define	HMAC_IPAD_VAL			0x36
+#define	HMAC_OPAD_VAL			0x5C
+
+/* Encryption algorithm block sizes */
+#define NULL_BLOCK_LEN		4
+#define DES_BLOCK_LEN		8
+#define DES3_BLOCK_LEN		8
+#define BLOWFISH_BLOCK_LEN	8
+#define SKIPJACK_BLOCK_LEN	8
+#define CAST128_BLOCK_LEN	8
+#define RIJNDAEL128_BLOCK_LEN	16
+#define AES_BLOCK_LEN		RIJNDAEL128_BLOCK_LEN
+#define CAMELLIA_BLOCK_LEN	16
+#define EALG_MAX_BLOCK_LEN	AES_BLOCK_LEN /* Keep this updated */
+
+#define	CRYPTO_ALGORITHM_MIN	1
+#define CRYPTO_DES_CBC		1
+#define CRYPTO_3DES_CBC		2
+#define CRYPTO_BLF_CBC		3
+#define CRYPTO_CAST_CBC		4
+#define CRYPTO_SKIPJACK_CBC	5
+#define CRYPTO_MD5_HMAC		6
+#define CRYPTO_SHA1_HMAC	7
+#define CRYPTO_RIPEMD160_HMAC	8
+#define CRYPTO_MD5_KPDK		9
+#define CRYPTO_SHA1_KPDK	10
+#define CRYPTO_RIJNDAEL128_CBC	11 /* 128 bit blocksize */
+#define CRYPTO_AES_CBC		11 /* 128 bit blocksize -- the same as above */
+#define CRYPTO_ARC4		12
+#define	CRYPTO_MD5		13
+#define	CRYPTO_SHA1		14
+#define	CRYPTO_NULL_HMAC	15
+#define	CRYPTO_NULL_CBC		16
+#define	CRYPTO_DEFLATE_COMP	17 /* Deflate compression algorithm */
+#define	CRYPTO_SHA2_256_HMAC	18
+#define	CRYPTO_SHA2_384_HMAC	19
+#define	CRYPTO_SHA2_512_HMAC	20
+#define CRYPTO_CAMELLIA_CBC	21
+#define	CRYPTO_AES_XTS		22
+#define	CRYPTO_ALGORITHM_MAX	22 /* Keep updated - see below */
+
+/* Algorithm flags */
+#define	CRYPTO_ALG_FLAG_SUPPORTED	0x01 /* Algorithm is supported */
+#define	CRYPTO_ALG_FLAG_RNG_ENABLE	0x02 /* Has HW RNG for DH/DSA */
+#define	CRYPTO_ALG_FLAG_DSA_SHA		0x04 /* Can do SHA on msg */
+
+/*
+ * Crypto driver/device flags.  They can set in the crid
+ * parameter when creating a session or submitting a key
+ * op to affect the device/driver assigned.  If neither
+ * of these are specified then the crid is assumed to hold
+ * the driver id of an existing (and suitable) device that
+ * must be used to satisfy the request.
+ */
+#define CRYPTO_FLAG_HARDWARE	0x01000000	/* hardware accelerated */
+#define CRYPTO_FLAG_SOFTWARE	0x02000000	/* software implementation */
+
+/* NB: deprecated */
+struct session_op {
+	u_int32_t	cipher;		/* ie. CRYPTO_DES_CBC */
+	u_int32_t	mac;		/* ie. CRYPTO_MD5_HMAC */
+
+	u_int32_t	keylen;		/* cipher key */
+	caddr_t		key;
+	int		mackeylen;	/* mac key */
+	caddr_t		mackey;
+
+  	u_int32_t	ses;		/* returns: session # */ 
+};
+
+struct session2_op {
+	u_int32_t	cipher;		/* ie. CRYPTO_DES_CBC */
+	u_int32_t	mac;		/* ie. CRYPTO_MD5_HMAC */
+
+	u_int32_t	keylen;		/* cipher key */
+	caddr_t		key;
+	int		mackeylen;	/* mac key */
+	caddr_t		mackey;
+
+  	u_int32_t	ses;		/* returns: session # */ 
+	int		crid;		/* driver id + flags (rw) */
+	int		pad[4];		/* for future expansion */
+};
+
+struct crypt_op {
+	u_int32_t	ses;
+	u_int16_t	op;		/* i.e. COP_ENCRYPT */
+#define COP_ENCRYPT	1
+#define COP_DECRYPT	2
+	u_int16_t	flags;
+#define	COP_F_BATCH	0x0008		/* Batch op if possible */
+	u_int		len;
+	caddr_t		src, dst;	/* become iov[] inside kernel */
+	caddr_t		mac;		/* must be big enough for chosen MAC */
+	caddr_t		iv;
+};
+
+/*
+ * Parameters for looking up a crypto driver/device by
+ * device name or by id.  The latter are returned for
+ * created sessions (crid) and completed key operations.
+ */
+struct crypt_find_op {
+	int		crid;		/* driver id + flags */
+	char		name[32];	/* device/driver name */
+};
+
+/* bignum parameter, in packed bytes, ... */
+struct crparam {
+	caddr_t		crp_p;
+	u_int		crp_nbits;
+};
+
+#define CRK_MAXPARAM	8
+
+struct crypt_kop {
+	u_int		crk_op;		/* ie. CRK_MOD_EXP or other */
+	u_int		crk_status;	/* return status */
+	u_short		crk_iparams;	/* # of input parameters */
+	u_short		crk_oparams;	/* # of output parameters */
+	u_int		crk_crid;	/* NB: only used by CIOCKEY2 (rw) */
+	struct crparam	crk_param[CRK_MAXPARAM];
+};
+#define	CRK_ALGORITM_MIN	0
+#define CRK_MOD_EXP		0
+#define CRK_MOD_EXP_CRT		1
+#define CRK_DSA_SIGN		2
+#define CRK_DSA_VERIFY		3
+#define CRK_DH_COMPUTE_KEY	4
+#define CRK_ALGORITHM_MAX	4 /* Keep updated - see below */
+
+#define CRF_MOD_EXP		(1 << CRK_MOD_EXP)
+#define CRF_MOD_EXP_CRT		(1 << CRK_MOD_EXP_CRT)
+#define CRF_DSA_SIGN		(1 << CRK_DSA_SIGN)
+#define CRF_DSA_VERIFY		(1 << CRK_DSA_VERIFY)
+#define CRF_DH_COMPUTE_KEY	(1 << CRK_DH_COMPUTE_KEY)
+
+/*
+ * done against open of /dev/crypto, to get a cloned descriptor.
+ * Please use F_SETFD against the cloned descriptor.
+ */
+#define	CRIOGET		_IOWR('c', 100, u_int32_t)
+#define	CRIOASYMFEAT	CIOCASYMFEAT
+#define	CRIOFINDDEV	CIOCFINDDEV
+
+/* the following are done against the cloned descriptor */
+#define	CIOCGSESSION	_IOWR('c', 101, struct session_op)
+#define	CIOCFSESSION	_IOW('c', 102, u_int32_t)
+#define CIOCCRYPT	_IOWR('c', 103, struct crypt_op)
+#define CIOCKEY		_IOWR('c', 104, struct crypt_kop)
+#define CIOCASYMFEAT	_IOR('c', 105, u_int32_t)
+#define	CIOCGSESSION2	_IOWR('c', 106, struct session2_op)
+#define	CIOCKEY2	_IOWR('c', 107, struct crypt_kop)
+#define	CIOCFINDDEV	_IOWR('c', 108, struct crypt_find_op)
+
+struct cryptotstat {
+	struct timespec	acc;		/* total accumulated time */
+	struct timespec	min;		/* min time */
+	struct timespec	max;		/* max time */
+	u_int32_t	count;		/* number of observations */
+};
+
+struct cryptostats {
+	u_int32_t	cs_ops;		/* symmetric crypto ops submitted */
+	u_int32_t	cs_errs;	/* symmetric crypto ops that failed */
+	u_int32_t	cs_kops;	/* asymetric/key ops submitted */
+	u_int32_t	cs_kerrs;	/* asymetric/key ops that failed */
+	u_int32_t	cs_intrs;	/* crypto swi thread activations */
+	u_int32_t	cs_rets;	/* crypto return thread activations */
+	u_int32_t	cs_blocks;	/* symmetric op driver block */
+	u_int32_t	cs_kblocks;	/* symmetric op driver block */
+	/*
+	 * When CRYPTO_TIMING is defined at compile time and the
+	 * sysctl debug.crypto is set to 1, the crypto system will
+	 * accumulate statistics about how long it takes to process
+	 * crypto requests at various points during processing.
+	 */
+	struct cryptotstat cs_invoke;	/* crypto_dipsatch -> crypto_invoke */
+	struct cryptotstat cs_done;	/* crypto_invoke -> crypto_done */
+	struct cryptotstat cs_cb;	/* crypto_done -> callback */
+	struct cryptotstat cs_finis;	/* callback -> callback return */
+};
+
+#ifdef _KERNEL
+/* Standard initialization structure beginning */
+struct cryptoini {
+	int		cri_alg;	/* Algorithm to use */
+	int		cri_klen;	/* Key length, in bits */
+	int		cri_mlen;	/* Number of bytes we want from the
+					   entire hash. 0 means all. */
+	caddr_t		cri_key;	/* key to use */
+	u_int8_t	cri_iv[EALG_MAX_BLOCK_LEN];	/* IV to use */
+	struct cryptoini *cri_next;
+};
+
+/* Describe boundaries of a single crypto operation */
+struct cryptodesc {
+	int		crd_skip;	/* How many bytes to ignore from start */
+	int		crd_len;	/* How many bytes to process */
+	int		crd_inject;	/* Where to inject results, if applicable */
+	int		crd_flags;
+
+#define	CRD_F_ENCRYPT		0x01	/* Set when doing encryption */
+#define	CRD_F_IV_PRESENT	0x02	/* When encrypting, IV is already in
+					   place, so don't copy. */
+#define	CRD_F_IV_EXPLICIT	0x04	/* IV explicitly provided */
+#define	CRD_F_DSA_SHA_NEEDED	0x08	/* Compute SHA-1 of buffer for DSA */
+#define	CRD_F_KEY_EXPLICIT	0x10	/* Key explicitly provided */
+#define CRD_F_COMP		0x0f    /* Set when doing compression */
+
+	struct cryptoini	CRD_INI; /* Initialization/context data */
+#define crd_iv		CRD_INI.cri_iv
+#define crd_key		CRD_INI.cri_key
+#define crd_alg		CRD_INI.cri_alg
+#define crd_klen	CRD_INI.cri_klen
+
+	struct cryptodesc *crd_next;
+};
+
+/* Structure describing complete operation */
+struct cryptop {
+	TAILQ_ENTRY(cryptop) crp_next;
+
+	u_int64_t	crp_sid;	/* Session ID */
+	int		crp_ilen;	/* Input data total length */
+	int		crp_olen;	/* Result total length */
+
+	int		crp_etype;	/*
+					 * Error type (zero means no error).
+					 * All error codes except EAGAIN
+					 * indicate possible data corruption (as in,
+					 * the data have been touched). On all
+					 * errors, the crp_sid may have changed
+					 * (reset to a new one), so the caller
+					 * should always check and use the new
+					 * value on future requests.
+					 */
+	int		crp_flags;
+
+#define CRYPTO_F_IMBUF		0x0001	/* Input/output are mbuf chains */
+#define CRYPTO_F_IOV		0x0002	/* Input/output are uio */
+#define CRYPTO_F_REL		0x0004	/* Must return data in same place */
+#define	CRYPTO_F_BATCH		0x0008	/* Batch op if possible */
+#define	CRYPTO_F_CBIMM		0x0010	/* Do callback immediately */
+#define	CRYPTO_F_DONE		0x0020	/* Operation completed */
+#define	CRYPTO_F_CBIFSYNC	0x0040	/* Do CBIMM if op is synchronous */
+
+	caddr_t		crp_buf;	/* Data to be processed */
+	caddr_t		crp_opaque;	/* Opaque pointer, passed along */
+	struct cryptodesc *crp_desc;	/* Linked list of processing descriptors */
+
+	int (*crp_callback)(struct cryptop *); /* Callback function */
+
+	struct bintime	crp_tstamp;	/* performance time stamp */
+};
+
+#define CRYPTO_BUF_CONTIG	0x0
+#define CRYPTO_BUF_IOV		0x1
+#define CRYPTO_BUF_MBUF		0x2
+
+#define CRYPTO_OP_DECRYPT	0x0
+#define CRYPTO_OP_ENCRYPT	0x1
+
+/*
+ * Hints passed to process methods.
+ */
+#define	CRYPTO_HINT_MORE	0x1	/* more ops coming shortly */
+
+struct cryptkop {
+	TAILQ_ENTRY(cryptkop) krp_next;
+
+	u_int		krp_op;		/* ie. CRK_MOD_EXP or other */
+	u_int		krp_status;	/* return status */
+	u_short		krp_iparams;	/* # of input parameters */
+	u_short		krp_oparams;	/* # of output parameters */
+	u_int		krp_crid;	/* desired device, etc. */
+	u_int32_t	krp_hid;
+	struct crparam	krp_param[CRK_MAXPARAM];	/* kvm */
+	int		(*krp_callback)(struct cryptkop *);
+};
+
+/*
+ * Session ids are 64 bits.  The lower 32 bits contain a "local id" which
+ * is a driver-private session identifier.  The upper 32 bits contain a
+ * "hardware id" used by the core crypto code to identify the driver and
+ * a copy of the driver's capabilities that can be used by client code to
+ * optimize operation.
+ */
+#define	CRYPTO_SESID2HID(_sid)	(((_sid) >> 32) & 0x00ffffff)
+#define	CRYPTO_SESID2CAPS(_sid)	(((_sid) >> 32) & 0xff000000)
+#define	CRYPTO_SESID2LID(_sid)	(((u_int32_t) (_sid)) & 0xffffffff)
+
+MALLOC_DECLARE(M_CRYPTO_DATA);
+
+extern	int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard);
+extern	int crypto_freesession(u_int64_t sid);
+#define CRYPTOCAP_F_HARDWARE	CRYPTO_FLAG_HARDWARE
+#define CRYPTOCAP_F_SOFTWARE	CRYPTO_FLAG_SOFTWARE
+#define CRYPTOCAP_F_SYNC	0x04000000	/* operates synchronously */
+extern	int32_t crypto_get_driverid(device_t dev, int flags);
+extern	int crypto_find_driver(const char *);
+extern	device_t crypto_find_device_byhid(int hid);
+extern	int crypto_getcaps(int hid);
+extern	int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen,
+	    u_int32_t flags);
+extern	int crypto_kregister(u_int32_t, int, u_int32_t);
+extern	int crypto_unregister(u_int32_t driverid, int alg);
+extern	int crypto_unregister_all(u_int32_t driverid);
+extern	int crypto_dispatch(struct cryptop *crp);
+extern	int crypto_kdispatch(struct cryptkop *);
+#define	CRYPTO_SYMQ	0x1
+#define	CRYPTO_ASYMQ	0x2
+extern	int crypto_unblock(u_int32_t, int);
+extern	void crypto_done(struct cryptop *crp);
+extern	void crypto_kdone(struct cryptkop *);
+extern	int crypto_getfeat(int *);
+
+extern	void crypto_freereq(struct cryptop *crp);
+extern	struct cryptop *crypto_getreq(int num);
+
+extern	int crypto_usercrypto;		/* userland may do crypto requests */
+extern	int crypto_userasymcrypto;	/* userland may do asym crypto reqs */
+extern	int crypto_devallowsoft;	/* only use hardware crypto */
+
+/*
+ * Crypto-related utility routines used mainly by drivers.
+ *
+ * XXX these don't really belong here; but for now they're
+ *     kept apart from the rest of the system.
+ */
+struct uio;
+extern	void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp);
+extern	void cuio_copyback(struct uio* uio, int off, int len, caddr_t cp);
+extern	struct iovec *cuio_getptr(struct uio *uio, int loc, int *off);
+extern	int cuio_apply(struct uio *uio, int off, int len,
+	    int (*f)(void *, void *, u_int), void *arg);
+
+extern	void crypto_copyback(int flags, caddr_t buf, int off, int size,
+	    caddr_t in);
+extern	void crypto_copydata(int flags, caddr_t buf, int off, int size,
+	    caddr_t out);
+extern	int crypto_apply(int flags, caddr_t buf, int off, int len,
+	    int (*f)(void *, void *, u_int), void *arg);
+#endif /* _KERNEL */
+#endif /* _CRYPTO_CRYPTO_HH_ */

freebsd/opencrypto/cryptosoft.h

@@ -0,0 +1,67 @@
+/*	$FreeBSD$	*/
+/*	$OpenBSD: cryptosoft.h,v 1.10 2002/04/22 23:10:09 deraadt Exp $	*/
+
+/*-
+ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
+ *
+ * This code was written by Angelos D. Keromytis in Athens, Greece, in
+ * February 2000. Network Security Technologies Inc. (NSTI) kindly
+ * supported the development of this code.
+ *
+ * Copyright (c) 2000 Angelos D. Keromytis
+ *
+ * Permission to use, copy, and modify this software with or without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all source code copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#ifndef _CRYPTO_CRYPTOSOFT_HH_
+#define _CRYPTO_CRYPTOSOFT_HH_
+
+/* Software session entry */
+struct swcr_data {
+	int		sw_alg;		/* Algorithm */
+	union {
+		struct {
+			u_int8_t	 *SW_ictx;
+			u_int8_t	 *SW_octx;
+			u_int16_t	 SW_klen;
+			u_int16_t	 SW_mlen;
+			struct auth_hash *SW_axf;
+		} SWCR_AUTH;
+		struct {
+			u_int8_t	 *SW_kschedule;
+			struct enc_xform *SW_exf;
+		} SWCR_ENC;
+		struct {
+			u_int32_t	 SW_size;
+			struct comp_algo *SW_cxf;
+		} SWCR_COMP;
+	} SWCR_UN;
+
+#define sw_ictx		SWCR_UN.SWCR_AUTH.SW_ictx
+#define sw_octx		SWCR_UN.SWCR_AUTH.SW_octx
+#define sw_klen		SWCR_UN.SWCR_AUTH.SW_klen
+#define sw_mlen		SWCR_UN.SWCR_AUTH.SW_mlen
+#define sw_axf		SWCR_UN.SWCR_AUTH.SW_axf
+#define sw_kschedule	SWCR_UN.SWCR_ENC.SW_kschedule
+#define sw_exf		SWCR_UN.SWCR_ENC.SW_exf
+#define sw_size		SWCR_UN.SWCR_COMP.SW_size
+#define sw_cxf		SWCR_UN.SWCR_COMP.SW_cxf
+
+	struct swcr_data *sw_next;
+};
+
+#ifdef _KERNEL
+extern u_int8_t hmac_ipad_buffer[];
+extern u_int8_t hmac_opad_buffer[];
+#endif /* _KERNEL */
+
+#endif /* _CRYPTO_CRYPTO_HH_ */

freebsd/opencrypto/deflate.c

@@ -0,0 +1,267 @@
+#include <rtems/freebsd/machine/rtems-bsd-config.h>
+
+/* $OpenBSD: deflate.c,v 1.3 2001/08/20 02:45:22 hugh Exp $ */
+
+/*-
+ * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file contains a wrapper around the deflate algo compression
+ * functions using the zlib library (see net/zlib.{c,h})
+ */
+
+#include <rtems/freebsd/sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <rtems/freebsd/local/opt_kdtrace.h>
+
+#include <rtems/freebsd/sys/types.h>
+#include <rtems/freebsd/sys/param.h>
+#include <rtems/freebsd/sys/malloc.h>
+#include <rtems/freebsd/sys/param.h>
+#include <rtems/freebsd/sys/kernel.h>
+#include <rtems/freebsd/sys/sdt.h>
+#include <rtems/freebsd/sys/systm.h>
+#include <rtems/freebsd/net/zlib.h>
+
+#include <rtems/freebsd/opencrypto/cryptodev.h>
+#include <rtems/freebsd/opencrypto/deflate.h>
+
+SDT_PROVIDER_DECLARE(opencrypto);
+SDT_PROBE_DEFINE2(opencrypto, deflate, deflate_global, entry,
+    "int", "u_int32_t");
+SDT_PROBE_DEFINE5(opencrypto, deflate, deflate_global, bad,
+    "int", "int", "int", "int", "int");
+SDT_PROBE_DEFINE5(opencrypto, deflate, deflate_global, iter,
+    "int", "int", "int", "int", "int");
+SDT_PROBE_DEFINE2(opencrypto, deflate, deflate_global, return,
+    "int", "u_int32_t");
+
+int window_inflate = -1 * MAX_WBITS;
+int window_deflate = -12;
+
+/*
+ * This function takes a block of data and (de)compress it using the deflate
+ * algorithm
+ */
+
+u_int32_t
+deflate_global(data, size, decomp, out)
+	u_int8_t *data;
+	u_int32_t size;
+	int decomp;
+	u_int8_t **out;
+{
+	/* decomp indicates whether we compress (0) or decompress (1) */
+
+	z_stream zbuf;
+	u_int8_t *output;
+	u_int32_t count, result;
+	int error, i;
+	struct deflate_buf *bufh, *bufp;
+
+	SDT_PROBE2(opencrypto, deflate, deflate_global, entry, decomp, size);
+
+	bufh = bufp = NULL;
+	if (!decomp) {
+		i = 1;
+	} else {
+		/*
+	 	 * Choose a buffer with 4x the size of the input buffer
+	 	 * for the size of the output buffer in the case of
+	 	 * decompression. If it's not sufficient, it will need to be
+	 	 * updated while the decompression is going on.
+	 	 */
+		i = 4;
+	}
+	/*
+	 * Make sure we do have enough output space.  Repeated calls to
+	 * deflate need at least 6 bytes of output buffer space to avoid
+	 * repeated markers.  We will always provide at least 16 bytes.
+	 */
+	while ((size * i) < 16)
+		i++;
+
+	bufh = bufp = malloc(sizeof(*bufp) + (size_t)(size * i),
+	    M_CRYPTO_DATA, M_NOWAIT);
+	if (bufp == NULL) {
+		SDT_PROBE3(opencrypto, deflate, deflate_global, bad,
+		    decomp, 0, __LINE__);
+		goto bad2;
+	}
+	bufp->next = NULL;
+	bufp->size = size * i;
+
+	bzero(&zbuf, sizeof(z_stream));
+	zbuf.zalloc = z_alloc;
+	zbuf.zfree = z_free;
+	zbuf.opaque = Z_NULL;
+	zbuf.next_in = data;	/* Data that is going to be processed. */
+	zbuf.avail_in = size;	/* Total length of data to be processed. */
+	zbuf.next_out = bufp->data;
+	zbuf.avail_out = bufp->size;
+
+	error = decomp ? inflateInit2(&zbuf, window_inflate) :
+	    deflateInit2(&zbuf, Z_DEFAULT_COMPRESSION, Z_METHOD,
+		    window_deflate, Z_MEMLEVEL, Z_DEFAULT_STRATEGY);
+	if (error != Z_OK) {
+		SDT_PROBE3(opencrypto, deflate, deflate_global, bad,
+		    decomp, error, __LINE__);
+		goto bad;
+	}
+
+	for (;;) {
+		error = decomp ? inflate(&zbuf, Z_SYNC_FLUSH) :
+				 deflate(&zbuf, Z_FINISH);
+		if (error != Z_OK && error != Z_STREAM_END) {
+			/*
+			 * Unfortunately we are limited to 5 arguments,
+			 * thus use two probes.
+			 */
+			SDT_PROBE5(opencrypto, deflate, deflate_global, bad,
+			    decomp, error, __LINE__,
+			    zbuf.avail_in, zbuf.avail_out);
+			SDT_PROBE5(opencrypto, deflate, deflate_global, bad,
+			    decomp, error, __LINE__,
+			    zbuf.state->dummy, zbuf.total_out);
+			goto bad;
+		}
+		SDT_PROBE5(opencrypto, deflate, deflate_global, iter,
+		    decomp, error, __LINE__,
+		    zbuf.avail_in, zbuf.avail_out);
+		SDT_PROBE5(opencrypto, deflate, deflate_global, iter,
+		    decomp, error, __LINE__,
+		    zbuf.state->dummy, zbuf.total_out);
+		if (decomp && zbuf.avail_in == 0 && error == Z_STREAM_END) {
+			/* Done. */
+			break;
+		} else if (!decomp && error == Z_STREAM_END) {
+			/* Done. */
+			break;
+		} else if (zbuf.avail_out == 0) {
+			struct deflate_buf *p;
+
+			/* We need more output space for another iteration. */
+			p = malloc(sizeof(*p) + (size_t)(size * i),
+			    M_CRYPTO_DATA, M_NOWAIT);
+			if (p == NULL) {
+				SDT_PROBE3(opencrypto, deflate, deflate_global,
+				    bad, decomp, 0, __LINE__);
+				goto bad;
+			}
+			p->next = NULL;
+			p->size = size * i;
+			bufp->next = p;
+			bufp = p;
+			zbuf.next_out = bufp->data;
+			zbuf.avail_out = bufp->size;
+		} else {
+			/* Unexpect result. */
+			/*
+			 * Unfortunately we are limited to 5 arguments,
+			 * thus, again, use two probes.
+			 */
+			SDT_PROBE5(opencrypto, deflate, deflate_global, bad,
+			    decomp, error, __LINE__,
+			    zbuf.avail_in, zbuf.avail_out);
+			SDT_PROBE5(opencrypto, deflate, deflate_global, bad,
+			    decomp, error, __LINE__,
+			    zbuf.state->dummy, zbuf.total_out);
+			goto bad;
+		}
+	}
+
+	result = count = zbuf.total_out;
+
+	*out = malloc(result, M_CRYPTO_DATA, M_NOWAIT);
+	if (*out == NULL) {
+		SDT_PROBE3(opencrypto, deflate, deflate_global, bad,
+		    decomp, 0, __LINE__);
+		goto bad;
+	}
+	if (decomp)
+		inflateEnd(&zbuf);
+	else
+		deflateEnd(&zbuf);
+	output = *out;
+	for (bufp = bufh; bufp != NULL; ) {
+		if (count > bufp->size) {
+			struct deflate_buf *p;
+
+			bcopy(bufp->data, *out, bufp->size);
+			*out += bufp->size;
+			count -= bufp->size;
+			p = bufp;
+			bufp = bufp->next;
+			free(p, M_CRYPTO_DATA);
+		} else {
+			/* It should be the last buffer. */
+			bcopy(bufp->data, *out, count);
+			*out += count;
+			free(bufp, M_CRYPTO_DATA);
+			bufp = NULL;
+			count = 0;
+		}
+	}
+	*out = output;
+	SDT_PROBE2(opencrypto, deflate, deflate_global, return, decomp, result);
+	return result;
+
+bad:
+	if (decomp)
+		inflateEnd(&zbuf);
+	else
+		deflateEnd(&zbuf);
+	for (bufp = bufh; bufp != NULL; ) {
+		struct deflate_buf *p;
+
+		p = bufp;
+		bufp = bufp->next;
+		free(p, M_CRYPTO_DATA);
+	}
+bad2:
+	*out = NULL;
+	return 0;
+}
+
+void *
+z_alloc(nil, type, size)
+	void *nil;
+	u_int type, size;
+{
+	void *ptr;
+
+	ptr = malloc(type *size, M_CRYPTO_DATA, M_NOWAIT);
+	return ptr;
+}
+
+void
+z_free(nil, ptr)
+	void *nil, *ptr;
+{
+	free(ptr, M_CRYPTO_DATA);
+}

freebsd/opencrypto/deflate.h

@@ -0,0 +1,60 @@
+/*	$FreeBSD$	*/
+/* $OpenBSD: deflate.h,v 1.3 2002/03/14 01:26:51 millert Exp $ */
+
+/*-
+ * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org)
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Definition for the wrapper around the deflate compression 
+ * algorithm used in /sys/crypto
+ */
+
+#ifndef _CRYPTO_DEFLATE_HH_
+#define _CRYPTO_DEFLATE_HH_
+
+#include <rtems/freebsd/net/zlib.h>
+
+#define Z_METHOD	8
+#define Z_MEMLEVEL	8
+#define MINCOMP		2	/* won't be used, but must be defined */
+#define ZBUF		10
+
+u_int32_t deflate_global(u_int8_t *, u_int32_t, int, u_int8_t **);
+void *z_alloc(void *, u_int, u_int);
+void z_free(void *, void *);
+
+/*
+ * We are going to use a combined allocation to hold the metadata
+ * from the struct immediately followed by the real application data.
+ */
+struct deflate_buf {
+	struct deflate_buf *next;
+	uint32_t size;
+	uint8_t data[];
+};
+
+#endif /* _CRYPTO_DEFLATE_HH_ */

freebsd/opencrypto/rmd160.c

@@ -0,0 +1,369 @@
+#include <rtems/freebsd/machine/rtems-bsd-config.h>
+
+/*	$OpenBSD: rmd160.c,v 1.3 2001/09/26 21:40:13 markus Exp $	*/
+/*-
+ * Copyright (c) 2001 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Preneel, Bosselaers, Dobbertin, "The Cryptographic Hash Function RIPEMD-160",
+ * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997,
+ * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
+ */
+
+#include <rtems/freebsd/sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <rtems/freebsd/sys/param.h>
+#include <rtems/freebsd/sys/systm.h>
+#include <rtems/freebsd/sys/endian.h>
+#include <rtems/freebsd/opencrypto/rmd160.h>
+
+#define PUT_64BIT_LE(cp, value) do { \
+	(cp)[7] = (value) >> 56; \
+	(cp)[6] = (value) >> 48; \
+	(cp)[5] = (value) >> 40; \
+	(cp)[4] = (value) >> 32; \
+	(cp)[3] = (value) >> 24; \
+	(cp)[2] = (value) >> 16; \
+	(cp)[1] = (value) >> 8; \
+	(cp)[0] = (value); } while (0)
+
+#define PUT_32BIT_LE(cp, value) do { \
+	(cp)[3] = (value) >> 24; \
+	(cp)[2] = (value) >> 16; \
+	(cp)[1] = (value) >> 8; \
+	(cp)[0] = (value); } while (0)
+
+#define	H0	0x67452301U
+#define	H1	0xEFCDAB89U
+#define	H2	0x98BADCFEU
+#define	H3	0x10325476U
+#define	H4	0xC3D2E1F0U
+
+#define	K0	0x00000000U
+#define	K1	0x5A827999U
+#define	K2	0x6ED9EBA1U
+#define	K3	0x8F1BBCDCU
+#define	K4	0xA953FD4EU
+
+#define	KK0	0x50A28BE6U
+#define	KK1	0x5C4DD124U
+#define	KK2	0x6D703EF3U
+#define	KK3	0x7A6D76E9U
+#define	KK4	0x00000000U
+
+/* rotate x left n bits.  */
+#define ROL(n, x) (((x) << (n)) | ((x) >> (32-(n))))
+
+#define F0(x, y, z) ((x) ^ (y) ^ (z))
+#define F1(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define F2(x, y, z) (((x) | (~y)) ^ (z))
+#define F3(x, y, z) (((x) & (z)) | ((y) & (~z)))
+#define F4(x, y, z) ((x) ^ ((y) | (~z)))
+
+#define R(a, b, c, d, e, Fj, Kj, sj, rj) \
+	do { \
+		a = ROL(sj, a + Fj(b,c,d) + X(rj) + Kj) + e; \
+		c = ROL(10, c); \
+	} while(0)
+
+#define X(i)	x[i]
+
+static u_char PADDING[64] = {
+	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+void
+RMD160Init(RMD160_CTX *ctx)
+{
+	ctx->count = 0;
+	ctx->state[0] = H0;
+	ctx->state[1] = H1;
+	ctx->state[2] = H2;
+	ctx->state[3] = H3;
+	ctx->state[4] = H4;
+}
+
+void
+RMD160Update(RMD160_CTX *ctx, const u_char *input, u_int32_t len)
+{
+	u_int32_t have, off, need;
+
+	have = (ctx->count/8) % 64;
+	need = 64 - have;
+	ctx->count += 8 * len;
+	off = 0;
+
+	if (len >= need) {
+		if (have) {
+			memcpy(ctx->buffer + have, input, need);
+			RMD160Transform(ctx->state, ctx->buffer);
+			off = need;
+			have = 0;
+		}
+		/* now the buffer is empty */
+		while (off + 64 <= len) {
+			RMD160Transform(ctx->state, input+off);
+			off += 64;
+		}
+	}
+	if (off < len)
+		memcpy(ctx->buffer + have, input+off, len-off);
+}
+
+void
+RMD160Final(u_char digest[20], RMD160_CTX *ctx)
+{
+	int i;
+	u_char size[8];
+	u_int32_t padlen;
+
+	PUT_64BIT_LE(size, ctx->count);
+
+	/*
+	 * pad to 64 byte blocks, at least one byte from PADDING plus 8 bytes
+	 * for the size
+	 */
+	padlen = 64 - ((ctx->count/8) % 64);
+	if (padlen < 1 + 8)
+		padlen += 64;
+	RMD160Update(ctx, PADDING, padlen - 8);		/* padlen - 8 <= 64 */
+	RMD160Update(ctx, size, 8);
+
+	if (digest != NULL)
+		for (i = 0; i < 5; i++)
+			PUT_32BIT_LE(digest + i*4, ctx->state[i]);
+
+	memset(ctx, 0, sizeof (*ctx));
+}
+
+void
+RMD160Transform(u_int32_t state[5], const u_char block[64])
+{
+	u_int32_t a, b, c, d, e, aa, bb, cc, dd, ee, t, x[16];
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+	memcpy(x, block, 64);
+#else
+	int i;
+
+	for (i = 0; i < 16; i++)
+		x[i] = bswap32(*(const u_int32_t*)(block+i*4));
+#endif
+
+	a = state[0];
+	b = state[1];
+	c = state[2];
+	d = state[3];
+	e = state[4];
+
+	/* Round 1 */
+	R(a, b, c, d, e, F0, K0, 11,  0);
+	R(e, a, b, c, d, F0, K0, 14,  1);
+	R(d, e, a, b, c, F0, K0, 15,  2);
+	R(c, d, e, a, b, F0, K0, 12,  3);
+	R(b, c, d, e, a, F0, K0,  5,  4);
+	R(a, b, c, d, e, F0, K0,  8,  5);
+	R(e, a, b, c, d, F0, K0,  7,  6);
+	R(d, e, a, b, c, F0, K0,  9,  7);
+	R(c, d, e, a, b, F0, K0, 11,  8);
+	R(b, c, d, e, a, F0, K0, 13,  9);
+	R(a, b, c, d, e, F0, K0, 14, 10);
+	R(e, a, b, c, d, F0, K0, 15, 11);
+	R(d, e, a, b, c, F0, K0,  6, 12);
+	R(c, d, e, a, b, F0, K0,  7, 13);
+	R(b, c, d, e, a, F0, K0,  9, 14);
+	R(a, b, c, d, e, F0, K0,  8, 15); /* #15 */
+	/* Round 2 */
+	R(e, a, b, c, d, F1, K1,  7,  7);
+	R(d, e, a, b, c, F1, K1,  6,  4);
+	R(c, d, e, a, b, F1, K1,  8, 13);
+	R(b, c, d, e, a, F1, K1, 13,  1);
+	R(a, b, c, d, e, F1, K1, 11, 10);
+	R(e, a, b, c, d, F1, K1,  9,  6);
+	R(d, e, a, b, c, F1, K1,  7, 15);
+	R(c, d, e, a, b, F1, K1, 15,  3);
+	R(b, c, d, e, a, F1, K1,  7, 12);
+	R(a, b, c, d, e, F1, K1, 12,  0);
+	R(e, a, b, c, d, F1, K1, 15,  9);
+	R(d, e, a, b, c, F1, K1,  9,  5);
+	R(c, d, e, a, b, F1, K1, 11,  2);
+	R(b, c, d, e, a, F1, K1,  7, 14);
+	R(a, b, c, d, e, F1, K1, 13, 11);
+	R(e, a, b, c, d, F1, K1, 12,  8); /* #31 */
+	/* Round 3 */
+	R(d, e, a, b, c, F2, K2, 11,  3);
+	R(c, d, e, a, b, F2, K2, 13, 10);
+	R(b, c, d, e, a, F2, K2,  6, 14);
+	R(a, b, c, d, e, F2, K2,  7,  4);
+	R(e, a, b, c, d, F2, K2, 14,  9);
+	R(d, e, a, b, c, F2, K2,  9, 15);
+	R(c, d, e, a, b, F2, K2, 13,  8);
+	R(b, c, d, e, a, F2, K2, 15,  1);
+	R(a, b, c, d, e, F2, K2, 14,  2);
+	R(e, a, b, c, d, F2, K2,  8,  7);
+	R(d, e, a, b, c, F2, K2, 13,  0);
+	R(c, d, e, a, b, F2, K2,  6,  6);
+	R(b, c, d, e, a, F2, K2,  5, 13);
+	R(a, b, c, d, e, F2, K2, 12, 11);
+	R(e, a, b, c, d, F2, K2,  7,  5);
+	R(d, e, a, b, c, F2, K2,  5, 12); /* #47 */
+	/* Round 4 */
+	R(c, d, e, a, b, F3, K3, 11,  1);
+	R(b, c, d, e, a, F3, K3, 12,  9);
+	R(a, b, c, d, e, F3, K3, 14, 11);
+	R(e, a, b, c, d, F3, K3, 15, 10);
+	R(d, e, a, b, c, F3, K3, 14,  0);
+	R(c, d, e, a, b, F3, K3, 15,  8);
+	R(b, c, d, e, a, F3, K3,  9, 12);
+	R(a, b, c, d, e, F3, K3,  8,  4);
+	R(e, a, b, c, d, F3, K3,  9, 13);
+	R(d, e, a, b, c, F3, K3, 14,  3);
+	R(c, d, e, a, b, F3, K3,  5,  7);
+	R(b, c, d, e, a, F3, K3,  6, 15);
+	R(a, b, c, d, e, F3, K3,  8, 14);
+	R(e, a, b, c, d, F3, K3,  6,  5);
+	R(d, e, a, b, c, F3, K3,  5,  6);
+	R(c, d, e, a, b, F3, K3, 12,  2); /* #63 */
+	/* Round 5 */
+	R(b, c, d, e, a, F4, K4,  9,  4);
+	R(a, b, c, d, e, F4, K4, 15,  0);
+	R(e, a, b, c, d, F4, K4,  5,  5);
+	R(d, e, a, b, c, F4, K4, 11,  9);
+	R(c, d, e, a, b, F4, K4,  6,  7);
+	R(b, c, d, e, a, F4, K4,  8, 12);
+	R(a, b, c, d, e, F4, K4, 13,  2);
+	R(e, a, b, c, d, F4, K4, 12, 10);
+	R(d, e, a, b, c, F4, K4,  5, 14);
+	R(c, d, e, a, b, F4, K4, 12,  1);
+	R(b, c, d, e, a, F4, K4, 13,  3);
+	R(a, b, c, d, e, F4, K4, 14,  8);
+	R(e, a, b, c, d, F4, K4, 11, 11);
+	R(d, e, a, b, c, F4, K4,  8,  6);
+	R(c, d, e, a, b, F4, K4,  5, 15);
+	R(b, c, d, e, a, F4, K4,  6, 13); /* #79 */
+
+	aa = a ; bb = b; cc = c; dd = d; ee = e;
+
+	a = state[0];
+	b = state[1];
+	c = state[2];
+	d = state[3];
+	e = state[4];
+
+	/* Parallel round 1 */
+	R(a, b, c, d, e, F4, KK0,  8,  5);
+	R(e, a, b, c, d, F4, KK0,  9, 14);
+	R(d, e, a, b, c, F4, KK0,  9,  7);
+	R(c, d, e, a, b, F4, KK0, 11,  0);
+	R(b, c, d, e, a, F4, KK0, 13,  9);
+	R(a, b, c, d, e, F4, KK0, 15,  2);
+	R(e, a, b, c, d, F4, KK0, 15, 11);
+	R(d, e, a, b, c, F4, KK0,  5,  4);
+	R(c, d, e, a, b, F4, KK0,  7, 13);
+	R(b, c, d, e, a, F4, KK0,  7,  6);
+	R(a, b, c, d, e, F4, KK0,  8, 15);
+	R(e, a, b, c, d, F4, KK0, 11,  8);
+	R(d, e, a, b, c, F4, KK0, 14,  1);
+	R(c, d, e, a, b, F4, KK0, 14, 10);
+	R(b, c, d, e, a, F4, KK0, 12,  3);
+	R(a, b, c, d, e, F4, KK0,  6, 12); /* #15 */
+	/* Parallel round 2 */
+	R(e, a, b, c, d, F3, KK1,  9,  6);
+	R(d, e, a, b, c, F3, KK1, 13, 11);
+	R(c, d, e, a, b, F3, KK1, 15,  3);
+	R(b, c, d, e, a, F3, KK1,  7,  7);
+	R(a, b, c, d, e, F3, KK1, 12,  0);
+	R(e, a, b, c, d, F3, KK1,  8, 13);
+	R(d, e, a, b, c, F3, KK1,  9,  5);
+	R(c, d, e, a, b, F3, KK1, 11, 10);
+	R(b, c, d, e, a, F3, KK1,  7, 14);
+	R(a, b, c, d, e, F3, KK1,  7, 15);
+	R(e, a, b, c, d, F3, KK1, 12,  8);
+	R(d, e, a, b, c, F3, KK1,  7, 12);
+	R(c, d, e, a, b, F3, KK1,  6,  4);
+	R(b, c, d, e, a, F3, KK1, 15,  9);
+	R(a, b, c, d, e, F3, KK1, 13,  1);
+	R(e, a, b, c, d, F3, KK1, 11,  2); /* #31 */
+	/* Parallel round 3 */
+	R(d, e, a, b, c, F2, KK2,  9, 15);
+	R(c, d, e, a, b, F2, KK2,  7,  5);
+	R(b, c, d, e, a, F2, KK2, 15,  1);
+	R(a, b, c, d, e, F2, KK2, 11,  3);
+	R(e, a, b, c, d, F2, KK2,  8,  7);
+	R(d, e, a, b, c, F2, KK2,  6, 14);
+	R(c, d, e, a, b, F2, KK2,  6,  6);
+	R(b, c, d, e, a, F2, KK2, 14,  9);
+	R(a, b, c, d, e, F2, KK2, 12, 11);
+	R(e, a, b, c, d, F2, KK2, 13,  8);
+	R(d, e, a, b, c, F2, KK2,  5, 12);
+	R(c, d, e, a, b, F2, KK2, 14,  2);
+	R(b, c, d, e, a, F2, KK2, 13, 10);
+	R(a, b, c, d, e, F2, KK2, 13,  0);
+	R(e, a, b, c, d, F2, KK2,  7,  4);
+	R(d, e, a, b, c, F2, KK2,  5, 13); /* #47 */
+	/* Parallel round 4 */
+	R(c, d, e, a, b, F1, KK3, 15,  8);
+	R(b, c, d, e, a, F1, KK3,  5,  6);
+	R(a, b, c, d, e, F1, KK3,  8,  4);
+	R(e, a, b, c, d, F1, KK3, 11,  1);
+	R(d, e, a, b, c, F1, KK3, 14,  3);
+	R(c, d, e, a, b, F1, KK3, 14, 11);
+	R(b, c, d, e, a, F1, KK3,  6, 15);
+	R(a, b, c, d, e, F1, KK3, 14,  0);
+	R(e, a, b, c, d, F1, KK3,  6,  5);
+	R(d, e, a, b, c, F1, KK3,  9, 12);
+	R(c, d, e, a, b, F1, KK3, 12,  2);
+	R(b, c, d, e, a, F1, KK3,  9, 13);
+	R(a, b, c, d, e, F1, KK3, 12,  9);
+	R(e, a, b, c, d, F1, KK3,  5,  7);
+	R(d, e, a, b, c, F1, KK3, 15, 10);
+	R(c, d, e, a, b, F1, KK3,  8, 14); /* #63 */
+	/* Parallel round 5 */
+	R(b, c, d, e, a, F0, KK4,  8, 12);
+	R(a, b, c, d, e, F0, KK4,  5, 15);
+	R(e, a, b, c, d, F0, KK4, 12, 10);
+	R(d, e, a, b, c, F0, KK4,  9,  4);
+	R(c, d, e, a, b, F0, KK4, 12,  1);
+	R(b, c, d, e, a, F0, KK4,  5,  5);
+	R(a, b, c, d, e, F0, KK4, 14,  8);
+	R(e, a, b, c, d, F0, KK4,  6,  7);
+	R(d, e, a, b, c, F0, KK4,  8,  6);
+	R(c, d, e, a, b, F0, KK4, 13,  2);
+	R(b, c, d, e, a, F0, KK4,  6, 13);
+	R(a, b, c, d, e, F0, KK4,  5, 14);
+	R(e, a, b, c, d, F0, KK4, 15,  0);
+	R(d, e, a, b, c, F0, KK4, 13,  3);
+	R(c, d, e, a, b, F0, KK4, 11,  9);
+	R(b, c, d, e, a, F0, KK4, 11, 11); /* #79 */
+
+	t =        state[1] + cc + d;
+	state[1] = state[2] + dd + e;
+	state[2] = state[3] + ee + a;
+	state[3] = state[4] + aa + b;
+	state[4] = state[0] + bb + c;
+	state[0] = t;
+}

freebsd/opencrypto/rmd160.h

@@ -0,0 +1,41 @@
+/*	$FreeBSD$	*/
+/*	$OpenBSD: rmd160.h,v 1.3 2002/03/14 01:26:51 millert Exp $	*/
+/*-
+ * Copyright (c) 2001 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef  _RMD160_H
+#define  _RMD160_H
+
+/* RMD160 context. */
+typedef struct RMD160Context {
+	u_int32_t state[5];	/* state */
+	u_int64_t count;	/* number of bits, modulo 2^64 */
+	u_char buffer[64];	/* input buffer */
+} RMD160_CTX;
+
+void	 RMD160Init(RMD160_CTX *);
+void	 RMD160Transform(u_int32_t [5], const u_char [64]);
+void	 RMD160Update(RMD160_CTX *, const u_char *, u_int32_t);
+void	 RMD160Final(u_char [20], RMD160_CTX *);
+
+#endif  /* _RMD160_H */

freebsd/opencrypto/skipjack.c

@@ -0,0 +1,262 @@
+#include <rtems/freebsd/machine/rtems-bsd-config.h>
+
+/*	$OpenBSD: skipjack.c,v 1.3 2001/05/05 00:31:34 angelos Exp $	*/
+/*-
+ * Further optimized test implementation of SKIPJACK algorithm 
+ * Mark Tillotson <markt@chaos.org.uk>, 25 June 98
+ * Optimizations suit RISC (lots of registers) machine best.
+ *
+ * based on unoptimized implementation of
+ * Panu Rissanen <bande@lut.fi> 960624
+ *
+ * SKIPJACK and KEA Algorithm Specifications 
+ * Version 2.0 
+ * 29 May 1998
+*/
+
+#include <rtems/freebsd/sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <rtems/freebsd/sys/param.h>
+
+#include <rtems/freebsd/opencrypto/skipjack.h>
+
+static const u_int8_t ftable[0x100] =
+{ 
+	0xa3, 0xd7, 0x09, 0x83, 0xf8, 0x48, 0xf6, 0xf4, 
+	0xb3, 0x21, 0x15, 0x78, 0x99, 0xb1, 0xaf, 0xf9, 
+	0xe7, 0x2d, 0x4d, 0x8a, 0xce, 0x4c, 0xca, 0x2e, 
+	0x52, 0x95, 0xd9, 0x1e, 0x4e, 0x38, 0x44, 0x28, 
+	0x0a, 0xdf, 0x02, 0xa0, 0x17, 0xf1, 0x60, 0x68, 
+	0x12, 0xb7, 0x7a, 0xc3, 0xe9, 0xfa, 0x3d, 0x53, 
+	0x96, 0x84, 0x6b, 0xba, 0xf2, 0x63, 0x9a, 0x19, 
+	0x7c, 0xae, 0xe5, 0xf5, 0xf7, 0x16, 0x6a, 0xa2, 
+	0x39, 0xb6, 0x7b, 0x0f, 0xc1, 0x93, 0x81, 0x1b, 
+	0xee, 0xb4, 0x1a, 0xea, 0xd0, 0x91, 0x2f, 0xb8, 
+	0x55, 0xb9, 0xda, 0x85, 0x3f, 0x41, 0xbf, 0xe0, 
+	0x5a, 0x58, 0x80, 0x5f, 0x66, 0x0b, 0xd8, 0x90, 
+	0x35, 0xd5, 0xc0, 0xa7, 0x33, 0x06, 0x65, 0x69, 
+	0x45, 0x00, 0x94, 0x56, 0x6d, 0x98, 0x9b, 0x76, 
+	0x97, 0xfc, 0xb2, 0xc2, 0xb0, 0xfe, 0xdb, 0x20, 
+	0xe1, 0xeb, 0xd6, 0xe4, 0xdd, 0x47, 0x4a, 0x1d, 
+	0x42, 0xed, 0x9e, 0x6e, 0x49, 0x3c, 0xcd, 0x43, 
+	0x27, 0xd2, 0x07, 0xd4, 0xde, 0xc7, 0x67, 0x18, 
+	0x89, 0xcb, 0x30, 0x1f, 0x8d, 0xc6, 0x8f, 0xaa, 
+	0xc8, 0x74, 0xdc, 0xc9, 0x5d, 0x5c, 0x31, 0xa4, 
+	0x70, 0x88, 0x61, 0x2c, 0x9f, 0x0d, 0x2b, 0x87, 
+	0x50, 0x82, 0x54, 0x64, 0x26, 0x7d, 0x03, 0x40, 
+	0x34, 0x4b, 0x1c, 0x73, 0xd1, 0xc4, 0xfd, 0x3b, 
+	0xcc, 0xfb, 0x7f, 0xab, 0xe6, 0x3e, 0x5b, 0xa5, 
+	0xad, 0x04, 0x23, 0x9c, 0x14, 0x51, 0x22, 0xf0, 
+	0x29, 0x79, 0x71, 0x7e, 0xff, 0x8c, 0x0e, 0xe2, 
+	0x0c, 0xef, 0xbc, 0x72, 0x75, 0x6f, 0x37, 0xa1, 
+	0xec, 0xd3, 0x8e, 0x62, 0x8b, 0x86, 0x10, 0xe8, 
+	0x08, 0x77, 0x11, 0xbe, 0x92, 0x4f, 0x24, 0xc5, 
+	0x32, 0x36, 0x9d, 0xcf, 0xf3, 0xa6, 0xbb, 0xac, 
+	0x5e, 0x6c, 0xa9, 0x13, 0x57, 0x25, 0xb5, 0xe3, 
+	0xbd, 0xa8, 0x3a, 0x01, 0x05, 0x59, 0x2a, 0x46
+};
+
+/*
+ * For each key byte generate a table to represent the function 
+ *    ftable [in ^ keybyte]
+ *
+ * These tables used to save an XOR in each stage of the G-function
+ * the tables are hopefully pointed to by register allocated variables
+ * k0, k1..k9
+ */
+
+void
+subkey_table_gen (u_int8_t *key, u_int8_t **key_tables)
+{
+	int i, k;
+
+	for (k = 0; k < 10; k++) {
+		u_int8_t   key_byte = key [k];
+		u_int8_t * table = key_tables[k];
+		for (i = 0; i < 0x100; i++)
+			table [i] = ftable [i ^ key_byte];
+	}
+}
+
+
+#define g(k0, k1, k2, k3, ih, il, oh, ol) \
+{ \
+	oh = k##k0 [il] ^ ih; \
+	ol = k##k1 [oh] ^ il; \
+	oh = k##k2 [ol] ^ oh; \
+	ol = k##k3 [oh] ^ ol; \
+}
+
+#define g0(ih, il, oh, ol) g(0, 1, 2, 3, ih, il, oh, ol)
+#define g4(ih, il, oh, ol) g(4, 5, 6, 7, ih, il, oh, ol)
+#define g8(ih, il, oh, ol) g(8, 9, 0, 1, ih, il, oh, ol)
+#define g2(ih, il, oh, ol) g(2, 3, 4, 5, ih, il, oh, ol)
+#define g6(ih, il, oh, ol) g(6, 7, 8, 9, ih, il, oh, ol)
+
+ 
+#define g_inv(k0, k1, k2, k3, ih, il, oh, ol) \
+{ \
+	ol = k##k3 [ih] ^ il; \
+	oh = k##k2 [ol] ^ ih; \
+	ol = k##k1 [oh] ^ ol; \
+	oh = k##k0 [ol] ^ oh; \
+}
+
+
+#define g0_inv(ih, il, oh, ol) g_inv(0, 1, 2, 3, ih, il, oh, ol)
+#define g4_inv(ih, il, oh, ol) g_inv(4, 5, 6, 7, ih, il, oh, ol)
+#define g8_inv(ih, il, oh, ol) g_inv(8, 9, 0, 1, ih, il, oh, ol)
+#define g2_inv(ih, il, oh, ol) g_inv(2, 3, 4, 5, ih, il, oh, ol)
+#define g6_inv(ih, il, oh, ol) g_inv(6, 7, 8, 9, ih, il, oh, ol)
+
+/* optimized version of Skipjack algorithm
+ *
+ * the appropriate g-function is inlined for each round
+ *
+ * the data movement is minimized by rotating the names of the 
+ * variables w1..w4, not their contents (saves 3 moves per round)
+ *
+ * the loops are completely unrolled (needed to staticize choice of g)
+ *
+ * compiles to about 470 instructions on a Sparc (gcc -O)
+ * which is about 58 instructions per byte, 14 per round.
+ * gcc seems to leave in some unnecessary and with 0xFF operations
+ * but only in the latter part of the functions.  Perhaps it
+ * runs out of resources to properly optimize long inlined function?
+ * in theory should get about 11 instructions per round, not 14
+ */
+
+void
+skipjack_forwards(u_int8_t *plain, u_int8_t *cipher, u_int8_t **key_tables)
+{
+	u_int8_t wh1 = plain[0];  u_int8_t wl1 = plain[1];
+	u_int8_t wh2 = plain[2];  u_int8_t wl2 = plain[3];
+	u_int8_t wh3 = plain[4];  u_int8_t wl3 = plain[5];
+	u_int8_t wh4 = plain[6];  u_int8_t wl4 = plain[7];
+
+	u_int8_t * k0 = key_tables [0];
+	u_int8_t * k1 = key_tables [1];
+	u_int8_t * k2 = key_tables [2];
+	u_int8_t * k3 = key_tables [3];
+	u_int8_t * k4 = key_tables [4];
+	u_int8_t * k5 = key_tables [5];
+	u_int8_t * k6 = key_tables [6];
+	u_int8_t * k7 = key_tables [7];
+	u_int8_t * k8 = key_tables [8];
+	u_int8_t * k9 = key_tables [9];
+
+	/* first 8 rounds */
+	g0 (wh1,wl1, wh1,wl1); wl4 ^= wl1 ^ 1; wh4 ^= wh1;
+	g4 (wh4,wl4, wh4,wl4); wl3 ^= wl4 ^ 2; wh3 ^= wh4;
+	g8 (wh3,wl3, wh3,wl3); wl2 ^= wl3 ^ 3; wh2 ^= wh3;
+	g2 (wh2,wl2, wh2,wl2); wl1 ^= wl2 ^ 4; wh1 ^= wh2;
+	g6 (wh1,wl1, wh1,wl1); wl4 ^= wl1 ^ 5; wh4 ^= wh1;
+	g0 (wh4,wl4, wh4,wl4); wl3 ^= wl4 ^ 6; wh3 ^= wh4;
+	g4 (wh3,wl3, wh3,wl3); wl2 ^= wl3 ^ 7; wh2 ^= wh3;
+	g8 (wh2,wl2, wh2,wl2); wl1 ^= wl2 ^ 8; wh1 ^= wh2;
+
+	/* second 8 rounds */
+	wh2 ^= wh1; wl2 ^= wl1 ^ 9 ; g2 (wh1,wl1, wh1,wl1);
+	wh1 ^= wh4; wl1 ^= wl4 ^ 10; g6 (wh4,wl4, wh4,wl4);
+	wh4 ^= wh3; wl4 ^= wl3 ^ 11; g0 (wh3,wl3, wh3,wl3);
+	wh3 ^= wh2; wl3 ^= wl2 ^ 12; g4 (wh2,wl2, wh2,wl2);
+	wh2 ^= wh1; wl2 ^= wl1 ^ 13; g8 (wh1,wl1, wh1,wl1);
+	wh1 ^= wh4; wl1 ^= wl4 ^ 14; g2 (wh4,wl4, wh4,wl4);
+	wh4 ^= wh3; wl4 ^= wl3 ^ 15; g6 (wh3,wl3, wh3,wl3);
+	wh3 ^= wh2; wl3 ^= wl2 ^ 16; g0 (wh2,wl2, wh2,wl2);
+
+	/* third 8 rounds */
+	g4 (wh1,wl1, wh1,wl1); wl4 ^= wl1 ^ 17; wh4 ^= wh1;
+	g8 (wh4,wl4, wh4,wl4); wl3 ^= wl4 ^ 18; wh3 ^= wh4;
+	g2 (wh3,wl3, wh3,wl3); wl2 ^= wl3 ^ 19; wh2 ^= wh3;
+	g6 (wh2,wl2, wh2,wl2); wl1 ^= wl2 ^ 20; wh1 ^= wh2;
+	g0 (wh1,wl1, wh1,wl1); wl4 ^= wl1 ^ 21; wh4 ^= wh1;
+	g4 (wh4,wl4, wh4,wl4); wl3 ^= wl4 ^ 22; wh3 ^= wh4;
+	g8 (wh3,wl3, wh3,wl3); wl2 ^= wl3 ^ 23; wh2 ^= wh3;
+	g2 (wh2,wl2, wh2,wl2); wl1 ^= wl2 ^ 24; wh1 ^= wh2;
+
+	/* last 8 rounds */
+	wh2 ^= wh1; wl2 ^= wl1 ^ 25; g6 (wh1,wl1, wh1,wl1);
+	wh1 ^= wh4; wl1 ^= wl4 ^ 26; g0 (wh4,wl4, wh4,wl4);
+	wh4 ^= wh3; wl4 ^= wl3 ^ 27; g4 (wh3,wl3, wh3,wl3);
+	wh3 ^= wh2; wl3 ^= wl2 ^ 28; g8 (wh2,wl2, wh2,wl2);
+	wh2 ^= wh1; wl2 ^= wl1 ^ 29; g2 (wh1,wl1, wh1,wl1);
+	wh1 ^= wh4; wl1 ^= wl4 ^ 30; g6 (wh4,wl4, wh4,wl4);
+	wh4 ^= wh3; wl4 ^= wl3 ^ 31; g0 (wh3,wl3, wh3,wl3);
+	wh3 ^= wh2; wl3 ^= wl2 ^ 32; g4 (wh2,wl2, wh2,wl2);
+
+	/* pack into byte vector */
+	cipher [0] = wh1;  cipher [1] = wl1;
+	cipher [2] = wh2;  cipher [3] = wl2;
+	cipher [4] = wh3;  cipher [5] = wl3;
+	cipher [6] = wh4;  cipher [7] = wl4;
+}
+
+
+void
+skipjack_backwards (u_int8_t *cipher, u_int8_t *plain, u_int8_t **key_tables)
+{
+	/* setup 4 16-bit portions */
+	u_int8_t wh1 = cipher[0];  u_int8_t wl1 = cipher[1];
+	u_int8_t wh2 = cipher[2];  u_int8_t wl2 = cipher[3];
+	u_int8_t wh3 = cipher[4];  u_int8_t wl3 = cipher[5];
+	u_int8_t wh4 = cipher[6];  u_int8_t wl4 = cipher[7];
+
+	u_int8_t * k0 = key_tables [0];
+	u_int8_t * k1 = key_tables [1];
+	u_int8_t * k2 = key_tables [2];
+	u_int8_t * k3 = key_tables [3];
+	u_int8_t * k4 = key_tables [4];
+	u_int8_t * k5 = key_tables [5];
+	u_int8_t * k6 = key_tables [6];
+	u_int8_t * k7 = key_tables [7];
+	u_int8_t * k8 = key_tables [8];
+	u_int8_t * k9 = key_tables [9];
+
+	/* first 8 rounds */
+	g4_inv (wh2,wl2, wh2,wl2); wl3 ^= wl2 ^ 32; wh3 ^= wh2;
+	g0_inv (wh3,wl3, wh3,wl3); wl4 ^= wl3 ^ 31; wh4 ^= wh3;
+	g6_inv (wh4,wl4, wh4,wl4); wl1 ^= wl4 ^ 30; wh1 ^= wh4;
+	g2_inv (wh1,wl1, wh1,wl1); wl2 ^= wl1 ^ 29; wh2 ^= wh1;
+	g8_inv (wh2,wl2, wh2,wl2); wl3 ^= wl2 ^ 28; wh3 ^= wh2;
+	g4_inv (wh3,wl3, wh3,wl3); wl4 ^= wl3 ^ 27; wh4 ^= wh3;
+	g0_inv (wh4,wl4, wh4,wl4); wl1 ^= wl4 ^ 26; wh1 ^= wh4;
+	g6_inv (wh1,wl1, wh1,wl1); wl2 ^= wl1 ^ 25; wh2 ^= wh1;
+
+	/* second 8 rounds */
+	wh1 ^= wh2; wl1 ^= wl2 ^ 24; g2_inv (wh2,wl2, wh2,wl2);
+	wh2 ^= wh3; wl2 ^= wl3 ^ 23; g8_inv (wh3,wl3, wh3,wl3);
+	wh3 ^= wh4; wl3 ^= wl4 ^ 22; g4_inv (wh4,wl4, wh4,wl4);
+	wh4 ^= wh1; wl4 ^= wl1 ^ 21; g0_inv (wh1,wl1, wh1,wl1);
+	wh1 ^= wh2; wl1 ^= wl2 ^ 20; g6_inv (wh2,wl2, wh2,wl2);
+	wh2 ^= wh3; wl2 ^= wl3 ^ 19; g2_inv (wh3,wl3, wh3,wl3);
+	wh3 ^= wh4; wl3 ^= wl4 ^ 18; g8_inv (wh4,wl4, wh4,wl4);
+	wh4 ^= wh1; wl4 ^= wl1 ^ 17; g4_inv (wh1,wl1, wh1,wl1);
+
+	/* third 8 rounds */
+	g0_inv (wh2,wl2, wh2,wl2); wl3 ^= wl2 ^ 16; wh3 ^= wh2;
+	g6_inv (wh3,wl3, wh3,wl3); wl4 ^= wl3 ^ 15; wh4 ^= wh3;
+	g2_inv (wh4,wl4, wh4,wl4); wl1 ^= wl4 ^ 14; wh1 ^= wh4;
+	g8_inv (wh1,wl1, wh1,wl1); wl2 ^= wl1 ^ 13; wh2 ^= wh1;
+	g4_inv (wh2,wl2, wh2,wl2); wl3 ^= wl2 ^ 12; wh3 ^= wh2;
+	g0_inv (wh3,wl3, wh3,wl3); wl4 ^= wl3 ^ 11; wh4 ^= wh3;
+	g6_inv (wh4,wl4, wh4,wl4); wl1 ^= wl4 ^ 10; wh1 ^= wh4;
+	g2_inv (wh1,wl1, wh1,wl1); wl2 ^= wl1 ^ 9;  wh2 ^= wh1;
+
+	/* last 8 rounds */
+	wh1 ^= wh2; wl1 ^= wl2 ^ 8; g8_inv (wh2,wl2, wh2,wl2);
+	wh2 ^= wh3; wl2 ^= wl3 ^ 7; g4_inv (wh3,wl3, wh3,wl3);
+	wh3 ^= wh4; wl3 ^= wl4 ^ 6; g0_inv (wh4,wl4, wh4,wl4);
+	wh4 ^= wh1; wl4 ^= wl1 ^ 5; g6_inv (wh1,wl1, wh1,wl1);
+	wh1 ^= wh2; wl1 ^= wl2 ^ 4; g2_inv (wh2,wl2, wh2,wl2);
+	wh2 ^= wh3; wl2 ^= wl3 ^ 3; g8_inv (wh3,wl3, wh3,wl3);
+	wh3 ^= wh4; wl3 ^= wl4 ^ 2; g4_inv (wh4,wl4, wh4,wl4);
+	wh4 ^= wh1; wl4 ^= wl1 ^ 1; g0_inv (wh1,wl1, wh1,wl1);
+
+	/* pack into byte vector */
+	plain [0] = wh1;  plain [1] = wl1;
+	plain [2] = wh2;  plain [3] = wl2;
+	plain [4] = wh3;  plain [5] = wl3;
+	plain [6] = wh4;  plain [7] = wl4;
+}

freebsd/opencrypto/skipjack.h

@@ -0,0 +1,19 @@
+/*	$FreeBSD$	*/
+/*	$OpenBSD: skipjack.h,v 1.3 2002/03/14 01:26:51 millert Exp $	*/
+
+/*-
+ * Further optimized test implementation of SKIPJACK algorithm 
+ * Mark Tillotson <markt@chaos.org.uk>, 25 June 98
+ * Optimizations suit RISC (lots of registers) machine best.
+ *
+ * based on unoptimized implementation of
+ * Panu Rissanen <bande@lut.fi> 960624
+ *
+ * SKIPJACK and KEA Algorithm Specifications 
+ * Version 2.0 
+ * 29 May 1998
+*/
+
+extern void skipjack_forwards(u_int8_t *plain, u_int8_t *cipher, u_int8_t **key);
+extern void skipjack_backwards(u_int8_t *cipher, u_int8_t *plain, u_int8_t **key);
+extern void subkey_table_gen(u_int8_t *key, u_int8_t **key_tables);

freebsd/opencrypto/xform.c

@@ -0,0 +1,815 @@
+#include <rtems/freebsd/machine/rtems-bsd-config.h>
+
+/*	$OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $	*/
+/*-
+ * The authors of this code are John Ioannidis (ji@tla.org),
+ * Angelos D. Keromytis (kermit@csd.uch.gr) and
+ * Niels Provos (provos@physnet.uni-hamburg.de).
+ *
+ * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
+ * in November 1995.
+ *
+ * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
+ * by Angelos D. Keromytis.
+ *
+ * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
+ * and Niels Provos.
+ *
+ * Additional features in 1999 by Angelos D. Keromytis.
+ *
+ * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
+ * Angelos D. Keromytis and Niels Provos.
+ *
+ * Copyright (C) 2001, Angelos D. Keromytis.
+ *
+ * Permission to use, copy, and modify this software with or without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all copies of any software which is or includes a copy or
+ * modification of this software.
+ * You may use this code under the GNU public license if you so wish. Please
+ * contribute changes back to the authors under this freer than GPL license
+ * so that we may further the use of strong encryption without limitations to
+ * all.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#include <rtems/freebsd/sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <rtems/freebsd/sys/param.h>
+#include <rtems/freebsd/sys/systm.h>
+#include <rtems/freebsd/sys/malloc.h>
+#include <rtems/freebsd/sys/sysctl.h>
+#include <rtems/freebsd/sys/errno.h>
+#include <rtems/freebsd/sys/time.h>
+#include <rtems/freebsd/sys/kernel.h>
+#include <rtems/freebsd/machine/cpu.h>
+
+#include <rtems/freebsd/crypto/blowfish/blowfish.h>
+#include <rtems/freebsd/crypto/des/des.h>
+#include <rtems/freebsd/crypto/rijndael/rijndael.h>
+#include <rtems/freebsd/crypto/camellia/camellia.h>
+#include <rtems/freebsd/crypto/sha1.h>
+
+#include <rtems/freebsd/opencrypto/cast.h>
+#include <rtems/freebsd/opencrypto/deflate.h>
+#include <rtems/freebsd/opencrypto/rmd160.h>
+#include <rtems/freebsd/opencrypto/skipjack.h>
+
+#include <rtems/freebsd/sys/md5.h>
+
+#include <rtems/freebsd/opencrypto/cryptodev.h>
+#include <rtems/freebsd/opencrypto/xform.h>
+
+static	int null_setkey(u_int8_t **, u_int8_t *, int);
+static	int des1_setkey(u_int8_t **, u_int8_t *, int);
+static	int des3_setkey(u_int8_t **, u_int8_t *, int);
+static	int blf_setkey(u_int8_t **, u_int8_t *, int);
+static	int cast5_setkey(u_int8_t **, u_int8_t *, int);
+static	int skipjack_setkey(u_int8_t **, u_int8_t *, int);
+static	int rijndael128_setkey(u_int8_t **, u_int8_t *, int);
+static	int aes_xts_setkey(u_int8_t **, u_int8_t *, int);
+static	int cml_setkey(u_int8_t **, u_int8_t *, int);
+
+static	void null_encrypt(caddr_t, u_int8_t *);
+static	void des1_encrypt(caddr_t, u_int8_t *);
+static	void des3_encrypt(caddr_t, u_int8_t *);
+static	void blf_encrypt(caddr_t, u_int8_t *);
+static	void cast5_encrypt(caddr_t, u_int8_t *);
+static	void skipjack_encrypt(caddr_t, u_int8_t *);
+static	void rijndael128_encrypt(caddr_t, u_int8_t *);
+static	void aes_xts_encrypt(caddr_t, u_int8_t *);
+static	void cml_encrypt(caddr_t, u_int8_t *);
+
+static	void null_decrypt(caddr_t, u_int8_t *);
+static	void des1_decrypt(caddr_t, u_int8_t *);
+static	void des3_decrypt(caddr_t, u_int8_t *);
+static	void blf_decrypt(caddr_t, u_int8_t *);
+static	void cast5_decrypt(caddr_t, u_int8_t *);
+static	void skipjack_decrypt(caddr_t, u_int8_t *);
+static	void rijndael128_decrypt(caddr_t, u_int8_t *);
+static	void aes_xts_decrypt(caddr_t, u_int8_t *);
+static	void cml_decrypt(caddr_t, u_int8_t *);
+
+static	void null_zerokey(u_int8_t **);
+static	void des1_zerokey(u_int8_t **);
+static	void des3_zerokey(u_int8_t **);
+static	void blf_zerokey(u_int8_t **);
+static	void cast5_zerokey(u_int8_t **);
+static	void skipjack_zerokey(u_int8_t **);
+static	void rijndael128_zerokey(u_int8_t **);
+static	void aes_xts_zerokey(u_int8_t **);
+static	void cml_zerokey(u_int8_t **);
+
+static	void aes_xts_reinit(caddr_t, u_int8_t *);
+
+static	void null_init(void *);
+static	int null_update(void *, u_int8_t *, u_int16_t);
+static	void null_final(u_int8_t *, void *);
+static	int MD5Update_int(void *, u_int8_t *, u_int16_t);
+static	void SHA1Init_int(void *);
+static	int SHA1Update_int(void *, u_int8_t *, u_int16_t);
+static	void SHA1Final_int(u_int8_t *, void *);
+static	int RMD160Update_int(void *, u_int8_t *, u_int16_t);
+static	int SHA256Update_int(void *, u_int8_t *, u_int16_t);
+static	int SHA384Update_int(void *, u_int8_t *, u_int16_t);
+static	int SHA512Update_int(void *, u_int8_t *, u_int16_t);
+
+static	u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **);
+static	u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **);
+
+MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers");
+
+/* Encryption instances */
+struct enc_xform enc_xform_null = {
+	CRYPTO_NULL_CBC, "NULL",
+	/* NB: blocksize of 4 is to generate a properly aligned ESP header */
+	NULL_BLOCK_LEN, 0, 256, /* 2048 bits, max key */
+	null_encrypt,
+	null_decrypt,
+	null_setkey,
+	null_zerokey,
+	NULL
+};
+
+struct enc_xform enc_xform_des = {
+	CRYPTO_DES_CBC, "DES",
+	DES_BLOCK_LEN, 8, 8,
+	des1_encrypt,
+	des1_decrypt,
+	des1_setkey,
+	des1_zerokey,
+	NULL
+};
+
+struct enc_xform enc_xform_3des = {
+	CRYPTO_3DES_CBC, "3DES",
+	DES3_BLOCK_LEN, 24, 24,
+	des3_encrypt,
+	des3_decrypt,
+	des3_setkey,
+	des3_zerokey,
+	NULL
+};
+
+struct enc_xform enc_xform_blf = {
+	CRYPTO_BLF_CBC, "Blowfish",
+	BLOWFISH_BLOCK_LEN, 5, 56 /* 448 bits, max key */,
+	blf_encrypt,
+	blf_decrypt,
+	blf_setkey,
+	blf_zerokey,
+	NULL
+};
+
+struct enc_xform enc_xform_cast5 = {
+	CRYPTO_CAST_CBC, "CAST-128",
+	CAST128_BLOCK_LEN, 5, 16,
+	cast5_encrypt,
+	cast5_decrypt,
+	cast5_setkey,
+	cast5_zerokey,
+	NULL
+};
+
+struct enc_xform enc_xform_skipjack = {
+	CRYPTO_SKIPJACK_CBC, "Skipjack",
+	SKIPJACK_BLOCK_LEN, 10, 10,
+	skipjack_encrypt,
+	skipjack_decrypt,
+	skipjack_setkey,
+	skipjack_zerokey,
+	NULL
+};
+
+struct enc_xform enc_xform_rijndael128 = {
+	CRYPTO_RIJNDAEL128_CBC, "Rijndael-128/AES",
+	RIJNDAEL128_BLOCK_LEN, 8, 32,
+	rijndael128_encrypt,
+	rijndael128_decrypt,
+	rijndael128_setkey,
+	rijndael128_zerokey,
+	NULL
+};
+
+struct enc_xform enc_xform_aes_xts = {
+	CRYPTO_AES_XTS, "AES-XTS",
+	RIJNDAEL128_BLOCK_LEN, 32, 64,
+	aes_xts_encrypt,
+	aes_xts_decrypt,
+	aes_xts_setkey,
+	aes_xts_zerokey,
+	aes_xts_reinit
+};
+
+struct enc_xform enc_xform_arc4 = {
+	CRYPTO_ARC4, "ARC4",
+	1, 1, 32,
+	NULL,
+	NULL,
+	NULL,
+	NULL,
+	NULL
+};
+
+struct enc_xform enc_xform_camellia = {
+	CRYPTO_CAMELLIA_CBC, "Camellia",
+	CAMELLIA_BLOCK_LEN, 8, 32,
+	cml_encrypt,
+	cml_decrypt,
+	cml_setkey,
+	cml_zerokey,
+	NULL
+};
+
+/* Authentication instances */
+struct auth_hash auth_hash_null = {
+	CRYPTO_NULL_HMAC, "NULL-HMAC",
+	0, NULL_HASH_LEN, NULL_HMAC_BLOCK_LEN, sizeof(int),	/* NB: context isn't used */
+	null_init, null_update, null_final
+};
+
+struct auth_hash auth_hash_hmac_md5 = {
+	CRYPTO_MD5_HMAC, "HMAC-MD5",
+	16, MD5_HASH_LEN, MD5_HMAC_BLOCK_LEN, sizeof(MD5_CTX),
+	(void (*) (void *)) MD5Init, MD5Update_int,
+	(void (*) (u_int8_t *, void *)) MD5Final
+};
+
+struct auth_hash auth_hash_hmac_sha1 = {
+	CRYPTO_SHA1_HMAC, "HMAC-SHA1",
+	20, SHA1_HASH_LEN, SHA1_HMAC_BLOCK_LEN, sizeof(SHA1_CTX),
+	SHA1Init_int, SHA1Update_int, SHA1Final_int
+};
+
+struct auth_hash auth_hash_hmac_ripemd_160 = {
+	CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160",
+	20, RIPEMD160_HASH_LEN, RIPEMD160_HMAC_BLOCK_LEN, sizeof(RMD160_CTX),
+	(void (*)(void *)) RMD160Init, RMD160Update_int,
+	(void (*)(u_int8_t *, void *)) RMD160Final
+};
+
+struct auth_hash auth_hash_key_md5 = {
+	CRYPTO_MD5_KPDK, "Keyed MD5",
+	0, MD5_KPDK_HASH_LEN, 0, sizeof(MD5_CTX),
+	(void (*)(void *)) MD5Init, MD5Update_int,
+	(void (*)(u_int8_t *, void *)) MD5Final
+};
+
+struct auth_hash auth_hash_key_sha1 = {
+	CRYPTO_SHA1_KPDK, "Keyed SHA1",
+	0, SHA1_KPDK_HASH_LEN, 0, sizeof(SHA1_CTX),
+	SHA1Init_int, SHA1Update_int, SHA1Final_int
+};
+
+struct auth_hash auth_hash_hmac_sha2_256 = {
+	CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256",
+	32, SHA2_256_HASH_LEN, SHA2_256_HMAC_BLOCK_LEN, sizeof(SHA256_CTX),
+	(void (*)(void *)) SHA256_Init, SHA256Update_int,
+	(void (*)(u_int8_t *, void *)) SHA256_Final
+};
+
+struct auth_hash auth_hash_hmac_sha2_384 = {
+	CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384",
+	48, SHA2_384_HASH_LEN, SHA2_384_HMAC_BLOCK_LEN, sizeof(SHA384_CTX),
+	(void (*)(void *)) SHA384_Init, SHA384Update_int,
+	(void (*)(u_int8_t *, void *)) SHA384_Final
+};
+
+struct auth_hash auth_hash_hmac_sha2_512 = {
+	CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512",
+	64, SHA2_512_HASH_LEN, SHA2_512_HMAC_BLOCK_LEN, sizeof(SHA512_CTX),
+	(void (*)(void *)) SHA512_Init, SHA512Update_int,
+	(void (*)(u_int8_t *, void *)) SHA512_Final
+};
+
+/* Compression instance */
+struct comp_algo comp_algo_deflate = {
+	CRYPTO_DEFLATE_COMP, "Deflate",
+	90, deflate_compress,
+	deflate_decompress
+};
+
+/*
+ * Encryption wrapper routines.
+ */
+static void
+null_encrypt(caddr_t key, u_int8_t *blk)
+{
+}
+static void
+null_decrypt(caddr_t key, u_int8_t *blk)
+{
+}
+static int
+null_setkey(u_int8_t **sched, u_int8_t *key, int len)
+{
+	*sched = NULL;
+	return 0;
+}
+static void
+null_zerokey(u_int8_t **sched)
+{
+	*sched = NULL;
+}
+
+static void
+des1_encrypt(caddr_t key, u_int8_t *blk)
+{
+	des_cblock *cb = (des_cblock *) blk;
+	des_key_schedule *p = (des_key_schedule *) key;
+
+	des_ecb_encrypt(cb, cb, p[0], DES_ENCRYPT);
+}
+
+static void
+des1_decrypt(caddr_t key, u_int8_t *blk)
+{
+	des_cblock *cb = (des_cblock *) blk;
+	des_key_schedule *p = (des_key_schedule *) key;
+
+	des_ecb_encrypt(cb, cb, p[0], DES_DECRYPT);
+}
+
+static int
+des1_setkey(u_int8_t **sched, u_int8_t *key, int len)
+{
+	des_key_schedule *p;
+	int err;
+
+	p = malloc(sizeof (des_key_schedule),
+		M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
+	if (p != NULL) {
+		des_set_key((des_cblock *) key, p[0]);
+		err = 0;
+	} else
+		err = ENOMEM;
+	*sched = (u_int8_t *) p;
+	return err;
+}
+
+static void
+des1_zerokey(u_int8_t **sched)
+{
+	bzero(*sched, sizeof (des_key_schedule));
+	free(*sched, M_CRYPTO_DATA);
+	*sched = NULL;
+}
+
+static void
+des3_encrypt(caddr_t key, u_int8_t *blk)
+{
+	des_cblock *cb = (des_cblock *) blk;
+	des_key_schedule *p = (des_key_schedule *) key;
+
+	des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_ENCRYPT);
+}
+
+static void
+des3_decrypt(caddr_t key, u_int8_t *blk)
+{
+	des_cblock *cb = (des_cblock *) blk;
+	des_key_schedule *p = (des_key_schedule *) key;
+
+	des_ecb3_encrypt(cb, cb, p[0], p[1], p[2], DES_DECRYPT);
+}
+
+static int
+des3_setkey(u_int8_t **sched, u_int8_t *key, int len)
+{
+	des_key_schedule *p;
+	int err;
+
+	p = malloc(3*sizeof (des_key_schedule),
+		M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
+	if (p != NULL) {
+		des_set_key((des_cblock *)(key +  0), p[0]);
+		des_set_key((des_cblock *)(key +  8), p[1]);
+		des_set_key((des_cblock *)(key + 16), p[2]);
+		err = 0;
+	} else
+		err = ENOMEM;
+	*sched = (u_int8_t *) p;
+	return err;
+}
+
+static void
+des3_zerokey(u_int8_t **sched)
+{
+	bzero(*sched, 3*sizeof (des_key_schedule));
+	free(*sched, M_CRYPTO_DATA);
+	*sched = NULL;
+}
+
+static void
+blf_encrypt(caddr_t key, u_int8_t *blk)
+{
+	BF_LONG t[2];
+
+	memcpy(t, blk, sizeof (t));
+	t[0] = ntohl(t[0]);
+	t[1] = ntohl(t[1]);
+	/* NB: BF_encrypt expects the block in host order! */
+	BF_encrypt(t, (BF_KEY *) key);
+	t[0] = htonl(t[0]);
+	t[1] = htonl(t[1]);
+	memcpy(blk, t, sizeof (t));
+}
+
+static void
+blf_decrypt(caddr_t key, u_int8_t *blk)
+{
+	BF_LONG t[2];
+
+	memcpy(t, blk, sizeof (t));
+	t[0] = ntohl(t[0]);
+	t[1] = ntohl(t[1]);
+	/* NB: BF_decrypt expects the block in host order! */
+	BF_decrypt(t, (BF_KEY *) key);
+	t[0] = htonl(t[0]);
+	t[1] = htonl(t[1]);
+	memcpy(blk, t, sizeof (t));
+}
+
+static int
+blf_setkey(u_int8_t **sched, u_int8_t *key, int len)
+{
+	int err;
+
+	*sched = malloc(sizeof(BF_KEY),
+		M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
+	if (*sched != NULL) {
+		BF_set_key((BF_KEY *) *sched, len, key);
+		err = 0;
+	} else
+		err = ENOMEM;
+	return err;
+}
+
+static void
+blf_zerokey(u_int8_t **sched)
+{
+	bzero(*sched, sizeof(BF_KEY));
+	free(*sched, M_CRYPTO_DATA);
+	*sched = NULL;
+}
+
+static void
+cast5_encrypt(caddr_t key, u_int8_t *blk)
+{
+	cast_encrypt((cast_key *) key, blk, blk);
+}
+
+static void
+cast5_decrypt(caddr_t key, u_int8_t *blk)
+{
+	cast_decrypt((cast_key *) key, blk, blk);
+}
+
+static int
+cast5_setkey(u_int8_t **sched, u_int8_t *key, int len)
+{
+	int err;
+
+	*sched = malloc(sizeof(cast_key), M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
+	if (*sched != NULL) {
+		cast_setkey((cast_key *)*sched, key, len);
+		err = 0;
+	} else
+		err = ENOMEM;
+	return err;
+}
+
+static void
+cast5_zerokey(u_int8_t **sched)
+{
+	bzero(*sched, sizeof(cast_key));
+	free(*sched, M_CRYPTO_DATA);
+	*sched = NULL;
+}
+
+static void
+skipjack_encrypt(caddr_t key, u_int8_t *blk)
+{
+	skipjack_forwards(blk, blk, (u_int8_t **) key);
+}
+
+static void
+skipjack_decrypt(caddr_t key, u_int8_t *blk)
+{
+	skipjack_backwards(blk, blk, (u_int8_t **) key);
+}
+
+static int
+skipjack_setkey(u_int8_t **sched, u_int8_t *key, int len)
+{
+	int err;
+
+	/* NB: allocate all the memory that's needed at once */
+	*sched = malloc(10 * (sizeof(u_int8_t *) + 0x100),
+		M_CRYPTO_DATA, M_NOWAIT|M_ZERO);
+	if (*sched != NULL) {
+		u_int8_t** key_tables = (u_int8_t**) *sched;
+		u_int8_t* table = (u_int8_t*) &key_tables[10];
+		int k;
+
+		for (k = 0; k < 10; k++) {
+			key_tables[k] = table;
+			table += 0x100;
+		}
+		subkey_table_gen(key, (u_int8_t **) *sched);
+		err = 0;
+	} else
+		err = ENOMEM;
+	return err;
+}
+
+static void
+skipjack_zerokey(u_int8_t **sched)
+{
+	bzero(*sched, 10 * (sizeof(u_int8_t *) + 0x100));
+	free(*sched, M_CRYPTO_DATA);
+	*sched = NULL;
+}
+
+static void
+rijndael128_encrypt(caddr_t key, u_int8_t *blk)
+{
+	rijndael_encrypt((rijndael_ctx *) key, (u_char *) blk, (u_char *) blk);
+}
+
+static void
+rijndael128_decrypt(caddr_t key, u_int8_t *blk)
+{
+	rijndael_decrypt(((rijndael_ctx *) key), (u_char *) blk,
+	    (u_char *) blk);
+}
+
+static int
+rijndael128_setkey(u_int8_t **sched, u_int8_t *key, int len)
+{
+	int err;
+
+	if (len != 16 && len != 24 && len != 32)
+		return (EINVAL);
+	*sched = malloc(sizeof(rijndael_ctx), M_CRYPTO_DATA,
+	    M_NOWAIT|M_ZERO);
+	if (*sched != NULL) {
+		rijndael_set_key((rijndael_ctx *) *sched, (u_char *) key,
+		    len * 8);
+		err = 0;
+	} else
+		err = ENOMEM;
+	return err;
+}
+
+static void
+rijndael128_zerokey(u_int8_t **sched)
+{
+	bzero(*sched, sizeof(rijndael_ctx));
+	free(*sched, M_CRYPTO_DATA);
+	*sched = NULL;
+}
+
+#define	AES_XTS_BLOCKSIZE	16
+#define	AES_XTS_IVSIZE		8
+#define	AES_XTS_ALPHA		0x87	/* GF(2^128) generator polynomial */
+
+struct aes_xts_ctx {
+	rijndael_ctx key1;
+	rijndael_ctx key2;
+	u_int8_t tweak[AES_XTS_BLOCKSIZE];
+};
+
+void
+aes_xts_reinit(caddr_t key, u_int8_t *iv)
+{
+	struct aes_xts_ctx *ctx = (struct aes_xts_ctx *)key;
+	u_int64_t blocknum;
+	u_int i;
+
+	/*
+	 * Prepare tweak as E_k2(IV). IV is specified as LE representation
+	 * of a 64-bit block number which we allow to be passed in directly.
+	 */
+	bcopy(iv, &blocknum, AES_XTS_IVSIZE);
+	for (i = 0; i < AES_XTS_IVSIZE; i++) {
+		ctx->tweak[i] = blocknum & 0xff;
+		blocknum >>= 8;
+	}
+	/* Last 64 bits of IV are always zero */
+	bzero(ctx->tweak + AES_XTS_IVSIZE, AES_XTS_IVSIZE);
+
+	rijndael_encrypt(&ctx->key2, ctx->tweak, ctx->tweak);
+}
+
+static void
+aes_xts_crypt(struct aes_xts_ctx *ctx, u_int8_t *data, u_int do_encrypt)
+{
+	u_int8_t block[AES_XTS_BLOCKSIZE];
+	u_int i, carry_in, carry_out;
+
+	for (i = 0; i < AES_XTS_BLOCKSIZE; i++)
+		block[i] = data[i] ^ ctx->tweak[i];
+
+	if (do_encrypt)
+		rijndael_encrypt(&ctx->key1, block, data);
+	else
+		rijndael_decrypt(&ctx->key1, block, data);
+
+	for (i = 0; i < AES_XTS_BLOCKSIZE; i++)
+		data[i] ^= ctx->tweak[i];
+
+	/* Exponentiate tweak */
+	carry_in = 0;
+	for (i = 0; i < AES_XTS_BLOCKSIZE; i++) {
+		carry_out = ctx->tweak[i] & 0x80;
+		ctx->tweak[i] = (ctx->tweak[i] << 1) | (carry_in ? 1 : 0);
+		carry_in = carry_out;
+	}
+	if (carry_in)
+		ctx->tweak[0] ^= AES_XTS_ALPHA;
+	bzero(block, sizeof(block));
+}
+
+void
+aes_xts_encrypt(caddr_t key, u_int8_t *data)
+{
+	aes_xts_crypt((struct aes_xts_ctx *)key, data, 1);
+}
+
+void
+aes_xts_decrypt(caddr_t key, u_int8_t *data)
+{
+	aes_xts_crypt((struct aes_xts_ctx *)key, data, 0);
+}
+
+int
+aes_xts_setkey(u_int8_t **sched, u_int8_t *key, int len)
+{
+	struct aes_xts_ctx *ctx;
+
+	if (len != 32 && len != 64)
+		return EINVAL;
+
+	*sched = malloc(sizeof(struct aes_xts_ctx), M_CRYPTO_DATA,
+	    M_NOWAIT | M_ZERO);
+	if (*sched == NULL)
+		return ENOMEM;
+	ctx = (struct aes_xts_ctx *)*sched;
+
+	rijndael_set_key(&ctx->key1, key, len * 4);
+	rijndael_set_key(&ctx->key2, key + (len / 2), len * 4);
+
+	return 0;
+}
+
+void
+aes_xts_zerokey(u_int8_t **sched)
+{
+	bzero(*sched, sizeof(struct aes_xts_ctx));
+	free(*sched, M_CRYPTO_DATA);
+	*sched = NULL;
+}
+
+static void
+cml_encrypt(caddr_t key, u_int8_t *blk)
+{
+	camellia_encrypt((camellia_ctx *) key, (u_char *) blk, (u_char *) blk);
+}
+
+static void
+cml_decrypt(caddr_t key, u_int8_t *blk)
+{
+	camellia_decrypt(((camellia_ctx *) key), (u_char *) blk,
+	    (u_char *) blk);
+}
+
+static int
+cml_setkey(u_int8_t **sched, u_int8_t *key, int len)
+{
+	int err;
+
+	if (len != 16 && len != 24 && len != 32)
+		return (EINVAL);
+	*sched = malloc(sizeof(camellia_ctx), M_CRYPTO_DATA,
+	    M_NOWAIT|M_ZERO);
+	if (*sched != NULL) {
+		camellia_set_key((camellia_ctx *) *sched, (u_char *) key,
+		    len * 8);
+		err = 0;
+	} else
+		err = ENOMEM;
+	return err;
+}
+
+static void
+cml_zerokey(u_int8_t **sched)
+{
+	bzero(*sched, sizeof(camellia_ctx));
+	free(*sched, M_CRYPTO_DATA);
+	*sched = NULL;
+}
+
+/*
+ * And now for auth.
+ */
+
+static void
+null_init(void *ctx)
+{
+}
+
+static int
+null_update(void *ctx, u_int8_t *buf, u_int16_t len)
+{
+	return 0;
+}
+
+static void
+null_final(u_int8_t *buf, void *ctx)
+{
+	if (buf != (u_int8_t *) 0)
+		bzero(buf, 12);
+}
+
+static int
+RMD160Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
+{
+	RMD160Update(ctx, buf, len);
+	return 0;
+}
+
+static int
+MD5Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
+{
+	MD5Update(ctx, buf, len);
+	return 0;
+}
+
+static void
+SHA1Init_int(void *ctx)
+{
+	SHA1Init(ctx);
+}
+
+static int
+SHA1Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
+{
+	SHA1Update(ctx, buf, len);
+	return 0;
+}
+
+static void
+SHA1Final_int(u_int8_t *blk, void *ctx)
+{
+	SHA1Final(blk, ctx);
+}
+
+static int
+SHA256Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
+{
+	SHA256_Update(ctx, buf, len);
+	return 0;
+}
+
+static int
+SHA384Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
+{
+	SHA384_Update(ctx, buf, len);
+	return 0;
+}
+
+static int
+SHA512Update_int(void *ctx, u_int8_t *buf, u_int16_t len)
+{
+	SHA512_Update(ctx, buf, len);
+	return 0;
+}
+
+/*
+ * And compression
+ */
+
+static u_int32_t
+deflate_compress(data, size, out)
+	u_int8_t *data;
+	u_int32_t size;
+	u_int8_t **out;
+{
+	return deflate_global(data, size, 0, out);
+}
+
+static u_int32_t
+deflate_decompress(data, size, out)
+	u_int8_t *data;
+	u_int32_t size;
+	u_int8_t **out;
+{
+	return deflate_global(data, size, 1, out);
+}

freebsd/opencrypto/xform.h

@@ -0,0 +1,104 @@
+/*	$FreeBSD$	*/
+/*	$OpenBSD: xform.h,v 1.8 2001/08/28 12:20:43 ben Exp $	*/
+
+/*-
+ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
+ *
+ * This code was written by Angelos D. Keromytis in Athens, Greece, in
+ * February 2000. Network Security Technologies Inc. (NSTI) kindly
+ * supported the development of this code.
+ *
+ * Copyright (c) 2000 Angelos D. Keromytis
+ *
+ * Permission to use, copy, and modify this software without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all source code copies of any software which is or includes a copy or
+ * modification of this software. 
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ */
+
+#ifndef _CRYPTO_XFORM_HH_
+#define _CRYPTO_XFORM_HH_
+
+#include <rtems/freebsd/sys/md5.h>
+#include <rtems/freebsd/crypto/sha1.h>
+#include <rtems/freebsd/crypto/sha2/sha2.h>
+#include <rtems/freebsd/opencrypto/rmd160.h>
+
+/* Declarations */
+struct auth_hash {
+	int type;
+	char *name;
+	u_int16_t keysize;
+	u_int16_t hashsize; 
+	u_int16_t blocksize;
+	u_int16_t ctxsize;
+	void (*Init) (void *);
+	int  (*Update) (void *, u_int8_t *, u_int16_t);
+	void (*Final) (u_int8_t *, void *);
+};
+
+#define	AH_ALEN_MAX	20	/* max authenticator hash length */
+
+struct enc_xform {
+	int type;
+	char *name;
+	u_int16_t blocksize;
+	u_int16_t minkey, maxkey;
+	void (*encrypt) (caddr_t, u_int8_t *);
+	void (*decrypt) (caddr_t, u_int8_t *);
+	int (*setkey) (u_int8_t **, u_int8_t *, int len);
+	void (*zerokey) (u_int8_t **);
+	void (*reinit) (caddr_t, u_int8_t *);
+};
+
+struct comp_algo {
+	int type;
+	char *name;
+	size_t minlen;
+	u_int32_t (*compress) (u_int8_t *, u_int32_t, u_int8_t **);
+	u_int32_t (*decompress) (u_int8_t *, u_int32_t, u_int8_t **);
+};
+
+union authctx {
+	MD5_CTX md5ctx;
+	SHA1_CTX sha1ctx;
+	RMD160_CTX rmd160ctx;
+	SHA256_CTX sha256ctx;
+	SHA384_CTX sha384ctx;
+	SHA512_CTX sha512ctx;
+};
+
+extern struct enc_xform enc_xform_null;
+extern struct enc_xform enc_xform_des;
+extern struct enc_xform enc_xform_3des;
+extern struct enc_xform enc_xform_blf;
+extern struct enc_xform enc_xform_cast5;
+extern struct enc_xform enc_xform_skipjack;
+extern struct enc_xform enc_xform_rijndael128;
+extern struct enc_xform enc_xform_aes_xts;
+extern struct enc_xform enc_xform_arc4;
+extern struct enc_xform enc_xform_camellia;
+
+extern struct auth_hash auth_hash_null;
+extern struct auth_hash auth_hash_key_md5;
+extern struct auth_hash auth_hash_key_sha1;
+extern struct auth_hash auth_hash_hmac_md5;
+extern struct auth_hash auth_hash_hmac_sha1;
+extern struct auth_hash auth_hash_hmac_ripemd_160;
+extern struct auth_hash auth_hash_hmac_sha2_256;
+extern struct auth_hash auth_hash_hmac_sha2_384;
+extern struct auth_hash auth_hash_hmac_sha2_512;
+
+extern struct comp_algo comp_algo_deflate;
+
+#ifdef _KERNEL
+#include <rtems/freebsd/sys/malloc.h>
+MALLOC_DECLARE(M_XDATA);
+#endif
+#endif /* _CRYPTO_XFORM_HH_ */