keyexchange/isakmpd-20041012/crypto.h

   1 /* $OpenBSD: crypto.h,v 1.14 2004/05/14 08:42:56 hshoexer Exp $  */
   2 /* $EOM: crypto.h,v 1.12 2000/10/15 21:56:41 niklas Exp $        */
   3
   4 /*
   5  * Copyright (c) 1998 Niels Provos.  All rights reserved.
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted provided that the following conditions
   9  * are met:
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  18  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  19  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  21  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  22  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  23  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  25  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26  */
  27
  28 /*
  29  * This code was written under funding by Ericsson Radio Systems.
  30  */
  31
  32 #ifndef _CRYPTO_H_
  33 #define _CRYPTO_H_
  34
  35 #if defined (__APPLE__)
  36
  37 #include <openssl/des.h>
  38 #ifdef USE_BLOWFISH
  39 #include <openssl/blowfish.h>
  40 #endif
  41 #ifdef USE_CAST
  42 #include <openssl/cast.h>
  43 #endif
  44
  45 #else
  46
  47 #include <des.h>
  48 #ifdef USE_BLOWFISH
  49 #include <blf.h>
  50 #endif
  51 #ifdef USE_CAST
  52 #include <cast.h>
  53 #endif
  54
  55 #endif                          /* __APPLE__ */
  56
  57 #ifdef USE_AES
  58 #include <openssl/aes.h>
  59 #endif
  60
  61 #define USE_32BIT
  62 #if defined (USE_64BIT)
  63
  64 #define XOR64(x,y) *(u_int64_t *)(x) ^= *(u_int64_t *)(y);
  65 #define SET64(x,y) *(u_int64_t *)(x) = *(u_int64_t *)(y);
  66
  67 #elif defined (USE_32BIT)
  68
  69 #define XOR64(x,y) *(u_int32_t *)(x) ^= *(u_int32_t *)(y); \
  70    *(u_int32_t *)((u_int8_t *)(x) + 4) ^= *(u_int32_t *)((u_int8_t *)(y) + 4);
  71 #define SET64(x,y) *(u_int32_t *)(x) = *(u_int32_t *)(y); \
  72    *(u_int32_t *)((u_int8_t *)(x) + 4) = *(u_int32_t *)((u_int8_t *)(y) + 4);
  73
  74 #else
  75
  76 #define XOR8(x,y,i) (x)[i] ^= (y)[i];
  77 #define XOR64(x,y) XOR8(x,y,0); XOR8(x,y,1); XOR8(x,y,2); XOR8(x,y,3); \
  78    XOR8(x,y,4); XOR8(x,y,5); XOR8(x,y,6); XOR8(x,y,7);
  79 #define SET8(x,y,i) (x)[i] = (y)[i];
  80 #define SET64(x,y) SET8(x,y,0); SET8(x,y,1); SET8(x,y,2); SET8(x,y,3); \
  81    SET8(x,y,4); SET8(x,y,5); SET8(x,y,6); SET8(x,y,7);
  82
  83 #endif                          /* USE_64BIT */
  84
  85 #define SET_32BIT_BIG(x,y) (x)[3]= (y); (x)[2]= (y) >> 8; \
  86     (x)[1] = (y) >> 16; (x)[0]= (y) >> 24;
  87 #define GET_32BIT_BIG(x) (u_int32_t)(x)[3] | ((u_int32_t)(x)[2] << 8) | \
  88     ((u_int32_t)(x)[1] << 16)| ((u_int32_t)(x)[0] << 24);
  89
  90 /*
  91  * This is standard for all block ciphers we use at the moment.
  92  * Keep MAXBLK uptodate.
  93  */
  94 #define BLOCKSIZE       8
  95
  96 #ifdef USE_AES
  97 #define MAXBLK          AES_BLOCK_SIZE
  98 #else
  99 #define MAXBLK          BLOCKSIZE
 100 #endif
 101
 102 struct keystate {
 103         struct crypto_xf *xf;   /* Back pointer */
 104         u_int16_t       ebytes; /* Number of encrypted bytes */
 105         u_int16_t       dbytes; /* Number of decrypted bytes */
 106         time_t          life;   /* Creation time */
 107         u_int8_t        iv[MAXBLK];     /* Next IV to use */
 108         u_int8_t        iv2[MAXBLK];
 109         u_int8_t       *riv, *liv;
 110         union {
 111                 des_key_schedule desks[3];
 112 #ifdef USE_BLOWFISH
 113                 blf_ctx         blfks;
 114 #endif
 115 #ifdef USE_CAST
 116                 cast_key        castks;
 117 #endif
 118 #ifdef USE_AES
 119                 AES_KEY         aesks[2];
 120 #endif
 121         }               keydata;
 122 };
 123
 124 #define ks_des  keydata.desks
 125 #define ks_blf  keydata.blfks
 126 #define ks_cast keydata.castks
 127 #define ks_aes  keydata.aesks
 128
 129 /*
 130  * Information about the cryptotransform.
 131  *
 132  * XXX - In regards to the IV (Initialization Vector) the drafts are
 133  * completly fucked up and specify a MUST as how it is derived, so
 134  * we also have to provide for that. I just don't know where.
 135  * Furthermore is this enum needed at all?  It seems to be Oakley IDs
 136  * only anyhow, and we already have defines for that in ipsec_doi.h.
 137  */
 138 enum transform {
 139         DES_CBC = 1,            /* This is a MUST */
 140         IDEA_CBC = 2,           /* Licensed, DONT use */
 141         BLOWFISH_CBC = 3,
 142         RC5_R16_B64_CBC = 4,    /* Licensed, DONT use */
 143         TRIPLEDES_CBC = 5,      /* This is a SHOULD */
 144         CAST_CBC = 6,
 145         AES_CBC = 7
 146 };
 147
 148 enum cryptoerr {
 149         EOKAY,                  /* No error */
 150         ENOCRYPTO,              /* A none crypto related error, see errno */
 151         EWEAKKEY,               /* A weak key was found in key setup */
 152         EKEYLEN                 /* The key length was invalid for the cipher */
 153 };
 154
 155 struct crypto_xf {
 156         enum transform  id;     /* Oakley ID */
 157         char           *name;   /* Transform Name */
 158         u_int16_t       keymin, keymax; /* Possible Keying Bytes */
 159         u_int16_t       blocksize;      /* Need to keep IV in the state */
 160         struct keystate *state; /* Key information, can also be passed sep. */
 161         enum cryptoerr  (*init)(struct keystate *, u_int8_t *, u_int16_t);
 162         void            (*encrypt)(struct keystate *, u_int8_t *, u_int16_t);
 163         void            (*decrypt)(struct keystate *, u_int8_t *, u_int16_t);
 164 };
 165
 166 extern struct keystate *crypto_clone_keystate(struct keystate *);
 167 extern void     crypto_decrypt(struct keystate *, u_int8_t *, u_int16_t);
 168 extern void     crypto_encrypt(struct keystate *, u_int8_t *, u_int16_t);
 169 extern struct crypto_xf *crypto_get(enum transform);
 170 extern struct keystate *crypto_init(struct crypto_xf *, u_int8_t *, u_int16_t,
 171                     enum cryptoerr *);
 172 extern void     crypto_init_iv(struct keystate *, u_int8_t *, size_t);
 173 extern void     crypto_update_iv(struct keystate *);
 174
 175 #endif                          /* _CRYPTO_H_ */