lib/nettle.c

   1 /* nettle.c   shishi crypto wrappers around nettle.
   2  * Copyright (C) 2002, 2003  Simon Josefsson
   3  *
   4  * This file is part of Shishi.
   5  *
   6  * Shishi is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 2 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * Shishi is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with Shishi; if not, write to the Free Software
  18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  19  *
  20  */
  21
  22 /* Note: This file is only built if Shishi uses Nettle. */
  23
  24 #include "internal.h"
  25
  26 #include "hmac.h"
  27 #include "des.h"
  28 #include "aes.h"
  29 #include "cbc.h"
  30 #include "cbc-cts.h"
  31 #include "cbc-mac.h"
  32
  33 int
  34 _shishi_crypto_init (void)
  35 {
  36   return SHISHI_OK;
  37 }
  38
  39 /**
  40  * shishi_randomize:
  41  * @handle: shishi handle as allocated by shishi_init().
  42  * @data: output array to be filled with random data.
  43  * @datalen: size of output array.
  44  *
  45  * Store cryptographically strong random data of given size in the
  46  * provided buffer.
  47  *
  48  * Return value: Returns %SHISHI_OK iff successful.
  49  **/
  50 int
  51 shishi_randomize (Shishi * handle, char *data, size_t datalen)
  52 {
  53   int fd;
  54   char *device;
  55   size_t len = 0;
  56   int rc;
  57
  58   device = "/dev/random";
  59
  60   fd = open (device, O_RDONLY);
  61   if (fd < 0)
  62     {
  63       shishi_error_printf (handle, "Could not open random device: %s",
  64                            strerror (errno));
  65       return SHISHI_FILE_ERROR;
  66     }
  67
  68   do
  69     {
  70       ssize_t tmp;
  71
  72       tmp = read (fd, data, datalen);
  73
  74       if (tmp < 0)
  75         {
  76           shishi_error_printf (handle, "Could not read from random device: %s",
  77                                strerror (errno));
  78           return SHISHI_FILE_ERROR;
  79         }
  80
  81       len += tmp;
  82
  83       if (len < datalen)
  84         shishi_error_printf (handle, "Short read from random device: %d < %d",
  85                              len, datalen);
  86     }
  87   while (len < datalen);
  88
  89   rc = close (fd);
  90   if (rc < 0)
  91     shishi_warn (handle, "Could not close random device: %s",
  92                  strerror (errno));
  93
  94   return SHISHI_OK;
  95 }
  96
  97 /**
  98  * shishi_md4:
  99  * @handle: shishi handle as allocated by shishi_init().
 100  * @in: input character array of data to hash.
 101  * @inlen: length of input character array of data to hash.
 102  * @out: newly allocated character array with hash of data.
 103  *
 104  * Compute hash of data using MD4.
 105  *
 106  * Return value: Returns SHISHI_OK iff successful.
 107  **/
 108 int
 109 shishi_md4 (Shishi * handle,
 110             const char *in, size_t inlen,
 111             char *out[MD4_DIGEST_SIZE])
 112 {
 113   struct md4_ctx md4;
 114
 115   md4_init (&md4);
 116   md4_update (&md4, inlen, in);
 117   *out = xmalloc (MD4_DIGEST_SIZE);
 118   md4_digest (&md4, MD4_DIGEST_SIZE, *out);
 119
 120   return SHISHI_OK;
 121 }
 122
 123 /**
 124  * shishi_md5:
 125  * @handle: shishi handle as allocated by shishi_init().
 126  * @in: input character array of data to hash.
 127  * @inlen: length of input character array of data to hash.
 128  * @out: newly allocated character array with hash of data.
 129  *
 130  * Compute hash of data using MD5.
 131  *
 132  * Return value: Returns SHISHI_OK iff successful.
 133  **/
 134 int
 135 shishi_md5 (Shishi * handle,
 136             const char *in, size_t inlen,
 137             char *out[MD5_DIGEST_SIZE])
 138 {
 139   struct md5_ctx md5;
 140
 141   md5_init (&md5);
 142   md5_update (&md5, inlen, in);
 143   *out = xmalloc (MD5_DIGEST_SIZE);
 144   md5_digest (&md5, MD5_DIGEST_SIZE, *out);
 145
 146   return SHISHI_OK;
 147 }
 148
 149 /**
 150  * shishi_hmac_sha1:
 151  * @handle: shishi handle as allocated by shishi_init().
 152  * @key: input character array with key to use.
 153  * @keylen: length of input character array with key to use.
 154  * @in: input character array of data to hash.
 155  * @inlen: length of input character array of data to hash.
 156  * @outhash: newly allocated character array with keyed hash of data.
 157  *
 158  * Compute keyed checksum of data using HMAC-SHA1
 159  *
 160  * Return value: Returns SHISHI_OK iff successful.
 161  **/
 162 int
 163 shishi_hmac_sha1 (Shishi * handle,
 164                   const char *key, size_t keylen,
 165                   const char *in, size_t inlen,
 166                   char *outhash[SHA1_DIGEST_SIZE])
 167 {
 168   struct hmac_sha1_ctx ctx;
 169
 170   hmac_sha1_set_key (&ctx, keylen, key);
 171   hmac_sha1_update (&ctx, inlen, in);
 172   *outhash = xmalloc (SHA1_DIGEST_SIZE);
 173   hmac_sha1_digest (&ctx, SHA1_DIGEST_SIZE, *outhash);
 174
 175   return SHISHI_OK;
 176 }
 177
 178 /**
 179  * shishi_des_cbc_mac:
 180  * @handle: shishi handle as allocated by shishi_init().
 181  * @key: input character array with key to use.
 182  * @iv: input character array with initialization vector to use, can be NULL.
 183  * @in: input character array of data to hash.
 184  * @inlen: length of input character array of data to hash.
 185  * @out: newly allocated character array with keyed hash of data.
 186  *
 187  * Computed keyed checksum of data using DES-CBC-MAC.
 188  *
 189  * Return value: Returns SHISHI_OK iff successful.
 190  **/
 191 int
 192 shishi_des_cbc_mac (Shishi * handle,
 193                     const char key[DES_KEY_SIZE],
 194                     const char iv[DES_BLOCK_SIZE],
 195                     const char *in, size_t inlen,
 196                     char *out[DES_BLOCK_SIZE])
 197 {
 198   struct CBC_MAC_CTX (struct des_ctx, DES_BLOCK_SIZE) des;
 199   int rc;
 200
 201   rc = des_set_key (&des.ctx, key);
 202   if (!rc)
 203     {
 204       shishi_error_printf (handle, "Nettle des_set_key() failed (%d)", rc);
 205       return SHISHI_CRYPTO_INTERNAL_ERROR;
 206     }
 207
 208   if (iv)
 209     CBC_SET_IV (&des, iv);
 210   else
 211     memset (des.iv, 0, DES_BLOCK_SIZE);
 212
 213   *out = xmalloc (DES_BLOCK_SIZE);
 214
 215   CBC_MAC (&des, des_encrypt, inlen, *out, in);
 216
 217   return SHISHI_OK;
 218 }
 219
 220 /**
 221  * shishi_des:
 222  * @handle: shishi handle as allocated by shishi_init().
 223  * @decryptp: 0 to indicate encryption, non-0 to indicate decryption.
 224  * @key: input character array with key to use.
 225  * @iv: input character array with initialization vector to use, or NULL.
 226  * @ivout: output character array with updated initialization vector, or NULL.
 227  * @in: input character array of data to encrypt/decrypt.
 228  * @inlen: length of input character array of data to encrypt/decrypt.
 229  * @out: newly allocated character array with encrypted/decrypted data.
 230  *
 231  * Encrypt or decrypt data (depending on DECRYPTP) using DES in CBC mode.
 232  *
 233  * Return value: Returns SHISHI_OK iff successful.
 234  **/
 235 int
 236 shishi_des (Shishi * handle, int decryptp,
 237             const char key[DES_KEY_SIZE],
 238             const char iv[DES_BLOCK_SIZE],
 239             char *ivout[DES_BLOCK_SIZE],
 240             const char *in, size_t inlen,
 241             char **out)
 242 {
 243   struct CBC_CTX (struct des_ctx, DES_BLOCK_SIZE) des;
 244   int rc;
 245
 246   *out = xmalloc (inlen);
 247
 248   rc = des_set_key (&des.ctx, key);
 249   if (!rc)
 250     {
 251       shishi_error_printf (handle, "Nettle setkey failed");
 252       return SHISHI_CRYPTO_INTERNAL_ERROR;
 253     }
 254
 255   if (iv)
 256     CBC_SET_IV (&des, iv);
 257   else
 258     memset (des.iv, 0, sizeof (des.iv));
 259
 260   if (decryptp)
 261     CBC_DECRYPT (&des, des_decrypt, inlen, *out, in);
 262   else
 263     CBC_ENCRYPT (&des, des_encrypt, inlen, *out, in);
 264
 265   if (ivout)
 266     *ivout = xmemdup (des.iv, DES_BLOCK_SIZE);
 267
 268   return SHISHI_OK;
 269 }
 270
 271 /**
 272  * shishi_3des:
 273  * @handle: shishi handle as allocated by shishi_init().
 274  * @decryptp: 0 to indicate encryption, non-0 to indicate decryption.
 275  * @key: input character array with key to use.
 276  * @iv: input character array with initialization vector to use, or NULL.
 277  * @ivout: output character array with updated initialization vector, or NULL.
 278  * @in: input character array of data to encrypt/decrypt.
 279  * @inlen: length of input character array of data to encrypt/decrypt.
 280  * @out: newly allocated character array with encrypted/decrypted data.
 281  *
 282  * Encrypt or decrypt data (depending on DECRYPTP) using 3DES in CBC mode.
 283  *
 284  * Return value: Returns SHISHI_OK iff successful.
 285  **/
 286 int
 287 shishi_3des (Shishi * handle, int decryptp,
 288              const char key[DES3_KEY_SIZE],
 289              const char iv[DES3_BLOCK_SIZE],
 290              char *ivout[DES3_BLOCK_SIZE],
 291              const char *in, size_t inlen,
 292              char **out)
 293 {
 294   struct CBC_CTX (struct des3_ctx, DES3_BLOCK_SIZE) des3;
 295   int rc;
 296
 297   *out = xmalloc (inlen);
 298
 299   rc = des3_set_key (&des3.ctx, key);
 300   if (!rc)
 301     {
 302       shishi_error_printf (handle, "Nettle setkey failed");
 303       return SHISHI_CRYPTO_INTERNAL_ERROR;
 304     }
 305
 306   if (iv)
 307     CBC_SET_IV (&des3, iv);
 308   else
 309     memset (des3.iv, 0, sizeof (des3.iv));
 310
 311   if (decryptp)
 312     CBC_DECRYPT (&des3, des3_decrypt, inlen, *out, in);
 313   else
 314     CBC_ENCRYPT (&des3, des3_encrypt, inlen, *out, in);
 315
 316   if (ivout)
 317     *ivout = xmemdup (des3.iv, DES3_BLOCK_SIZE);
 318
 319   return SHISHI_OK;
 320 }
 321
 322 /**
 323  * shishi_aes_cts:
 324  * @handle: shishi handle as allocated by shishi_init().
 325  * @decryptp: 0 to indicate encryption, non-0 to indicate decryption.
 326  * @key: input character array with key to use.
 327  * @keylen: length of input character array with key to use.
 328  * @iv: input character array with initialization vector to use, or NULL.
 329  * @ivout: output character array with updated initialization vector, or NULL.
 330  * @in: input character array of data to encrypt/decrypt.
 331  * @inlen: length of input character array of data to encrypt/decrypt.
 332  * @out: newly allocated character array with encrypted/decrypted data.
 333  *
 334  * Encrypt or decrypt data (depending on DECRYPTP) using AES in
 335  * CBC-CTS mode.  The length of the key decide if AES 128 or AES 256
 336  * should be used.
 337  *
 338  * Return value: Returns SHISHI_OK iff successful.
 339  **/
 340 int
 341 shishi_aes_cts (Shishi * handle, int decryptp,
 342                 const char *key, size_t keylen,
 343                 const char iv[AES_BLOCK_SIZE],
 344                 char *ivout[AES_BLOCK_SIZE],
 345                 const char *in, size_t inlen,
 346                 char **out)
 347 {
 348   struct CBC_CTS_CTX (struct aes_ctx, AES_BLOCK_SIZE) aes;
 349
 350   *out = xmalloc (inlen);
 351
 352
 353   if (iv)
 354     CBC_SET_IV (&aes, iv);
 355   else
 356     memset (aes.iv, 0, sizeof (aes.iv));
 357
 358   if (decryptp)
 359     {
 360       aes_set_decrypt_key (&aes.ctx, keylen, key);
 361       CBC_CTS_DECRYPT (&aes, aes_decrypt, inlen, *out, in);
 362     }
 363   else
 364     {
 365       aes_set_encrypt_key (&aes.ctx, keylen, key);
 366       CBC_CTS_ENCRYPT (&aes, aes_encrypt, inlen, *out, in);
 367     }
 368
 369   if (ivout)
 370     /* XXX what is the output iv for CBC-CTS mode?
 371        but is this value useful at all for that mode anyway?
 372        Mostly it is DES apps that want the updated iv, so this is ok. */
 373     *ivout = xmemdup (aes.iv, AES_BLOCK_SIZE);
 374
 375   return SHISHI_OK;
 376 }