1 /* crypto.c --- Crypto functions.
2 * Copyright (C) 2002, 2003, 2004, 2005, 2006 Simon Josefsson
4 * This file is part of Shishi.
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
27 /* Get _shishi_escapeprint, etc. */
36 return gcd (b
, a
% b
);
42 return a
* b
/ gcd (a
, b
);
46 rot13 (Shishi
* handle
, char *in
, char *out
, int len
)
48 if (VERBOSECRYPTONOISE (handle
))
50 printf ("\t ;; rot 13 in:\n");
51 _shishi_escapeprint (in
, len
);
52 _shishi_hexprint (in
, len
);
53 _shishi_binprint (in
, len
);
59 ((in
[0] >> 5) & 0x01) |
60 ((in
[0] >> 5) & 0x02) |
61 ((in
[0] >> 5) & 0x04) |
62 ((in
[0] << 3) & 0x08) |
63 ((in
[0] << 3) & 0x10) |
64 ((in
[0] << 3) & 0x20) | ((in
[0] << 3) & 0x40) | ((in
[0] << 3) & 0x80);
68 char nexttolast
, last
;
71 nexttolast
= in
[len
- 2];
74 for (i
= len
* 8 - 1; i
>= 13; i
--)
77 char mask
= ~(1 << (7 - i
% 8));
78 int pos2
= (i
- 13) / 8;
79 char mask2
= (1 << (7 - (i
- 13) % 8));
81 out
[pos
] = (out
[pos
] & mask
) |
82 (((in
[pos2
] & mask2
) ? 0xFF : 0x00) & ~mask
);
84 out
[0] = ((nexttolast
& 0xFF) << 3) | ((last
& 0xFF) >> 5);
85 out
[1] = (in
[1] & ~(0xFF & (0xFF << 3))) | (0xFF & (last
<< 3));
88 if (VERBOSECRYPTONOISE (handle
))
90 printf ("\t ;; rot13 out:\n");
91 _shishi_escapeprint (out
, len
);
92 _shishi_hexprint (out
, len
);
93 _shishi_binprint (out
, len
);
98 ocadd (char *add1
, char *add2
, char *sum
, int len
)
103 for (i
= len
- 1; i
>= 0; i
--)
105 int tmpsum
= (unsigned char) add1
[i
] + (unsigned char) add2
[i
];
107 sum
[i
] = (tmpsum
+ carry
) & 0xFF;
108 if (tmpsum
+ carry
> 0xFF)
118 for (i
= len
- 1; i
>= 0; i
--)
119 if ((unsigned char) sum
[i
] != 0xFF)
127 memset (sum
, 0, len
);
132 simplified_hmac (Shishi
* handle
,
134 const char *in
, size_t inlen
,
135 char **outhash
, size_t * outhashlen
)
137 *outhashlen
= shishi_checksum_cksumlen
138 (shishi_cipher_defaultcksumtype (shishi_key_type (key
)));
139 return shishi_hmac_sha1 (handle
, shishi_key_value (key
),
140 shishi_key_length (key
), in
, inlen
, outhash
);
144 simplified_hmac_verify (Shishi
* handle
, Shishi_key
* key
,
145 const char *in
, size_t inlen
,
146 const char *hmac
, size_t hmaclen
)
153 res
= simplified_hmac (handle
, key
, in
, inlen
, &hash
, &hlen
);
154 if (res
!= SHISHI_OK
|| hash
== NULL
)
157 if (VERBOSECRYPTO (handle
))
159 printf ("\t ;; HMAC verify:\n");
160 _shishi_escapeprint (hash
, hlen
);
161 _shishi_hexprint (hash
, hlen
);
162 _shishi_binprint (hash
, hlen
);
163 _shishi_escapeprint (hmac
, hmaclen
);
164 _shishi_hexprint (hmac
, hmaclen
);
165 _shishi_binprint (hmac
, hmaclen
);
168 same
= (hlen
== hmaclen
) && memcmp (hash
, hmac
, hmaclen
) == 0;
174 shishi_error_printf (handle
, "HMAC verify failed");
175 return SHISHI_CRYPTO_ERROR
;
182 _shishi_simplified_derivekey (Shishi
* handle
,
185 int derivekeymode
, Shishi_key
** outkey
)
189 Shishi_key
*derivedkey
;
191 if (VERBOSECRYPTO (handle
))
193 printf ("simplified_derivekey\n");
194 printf ("\t ;; mode %d (%s)\n", derivekeymode
,
195 derivekeymode
== SHISHI_DERIVEKEYMODE_CHECKSUM
? "checksum" :
196 derivekeymode
== SHISHI_DERIVEKEYMODE_INTEGRITY
? "integrity" :
197 derivekeymode
== SHISHI_DERIVEKEYMODE_PRIVACY
? "privacy" :
199 _shishi_hexprint (shishi_key_value (key
), shishi_key_length (key
));
203 res
= shishi_key_from_value (handle
, shishi_key_type (key
),
205 if (res
!= SHISHI_OK
)
208 *outkey
= derivedkey
;
212 uint32_t tmp
= htonl (keyusage
);
213 memcpy (prfconstant
, &tmp
, 4);
214 if (derivekeymode
== SHISHI_DERIVEKEYMODE_CHECKSUM
)
215 prfconstant
[4] = '\x99';
216 else if (derivekeymode
== SHISHI_DERIVEKEYMODE_INTEGRITY
)
217 prfconstant
[4] = '\x55';
218 else /* if (derivekeymode == SHISHI_DERIVEKEYMODE_PRIVACY) */
219 prfconstant
[4] = '\xAA';
221 res
= shishi_dk (handle
, key
, prfconstant
, 5, derivedkey
);
225 shishi_key_copy (derivedkey
, key
);
228 if (VERBOSECRYPTO (handle
))
230 printf ("\t ;; simplified_derivekey out (%d):\n",
231 shishi_key_length (derivedkey
));
232 _shishi_hexprint (shishi_key_value (derivedkey
),
233 shishi_key_length (derivedkey
));
240 _shishi_simplified_dencrypt (Shishi
* handle
,
242 const char *iv
, size_t ivlen
,
243 char **ivout
, size_t * ivoutlen
,
244 const char *in
, size_t inlen
,
245 char **out
, size_t * outlen
, int decryptp
)
250 size_t padzerolen
= 0;
252 if ((inlen
% 8) != 0)
253 while (((inlen
+ padzerolen
) % 8) != 0)
256 ptlen
= inlen
+ padzerolen
;
260 pt
= xmalloc (ptlen
);
261 memcpy (pt
, in
, inlen
);
262 memset (pt
+ inlen
, 0, padzerolen
);
267 switch (shishi_key_type (key
))
269 case SHISHI_DES_CBC_CRC
:
270 case SHISHI_DES_CBC_MD4
:
271 case SHISHI_DES_CBC_MD5
:
272 case SHISHI_DES_CBC_NONE
:
273 rc
= shishi_des (handle
, decryptp
, shishi_key_value (key
),
274 iv
, ivout
, pt
, ptlen
, out
);
281 case SHISHI_DES3_CBC_HMAC_SHA1_KD
:
282 case SHISHI_DES3_CBC_NONE
:
283 rc
= shishi_3des (handle
, decryptp
, shishi_key_value (key
),
284 iv
, ivout
, pt
, inlen
+ padzerolen
, out
);
291 case SHISHI_AES128_CTS_HMAC_SHA1_96
:
292 case SHISHI_AES256_CTS_HMAC_SHA1_96
:
293 rc
= shishi_aes_cts (handle
, decryptp
,
294 shishi_key_value (key
), shishi_key_length (key
),
295 iv
, ivout
, in
, inlen
, out
);
303 rc
= SHISHI_CRYPTO_ERROR
;
313 _shishi_simplified_encrypt (Shishi
* handle
,
316 const char *iv
, size_t ivlen
,
317 char **ivout
, size_t * ivoutlen
,
318 const char *in
, size_t inlen
,
319 char **out
, size_t * outlen
)
324 if ((shishi_key_type (key
) == SHISHI_DES3_CBC_HMAC_SHA1_KD
||
325 shishi_key_type (key
) == SHISHI_DES_CBC_CRC
||
326 shishi_key_type (key
) == SHISHI_DES_CBC_MD4
||
327 shishi_key_type (key
) == SHISHI_DES_CBC_MD5
) && (inlen
% 8) != 0)
328 while (((inlen
+ padzerolen
) % 8) != 0)
333 char *pt
= NULL
, *ct
= NULL
, *hmac
= NULL
;
334 int blen
= shishi_cipher_blocksize (shishi_key_type (key
));
335 size_t ctlen
, ptlen
, hmaclen
;
336 Shishi_key
*privacykey
= NULL
, *integritykey
= NULL
;
338 ptlen
= inlen
+ blen
+ padzerolen
;
339 pt
= xmalloc (ptlen
);
341 res
= shishi_randomize (handle
, 0, pt
, blen
);
342 if (res
!= SHISHI_OK
)
345 memcpy (pt
+ blen
, in
, inlen
);
346 memset (pt
+ blen
+ inlen
, 0, padzerolen
);
348 res
= _shishi_simplified_derivekey (handle
, key
, keyusage
,
349 SHISHI_DERIVEKEYMODE_PRIVACY
,
351 if (res
!= SHISHI_OK
)
354 res
= _shishi_simplified_dencrypt (handle
, privacykey
,
356 ivoutlen
, pt
, ptlen
, &ct
, &ctlen
, 0);
357 if (res
!= SHISHI_OK
)
361 res
= _shishi_simplified_derivekey (handle
, key
, keyusage
,
362 SHISHI_DERIVEKEYMODE_INTEGRITY
,
364 if (res
!= SHISHI_OK
)
367 res
= simplified_hmac (handle
, integritykey
, pt
, ptlen
,
369 if (res
!= SHISHI_OK
)
372 *outlen
= ctlen
+ hmaclen
;
373 *out
= xmalloc (*outlen
);
374 memcpy (*out
, ct
, ctlen
);
375 memcpy (*out
+ ctlen
, hmac
, hmaclen
);
379 shishi_key_done (privacykey
);
381 shishi_key_done (integritykey
);
391 res
= _shishi_simplified_dencrypt (handle
, key
, iv
, ivlen
,
393 in
, inlen
, out
, outlen
, 0);
400 _shishi_simplified_decrypt (Shishi
* handle
,
403 const char *iv
, size_t ivlen
,
404 char **ivout
, size_t * ivoutlen
,
405 const char *in
, size_t inlen
,
406 char **out
, size_t * outlen
)
412 Shishi_key
*privacykey
= NULL
, *integritykey
= NULL
;
413 int blen
= shishi_cipher_blocksize (shishi_key_type (key
));
414 size_t hlen
= shishi_checksum_cksumlen
415 (shishi_cipher_defaultcksumtype (shishi_key_type (key
)));
417 res
= _shishi_simplified_derivekey (handle
, key
, keyusage
,
418 SHISHI_DERIVEKEYMODE_PRIVACY
,
420 if (res
!= SHISHI_OK
)
423 res
= _shishi_simplified_dencrypt (handle
, privacykey
,
424 iv
, ivlen
, ivout
, ivoutlen
,
425 in
, inlen
- hlen
, out
, outlen
, 1);
426 if (res
!= SHISHI_OK
)
429 res
= _shishi_simplified_derivekey (handle
, key
, keyusage
,
430 SHISHI_DERIVEKEYMODE_INTEGRITY
,
432 if (res
!= SHISHI_OK
)
435 res
= simplified_hmac_verify (handle
, integritykey
, *out
, *outlen
,
436 in
+ inlen
- hlen
, hlen
);
438 if (res
!= SHISHI_OK
)
441 memmove (*out
, *out
+ blen
, *outlen
- blen
);
442 *outlen
= *outlen
- blen
;
443 *out
= xrealloc (*out
, *outlen
);
447 shishi_key_done (privacykey
);
449 shishi_key_done (integritykey
);
453 res
= _shishi_simplified_dencrypt (handle
, key
, iv
, ivlen
,
455 in
, inlen
, out
, outlen
, 1);
462 _shishi_simplified_checksum (Shishi
* handle
,
466 const char *in
, size_t inlen
,
467 char **out
, size_t * outlen
)
469 Shishi_key
*checksumkey
;
470 int cksumlen
= shishi_checksum_cksumlen (cksumtype
);
473 res
= _shishi_simplified_derivekey (handle
, key
, keyusage
,
474 SHISHI_DERIVEKEYMODE_CHECKSUM
,
476 if (res
!= SHISHI_OK
)
479 res
= simplified_hmac (handle
, checksumkey
, in
, inlen
, out
, outlen
);
481 shishi_key_done (checksumkey
);
483 if (res
!= SHISHI_OK
)
491 static cipherinfo
*ciphers
[] = {
503 &des3_cbc_sha1_kd_info
,
506 &aes128_cts_hmac_sha1_96_info
,
507 &aes256_cts_hmac_sha1_96_info
,
511 &arcfour_hmac_exp_info
516 * shishi_cipher_supported_p:
517 * @type: encryption type, see Shishi_etype.
519 * Find out if cipher is supported.
521 * Return value: Return 0 iff cipher is unsupported.
524 shishi_cipher_supported_p (int32_t type
)
528 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
529 if (type
== ciphers
[i
]->type
)
536 * shishi_cipher_name:
537 * @type: encryption type, see Shishi_etype.
539 * Read humanly readable string for cipher.
541 * Return value: Return name of encryption type,
542 * e.g. "des3-cbc-sha1-kd", as defined in the standards.
545 shishi_cipher_name (int32_t type
)
550 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
552 if (type
== ciphers
[i
]->type
)
553 return ciphers
[i
]->name
;
556 asprintf (&p
, "unknown cipher %d", type
);
561 * shishi_cipher_blocksize:
562 * @type: encryption type, see Shishi_etype.
564 * Get block size for cipher.
566 * Return value: Return block size for encryption type, as defined in
570 shishi_cipher_blocksize (int32_t type
)
574 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
575 if (type
== ciphers
[i
]->type
)
576 return ciphers
[i
]->blocksize
;
582 * shishi_cipher_confoundersize:
583 * @type: encryption type, see Shishi_etype.
585 * Get length of confounder for cipher.
587 * Return value: Returns the size of the confounder (random data) for
588 * encryption type, as defined in the standards.
591 shishi_cipher_confoundersize (int32_t type
)
595 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
596 if (type
== ciphers
[i
]->type
)
597 return ciphers
[i
]->confoundersize
;
603 * shishi_cipher_keylen:
604 * @type: encryption type, see Shishi_etype.
606 * Get key length for cipher.
608 * Return value: Return length of key used for the encryption type, as
609 * defined in the standards.
612 shishi_cipher_keylen (int32_t type
)
616 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
617 if (type
== ciphers
[i
]->type
)
618 return ciphers
[i
]->keylen
;
624 * shishi_cipher_randomlen:
625 * @type: encryption type, see Shishi_etype.
627 * Get length of random data for cipher.
629 * Return value: Return length of random used for the encryption type,
630 * as defined in the standards.
633 shishi_cipher_randomlen (int32_t type
)
637 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
638 if (type
== ciphers
[i
]->type
)
639 return ciphers
[i
]->randomlen
;
645 * shishi_cipher_defaultcksumtype:
646 * @type: encryption type, see Shishi_etype.
648 * Get the default checksum associated with cipher.
650 * Return value: Return associated checksum mechanism for the
651 * encryption type, as defined in the standards.
654 shishi_cipher_defaultcksumtype (int32_t type
)
658 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
659 if (type
== ciphers
[i
]->type
)
660 return ciphers
[i
]->defaultcksumtype
;
665 struct Cipher_aliases
671 static struct Cipher_aliases cipher_aliases
[] = {
672 {"des-crc", SHISHI_DES_CBC_CRC
},
673 {"des-md4", SHISHI_DES_CBC_MD4
},
674 {"des-md5", SHISHI_DES_CBC_MD5
},
675 {"des", SHISHI_DES_CBC_MD5
},
676 {"des3", SHISHI_DES3_CBC_HMAC_SHA1_KD
},
677 {"3des", SHISHI_DES3_CBC_HMAC_SHA1_KD
},
678 {"aes128", SHISHI_AES128_CTS_HMAC_SHA1_96
},
679 {"aes256", SHISHI_AES256_CTS_HMAC_SHA1_96
},
680 {"aes", SHISHI_AES256_CTS_HMAC_SHA1_96
},
681 {"arcfour", SHISHI_ARCFOUR_HMAC
}
685 * shishi_cipher_parse:
686 * @cipher: name of encryption type, e.g. "des3-cbc-sha1-kd".
688 * Get cipher number by parsing string.
690 * Return value: Return encryption type corresponding to a string.
693 shishi_cipher_parse (const char *cipher
)
698 i
= strtol (cipher
, &endptr
, 0);
700 if (endptr
!= cipher
)
703 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
704 if (strcasecmp (cipher
, ciphers
[i
]->name
) == 0)
705 return ciphers
[i
]->type
;
707 for (i
= 0; i
< sizeof (cipher_aliases
) / sizeof (cipher_aliases
[0]); i
++)
708 if (strcasecmp (cipher
, cipher_aliases
[i
].name
) == 0)
709 return cipher_aliases
[i
].type
;
714 static Shishi_random_to_key_function
715 _shishi_cipher_random_to_key (int32_t type
)
719 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
720 if (type
== ciphers
[i
]->type
)
721 return ciphers
[i
]->random2key
;
726 static Shishi_string_to_key_function
727 _shishi_cipher_string_to_key (int32_t type
)
731 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
732 if (type
== ciphers
[i
]->type
)
733 return ciphers
[i
]->string2key
;
738 static Shishi_encrypt_function
739 _shishi_cipher_encrypt (int32_t type
)
743 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
744 if (type
== ciphers
[i
]->type
)
745 return ciphers
[i
]->encrypt
;
750 static Shishi_decrypt_function
751 _shishi_cipher_decrypt (int32_t type
)
755 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
756 if (type
== ciphers
[i
]->type
)
757 return ciphers
[i
]->decrypt
;
762 static checksuminfo
*checksums
[] = {
780 &hmac_sha1_des3_kd_info
,
783 &hmac_sha1_96_aes128_info
,
784 &hmac_sha1_96_aes256_info
,
787 &arcfour_hmac_md5_info
792 * shishi_checksum_supported_p:
793 * @type: checksum type, see Shishi_cksumtype.
795 * Find out whether checksum is supported.
797 * Return value: Return 0 iff checksum is unsupported.
800 shishi_checksum_supported_p (int32_t type
)
804 for (i
= 0; i
< sizeof (checksums
) / sizeof (checksums
[0]); i
++)
805 if (type
== checksums
[i
]->type
)
812 * shishi_checksum_name:
813 * @type: checksum type, see Shishi_cksumtype.
815 * Get name of checksum.
817 * Return value: Return name of checksum type,
818 * e.g. "hmac-sha1-96-aes256", as defined in the standards.
821 shishi_checksum_name (int32_t type
)
826 for (i
= 0; i
< sizeof (checksums
) / sizeof (checksums
[0]); i
++)
828 if (type
== checksums
[i
]->type
)
829 return checksums
[i
]->name
;
832 asprintf (&p
, "unknown checksum %d", type
);
837 * shishi_checksum_cksumlen:
838 * @type: checksum type, see Shishi_cksumtype.
840 * Get length of checksum output.
842 * Return value: Return length of checksum used for the checksum type,
843 * as defined in the standards.
846 shishi_checksum_cksumlen (int32_t type
)
850 for (i
= 0; i
< sizeof (checksums
) / sizeof (checksums
[0]); i
++)
851 if (type
== checksums
[i
]->type
)
852 return checksums
[i
]->cksumlen
;
858 * shishi_checksum_parse:
859 * @checksum: name of checksum type, e.g. "hmac-sha1-96-aes256".
861 * Get checksum number by parsing a string.
863 * Return value: Return checksum type, see Shishi_cksumtype,
864 * corresponding to a string.
867 shishi_checksum_parse (const char *checksum
)
872 i
= strtol (checksum
, &endptr
, 0);
874 if (endptr
!= checksum
)
877 for (i
= 0; i
< sizeof (checksums
) / sizeof (checksums
[0]); i
++)
878 if (strcasecmp (checksum
, checksums
[i
]->name
) == 0)
879 return checksums
[i
]->type
;
884 static Shishi_checksum_function
885 _shishi_checksum (int32_t type
)
889 for (i
= 0; i
< sizeof (checksums
) / sizeof (checksums
[0]); i
++)
890 if (type
== checksums
[i
]->type
)
891 return checksums
[i
]->checksum
;
896 static Shishi_verify_function
897 _shishi_verify (int32_t type
)
901 for (i
= 0; i
< sizeof (checksums
) / sizeof (checksums
[0]); i
++)
902 if (type
== checksums
[i
]->type
)
903 return checksums
[i
]->verify
;
909 * shishi_string_to_key:
910 * @handle: shishi handle as allocated by shishi_init().
911 * @keytype: cryptographic encryption type, see Shishi_etype.
912 * @password: input array with password.
913 * @passwordlen: length of input array with password.
914 * @salt: input array with salt.
915 * @saltlen: length of input array with salt.
916 * @parameter: input array with opaque encryption type specific information.
917 * @outkey: allocated key handle that will contain new key.
919 * Derive key from a string (password) and salt (commonly
920 * concatenation of realm and principal) for specified key type, and
921 * set the type and value in the given key to the computed values.
922 * The parameter value is specific for each keytype, and can be set if
923 * the parameter information is not available.
925 * Return value: Returns %SHISHI_OK iff successful.
928 shishi_string_to_key (Shishi
* handle
,
930 const char *password
, size_t passwordlen
,
931 const char *salt
, size_t saltlen
,
932 const char *parameter
, Shishi_key
* outkey
)
934 Shishi_string_to_key_function string2key
;
937 shishi_key_type_set (outkey
, keytype
);
939 if (VERBOSECRYPTO (handle
))
941 printf ("string_to_key (%s, password, salt)\n",
942 shishi_key_name (outkey
));
943 printf ("\t ;; password:\n");
944 _shishi_escapeprint (password
, passwordlen
);
945 _shishi_hexprint (password
, passwordlen
);
946 printf ("\t ;; salt:\n");
947 _shishi_escapeprint (salt
, saltlen
);
948 _shishi_hexprint (salt
, saltlen
);
951 string2key
= _shishi_cipher_string_to_key (shishi_key_type (outkey
));
952 if (string2key
== NULL
)
954 shishi_error_printf (handle
, "Unsupported keytype %d",
955 shishi_key_type (outkey
));
956 return SHISHI_CRYPTO_ERROR
;
959 res
= (*string2key
) (handle
, password
, passwordlen
,
960 salt
, saltlen
, parameter
, outkey
);
962 if (VERBOSECRYPTO (handle
))
964 printf ("\t ;; string_to_key key:\n");
965 _shishi_hexprint (shishi_key_value (outkey
),
966 shishi_key_length (outkey
));
967 _shishi_binprint (shishi_key_value (outkey
),
968 shishi_key_length (outkey
));
975 * shishi_random_to_key:
976 * @handle: shishi handle as allocated by shishi_init().
977 * @keytype: cryptographic encryption type, see Shishi_etype.
978 * @rnd: input array with random data.
979 * @rndlen: length of input array with random data.
980 * @outkey: allocated key handle that will contain new key.
982 * Derive key from random data for specified key type, and set the
983 * type and value in the given key to the computed values.
985 * Return value: Returns %SHISHI_OK iff successful.
988 shishi_random_to_key (Shishi
* handle
,
990 const char *rnd
, size_t rndlen
, Shishi_key
* outkey
)
992 Shishi_random_to_key_function random2key
;
995 shishi_key_type_set (outkey
, keytype
);
997 if (VERBOSECRYPTO (handle
))
999 printf ("random_to_key (%s, random)\n", shishi_key_name (outkey
));
1000 printf ("\t ;; random:\n");
1001 _shishi_hexprint (rnd
, rndlen
);
1002 _shishi_binprint (rnd
, rndlen
);
1005 random2key
= _shishi_cipher_random_to_key (keytype
);
1006 if (random2key
== NULL
)
1008 shishi_error_printf (handle
, "Unsupported random_to_key() ekeytype %d",
1010 return SHISHI_CRYPTO_ERROR
;
1013 res
= (*random2key
) (handle
, rnd
, rndlen
, outkey
);
1015 if (VERBOSECRYPTO (handle
))
1017 printf ("\t ;; random_to_key key:\n");
1018 _shishi_hexprint (shishi_key_value (outkey
),
1019 shishi_key_length (outkey
));
1020 _shishi_binprint (shishi_key_value (outkey
),
1021 shishi_key_length (outkey
));
1029 * @handle: shishi handle as allocated by shishi_init().
1030 * @key: key to compute checksum with.
1031 * @keyusage: integer specifying what this key is used for.
1032 * @cksumtype: the checksum algorithm to use.
1033 * @in: input array with data to integrity protect.
1034 * @inlen: size of input array with data to integrity protect.
1035 * @out: output array with newly allocated integrity protected data.
1036 * @outlen: output variable with length of output array with checksum.
1038 * Integrity protect data using key, possibly altered by supplied key
1039 * usage. If key usage is 0, no key derivation is used. The OUT
1040 * buffer must be deallocated by the caller.
1042 * Return value: Returns %SHISHI_OK iff successful.
1045 shishi_checksum (Shishi
* handle
,
1049 const char *in
, size_t inlen
, char **out
, size_t * outlen
)
1051 Shishi_checksum_function checksum
;
1054 if (VERBOSECRYPTO (handle
))
1056 printf ("checksum (%s, %d, in, out)\n",
1057 shishi_key_name (key
), cksumtype
);
1058 printf ("\t ;; key (%d):\n", shishi_key_length (key
));
1059 _shishi_hexprint (shishi_key_value (key
), shishi_key_length (key
));
1060 printf ("\t ;; in:\n");
1061 _shishi_escapeprint (in
, inlen
);
1062 _shishi_hexprint (in
, inlen
);
1066 cksumtype
= shishi_cipher_defaultcksumtype (shishi_key_type (key
));
1068 checksum
= _shishi_checksum (cksumtype
);
1069 if (checksum
== NULL
)
1071 shishi_error_printf (handle
, "Unsupported checksum type %d", cksumtype
);
1072 return SHISHI_CRYPTO_ERROR
;
1075 /* XXX? check if etype and cksumtype are compatible? */
1077 res
= (*checksum
) (handle
, key
, keyusage
, cksumtype
,
1078 in
, inlen
, out
, outlen
);
1080 if (VERBOSECRYPTO (handle
))
1082 printf ("\t ;; checksum out:\n");
1083 _shishi_escapeprint (*out
, *outlen
);
1084 _shishi_hexprint (*out
, *outlen
);
1092 * @handle: shishi handle as allocated by shishi_init().
1093 * @key: key to verify checksum with.
1094 * @keyusage: integer specifying what this key is used for.
1095 * @cksumtype: the checksum algorithm to use.
1096 * @in: input array with data that was integrity protected.
1097 * @inlen: size of input array with data that was integrity protected.
1098 * @cksum: input array with alleged checksum of data.
1099 * @cksumlen: size of input array with alleged checksum of data.
1101 * Verify checksum of data using key, possibly altered by supplied key
1102 * usage. If key usage is 0, no key derivation is used.
1104 * Return value: Returns %SHISHI_OK iff successful.
1107 shishi_verify (Shishi
* handle
,
1111 const char *in
, size_t inlen
,
1112 const char *cksum
, size_t cksumlen
)
1114 Shishi_verify_function verify
;
1117 if (VERBOSECRYPTO (handle
))
1119 printf ("verify (%s, %d, in, out)\n", shishi_key_name (key
), cksumtype
);
1120 printf ("\t ;; key (%d):\n", shishi_key_length (key
));
1121 _shishi_hexprint (shishi_key_value (key
), shishi_key_length (key
));
1122 printf ("\t ;; data:\n");
1123 _shishi_escapeprint (in
, inlen
);
1124 _shishi_hexprint (in
, inlen
);
1125 printf ("\t ;; mic:\n");
1126 _shishi_escapeprint (cksum
, cksumlen
);
1127 _shishi_hexprint (cksum
, cksumlen
);
1131 cksumtype
= shishi_cipher_defaultcksumtype (shishi_key_type (key
));
1133 verify
= _shishi_verify (cksumtype
);
1136 shishi_error_printf (handle
, "Unsupported checksum type %d", cksumtype
);
1137 return SHISHI_CRYPTO_ERROR
;
1140 /* XXX? check if etype and cksumtype are compatible? */
1142 res
= (*verify
) (handle
, key
, keyusage
, cksumtype
,
1143 in
, inlen
, cksum
, cksumlen
);
1145 if (VERBOSECRYPTO (handle
))
1146 printf ("\t ;; verify return: %d\n", res
);
1152 * shishi_encrypt_ivupdate_etype:
1153 * @handle: shishi handle as allocated by shishi_init().
1154 * @key: key to encrypt with.
1155 * @keyusage: integer specifying what this key is encrypting.
1156 * @etype: integer specifying what cipher to use.
1157 * @iv: input array with initialization vector
1158 * @ivlen: size of input array with initialization vector.
1159 * @ivout: output array with newly allocated updated initialization vector.
1160 * @ivoutlen: size of output array with updated initialization vector.
1161 * @in: input array with data to encrypt.
1162 * @inlen: size of input array with data to encrypt.
1163 * @out: output array with newly allocated encrypted data.
1164 * @outlen: output variable with size of newly allocated output array.
1166 * Encrypts data as per encryption method using specified
1167 * initialization vector and key. The key actually used is derived
1168 * using the key usage. If key usage is 0, no key derivation is used.
1169 * The OUT buffer must be deallocated by the caller. If IVOUT or
1170 * IVOUTLEN is NULL, the updated IV is not saved anywhere.
1172 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1173 * exactly. Some encryption types add pad to make the data fit into
1174 * the block size of the encryption algorithm. Furthermore, the pad
1175 * is not guaranteed to look in any special way, although existing
1176 * implementations often pad with the zero byte. This means that you
1177 * may have to "frame" data, so it is possible to infer the original
1178 * length after decryption. Compare ASN.1 DER which contains such
1181 * Return value: Returns %SHISHI_OK iff successful.
1184 shishi_encrypt_ivupdate_etype (Shishi
* handle
,
1188 const char *iv
, size_t ivlen
,
1189 char **ivout
, size_t * ivoutlen
,
1190 const char *in
, size_t inlen
,
1191 char **out
, size_t * outlen
)
1193 Shishi_encrypt_function enc
;
1196 if (VERBOSECRYPTO (handle
))
1198 printf ("encrypt (type=%s, usage=%d, key, in)\n",
1199 shishi_key_name (key
), keyusage
);
1200 printf ("\t ;; key (%d):\n", shishi_key_length (key
));
1201 _shishi_hexprint (shishi_key_value (key
), shishi_key_length (key
));
1202 printf ("\t ;; in (%d):\n", inlen
);
1203 _shishi_escapeprint (in
, inlen
);
1204 _shishi_hexprint (in
, inlen
);
1207 printf ("\t ;; iv (%d):\n", ivlen
);
1208 _shishi_escapeprint (iv
, ivlen
);
1209 _shishi_hexprint (iv
, ivlen
);
1213 enc
= _shishi_cipher_encrypt (etype
);
1216 shishi_error_printf (handle
, "Unsupported keytype %d",
1217 shishi_key_type (key
));
1218 return SHISHI_CRYPTO_ERROR
;
1221 res
= (*enc
) (handle
, key
, keyusage
, iv
, ivlen
, ivout
, ivoutlen
,
1222 in
, inlen
, out
, outlen
);
1224 if (VERBOSECRYPTO (handle
))
1226 if (res
== SHISHI_OK
)
1228 printf ("\t ;; encrypt out:\n");
1229 _shishi_escapeprint (*out
, *outlen
);
1230 _shishi_hexprint (*out
, *outlen
);
1231 if (ivout
&& ivoutlen
)
1233 printf ("\t ;; iv out:\n");
1234 _shishi_escapeprint (*ivout
, *ivoutlen
);
1235 _shishi_hexprint (*ivout
, *ivoutlen
);
1240 printf ("\t ;; encrypt out failed %d\n", res
);
1248 * shishi_encrypt_iv_etype:
1249 * @handle: shishi handle as allocated by shishi_init().
1250 * @key: key to encrypt with.
1251 * @keyusage: integer specifying what this key is encrypting.
1252 * @etype: integer specifying what cipher to use.
1253 * @iv: input array with initialization vector
1254 * @ivlen: size of input array with initialization vector.
1255 * @in: input array with data to encrypt.
1256 * @inlen: size of input array with data to encrypt.
1257 * @out: output array with newly allocated encrypted data.
1258 * @outlen: output variable with size of newly allocated output array.
1260 * Encrypts data as per encryption method using specified
1261 * initialization vector and key. The key actually used is derived
1262 * using the key usage. If key usage is 0, no key derivation is used.
1263 * The OUT buffer must be deallocated by the caller. The next IV is
1264 * lost, see shishi_encrypt_ivupdate_etype if you need it.
1266 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1267 * exactly. Some encryption types add pad to make the data fit into
1268 * the block size of the encryption algorithm. Furthermore, the pad
1269 * is not guaranteed to look in any special way, although existing
1270 * implementations often pad with the zero byte. This means that you
1271 * may have to "frame" data, so it is possible to infer the original
1272 * length after decryption. Compare ASN.1 DER which contains such
1275 * Return value: Returns %SHISHI_OK iff successful.
1278 shishi_encrypt_iv_etype (Shishi
* handle
,
1282 const char *iv
, size_t ivlen
,
1283 const char *in
, size_t inlen
,
1284 char **out
, size_t * outlen
)
1286 return shishi_encrypt_ivupdate_etype (handle
, key
, keyusage
, etype
,
1287 iv
, ivlen
, NULL
, NULL
,
1288 in
, inlen
, out
, outlen
);
1292 * shishi_encrypt_etype:
1293 * @handle: shishi handle as allocated by shishi_init().
1294 * @key: key to encrypt with.
1295 * @keyusage: integer specifying what this key is encrypting.
1296 * @etype: integer specifying what cipher to use.
1297 * @in: input array with data to encrypt.
1298 * @inlen: size of input array with data to encrypt.
1299 * @out: output array with newly allocated encrypted data.
1300 * @outlen: output variable with size of newly allocated output array.
1302 * Encrypts data as per encryption method using specified
1303 * initialization vector and key. The key actually used is derived
1304 * using the key usage. If key usage is 0, no key derivation is used.
1305 * The OUT buffer must be deallocated by the caller. The default IV
1306 * is used, see shishi_encrypt_iv_etype if you need to alter it. The
1307 * next IV is lost, see shishi_encrypt_ivupdate_etype if you need it.
1309 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1310 * exactly. Some encryption types add pad to make the data fit into
1311 * the block size of the encryption algorithm. Furthermore, the pad
1312 * is not guaranteed to look in any special way, although existing
1313 * implementations often pad with the zero byte. This means that you
1314 * may have to "frame" data, so it is possible to infer the original
1315 * length after decryption. Compare ASN.1 DER which contains such
1318 * Return value: Returns %SHISHI_OK iff successful.
1321 shishi_encrypt_etype (Shishi
* handle
,
1325 const char *in
, size_t inlen
,
1326 char **out
, size_t * outlen
)
1328 return shishi_encrypt_ivupdate_etype (handle
, key
, keyusage
,
1329 shishi_key_type (key
),
1330 NULL
, 0, NULL
, NULL
,
1331 in
, inlen
, out
, outlen
);
1335 * shishi_encrypt_ivupdate:
1336 * @handle: shishi handle as allocated by shishi_init().
1337 * @key: key to encrypt with.
1338 * @keyusage: integer specifying what this key is encrypting.
1339 * @iv: input array with initialization vector
1340 * @ivlen: size of input array with initialization vector.
1341 * @ivout: output array with newly allocated updated initialization vector.
1342 * @ivoutlen: size of output array with updated initialization vector.
1343 * @in: input array with data to encrypt.
1344 * @inlen: size of input array with data to encrypt.
1345 * @out: output array with newly allocated encrypted data.
1346 * @outlen: output variable with size of newly allocated output array.
1348 * Encrypts data using specified initialization vector and key. The
1349 * key actually used is derived using the key usage. If key usage is
1350 * 0, no key derivation is used. The OUT buffer must be deallocated
1351 * by the caller. If IVOUT or IVOUTLEN is NULL, the updated IV is not
1354 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1355 * exactly. Some encryption types add pad to make the data fit into
1356 * the block size of the encryption algorithm. Furthermore, the pad
1357 * is not guaranteed to look in any special way, although existing
1358 * implementations often pad with the zero byte. This means that you
1359 * may have to "frame" data, so it is possible to infer the original
1360 * length after decryption. Compare ASN.1 DER which contains such
1363 * Return value: Returns %SHISHI_OK iff successful.
1366 shishi_encrypt_ivupdate (Shishi
* handle
,
1369 const char *iv
, size_t ivlen
,
1370 char **ivout
, size_t * ivoutlen
,
1371 const char *in
, size_t inlen
,
1372 char **out
, size_t * outlen
)
1374 return shishi_encrypt_ivupdate_etype (handle
, key
, keyusage
,
1375 shishi_key_type (key
),
1376 iv
, ivlen
, ivout
, ivoutlen
,
1377 in
, inlen
, out
, outlen
);
1381 * shishi_encrypt_iv:
1382 * @handle: shishi handle as allocated by shishi_init().
1383 * @key: key to encrypt with.
1384 * @keyusage: integer specifying what this key is encrypting.
1385 * @iv: input array with initialization vector
1386 * @ivlen: size of input array with initialization vector.
1387 * @in: input array with data to encrypt.
1388 * @inlen: size of input array with data to encrypt.
1389 * @out: output array with newly allocated encrypted data.
1390 * @outlen: output variable with size of newly allocated output array.
1392 * Encrypts data using specified initialization vector and key. The
1393 * key actually used is derived using the key usage. If key usage is
1394 * 0, no key derivation is used. The OUT buffer must be deallocated
1395 * by the caller. The next IV is lost, see shishi_encrypt_ivupdate if
1398 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1399 * exactly. Some encryption types add pad to make the data fit into
1400 * the block size of the encryption algorithm. Furthermore, the pad
1401 * is not guaranteed to look in any special way, although existing
1402 * implementations often pad with the zero byte. This means that you
1403 * may have to "frame" data, so it is possible to infer the original
1404 * length after decryption. Compare ASN.1 DER which contains such
1407 * Return value: Returns %SHISHI_OK iff successful.
1410 shishi_encrypt_iv (Shishi
* handle
,
1413 const char *iv
, size_t ivlen
,
1414 const char *in
, size_t inlen
, char **out
, size_t * outlen
)
1416 return shishi_encrypt_ivupdate_etype (handle
, key
, keyusage
,
1417 shishi_key_type (key
),
1418 iv
, ivlen
, NULL
, NULL
,
1419 in
, inlen
, out
, outlen
);
1424 * @handle: shishi handle as allocated by shishi_init().
1425 * @key: key to encrypt with.
1426 * @keyusage: integer specifying what this key is encrypting.
1427 * @in: input array with data to encrypt.
1428 * @inlen: size of input array with data to encrypt.
1429 * @out: output array with newly allocated encrypted data.
1430 * @outlen: output variable with size of newly allocated output array.
1432 * Encrypts data using specified key. The key actually used is
1433 * derived using the key usage. If key usage is 0, no key derivation
1434 * is used. The OUT buffer must be deallocated by the caller. The
1435 * default IV is used, see shishi_encrypt_iv if you need to alter it.
1436 * The next IV is lost, see shishi_encrypt_ivupdate if you need it.
1438 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1439 * exactly. Some encryption types add pad to make the data fit into
1440 * the block size of the encryption algorithm. Furthermore, the pad
1441 * is not guaranteed to look in any special way, although existing
1442 * implementations often pad with the zero byte. This means that you
1443 * may have to "frame" data, so it is possible to infer the original
1444 * length after decryption. Compare ASN.1 DER which contains such
1447 * Return value: Returns %SHISHI_OK iff successful.
1450 shishi_encrypt (Shishi
* handle
,
1453 char *in
, size_t inlen
, char **out
, size_t * outlen
)
1455 return shishi_encrypt_ivupdate_etype (handle
, key
, keyusage
,
1456 shishi_key_type (key
),
1457 NULL
, 0, NULL
, NULL
,
1458 in
, inlen
, out
, outlen
);
1462 * shishi_decrypt_ivupdate_etype:
1463 * @handle: shishi handle as allocated by shishi_init().
1464 * @key: key to decrypt with.
1465 * @keyusage: integer specifying what this key is decrypting.
1466 * @etype: integer specifying what cipher to use.
1467 * @iv: input array with initialization vector
1468 * @ivlen: size of input array with initialization vector.
1469 * @ivout: output array with newly allocated updated initialization vector.
1470 * @ivoutlen: size of output array with updated initialization vector.
1471 * @in: input array with data to decrypt.
1472 * @inlen: size of input array with data to decrypt.
1473 * @out: output array with newly allocated decrypted data.
1474 * @outlen: output variable with size of newly allocated output array.
1476 * Decrypts data as per encryption method using specified
1477 * initialization vector and key. The key actually used is derived
1478 * using the key usage. If key usage is 0, no key derivation is used.
1479 * The OUT buffer must be deallocated by the caller. If IVOUT or
1480 * IVOUTLEN is NULL, the updated IV is not saved anywhere.
1482 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1483 * exactly. Some encryption types add pad to make the data fit into
1484 * the block size of the encryption algorithm. Furthermore, the pad
1485 * is not guaranteed to look in any special way, although existing
1486 * implementations often pad with the zero byte. This means that you
1487 * may have to "frame" data, so it is possible to infer the original
1488 * length after decryption. Compare ASN.1 DER which contains such
1491 * Return value: Returns %SHISHI_OK iff successful.
1494 shishi_decrypt_ivupdate_etype (Shishi
* handle
,
1498 const char *iv
, size_t ivlen
,
1499 char **ivout
, size_t * ivoutlen
,
1500 const char *in
, size_t inlen
,
1501 char **out
, size_t * outlen
)
1503 Shishi_decrypt_function decrypt
;
1506 if (VERBOSECRYPTO (handle
))
1508 printf ("decrypt (type=%s, usage=%d, key, in, out)\n",
1509 shishi_key_name (key
), keyusage
);
1510 printf ("\t ;; key (%d):\n", shishi_key_length (key
));
1511 _shishi_hexprint (shishi_key_value (key
), shishi_key_length (key
));
1512 printf ("\t ;; in (%d):\n", inlen
);
1513 _shishi_escapeprint (in
, inlen
);
1514 _shishi_hexprint (in
, inlen
);
1517 printf ("\t ;; iv (%d):\n", ivlen
);
1518 _shishi_escapeprint (iv
, ivlen
);
1519 _shishi_hexprint (iv
, ivlen
);
1523 decrypt
= _shishi_cipher_decrypt (etype
);
1524 if (decrypt
== NULL
)
1526 shishi_error_printf (handle
, "Unsupported keytype %d",
1527 shishi_key_type (key
));
1528 return SHISHI_CRYPTO_ERROR
;
1531 res
= (*decrypt
) (handle
, key
, keyusage
,
1532 iv
, ivlen
, ivout
, ivoutlen
, in
, inlen
, out
, outlen
);
1534 if (VERBOSECRYPTO (handle
))
1536 if (res
== SHISHI_OK
)
1538 printf ("\t ;; decrypt out:\n");
1539 _shishi_escapeprint (*out
, *outlen
);
1540 _shishi_hexprint (*out
, *outlen
);
1544 printf ("\t ;; decrypt out failed %d\n", res
);
1552 * shishi_decrypt_iv_etype:
1553 * @handle: shishi handle as allocated by shishi_init().
1554 * @key: key to decrypt with.
1555 * @keyusage: integer specifying what this key is decrypting.
1556 * @etype: integer specifying what cipher to use.
1557 * @iv: input array with initialization vector
1558 * @ivlen: size of input array with initialization vector.
1559 * @in: input array with data to decrypt.
1560 * @inlen: size of input array with data to decrypt.
1561 * @out: output array with newly allocated decrypted data.
1562 * @outlen: output variable with size of newly allocated output array.
1564 * Decrypts data as per encryption method using specified
1565 * initialization vector and key. The key actually used is derived
1566 * using the key usage. If key usage is 0, no key derivation is used.
1567 * The OUT buffer must be deallocated by the caller. The next IV is
1568 * lost, see shishi_decrypt_ivupdate_etype if you need it.
1570 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1571 * exactly. Some encryption types add pad to make the data fit into
1572 * the block size of the encryption algorithm. Furthermore, the pad
1573 * is not guaranteed to look in any special way, although existing
1574 * implementations often pad with the zero byte. This means that you
1575 * may have to "frame" data, so it is possible to infer the original
1576 * length after decryption. Compare ASN.1 DER which contains such
1579 * Return value: Returns %SHISHI_OK iff successful.
1582 shishi_decrypt_iv_etype (Shishi
* handle
,
1586 const char *iv
, size_t ivlen
,
1587 const char *in
, size_t inlen
,
1588 char **out
, size_t * outlen
)
1590 return shishi_decrypt_ivupdate_etype (handle
, key
, keyusage
, etype
,
1591 iv
, ivlen
, NULL
, NULL
,
1592 in
, inlen
, out
, outlen
);
1596 * shishi_decrypt_etype:
1597 * @handle: shishi handle as allocated by shishi_init().
1598 * @key: key to decrypt with.
1599 * @keyusage: integer specifying what this key is decrypting.
1600 * @etype: integer specifying what cipher to use.
1601 * @in: input array with data to decrypt.
1602 * @inlen: size of input array with data to decrypt.
1603 * @out: output array with newly allocated decrypted data.
1604 * @outlen: output variable with size of newly allocated output array.
1606 * Decrypts data as per encryption method using specified key. The
1607 * key actually used is derived using the key usage. If key usage is
1608 * 0, no key derivation is used. The OUT buffer must be deallocated
1609 * by the caller. The default IV is used, see shishi_decrypt_iv_etype
1610 * if you need to alter it. The next IV is lost, see
1611 * shishi_decrypt_ivupdate_etype if you need it.
1613 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1614 * exactly. Some encryption types add pad to make the data fit into
1615 * the block size of the encryption algorithm. Furthermore, the pad
1616 * is not guaranteed to look in any special way, although existing
1617 * implementations often pad with the zero byte. This means that you
1618 * may have to "frame" data, so it is possible to infer the original
1619 * length after decryption. Compare ASN.1 DER which contains such
1622 * Return value: Returns %SHISHI_OK iff successful.
1625 shishi_decrypt_etype (Shishi
* handle
,
1629 const char *in
, size_t inlen
,
1630 char **out
, size_t * outlen
)
1632 return shishi_decrypt_ivupdate_etype (handle
, key
, keyusage
, etype
,
1633 NULL
, 0, NULL
, NULL
,
1634 in
, inlen
, out
, outlen
);
1638 * shishi_decrypt_ivupdate:
1639 * @handle: shishi handle as allocated by shishi_init().
1640 * @key: key to decrypt with.
1641 * @keyusage: integer specifying what this key is decrypting.
1642 * @iv: input array with initialization vector
1643 * @ivlen: size of input array with initialization vector.
1644 * @ivout: output array with newly allocated updated initialization vector.
1645 * @ivoutlen: size of output array with updated initialization vector.
1646 * @in: input array with data to decrypt.
1647 * @inlen: size of input array with data to decrypt.
1648 * @out: output array with newly allocated decrypted data.
1649 * @outlen: output variable with size of newly allocated output array.
1651 * Decrypts data using specified initialization vector and key. The
1652 * key actually used is derived using the key usage. If key usage is
1653 * 0, no key derivation is used. The OUT buffer must be deallocated
1654 * by the caller. If IVOUT or IVOUTLEN is NULL, the updated IV is not
1657 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1658 * exactly. Some encryption types add pad to make the data fit into
1659 * the block size of the encryption algorithm. Furthermore, the pad
1660 * is not guaranteed to look in any special way, although existing
1661 * implementations often pad with the zero byte. This means that you
1662 * may have to "frame" data, so it is possible to infer the original
1663 * length after decryption. Compare ASN.1 DER which contains such
1666 * Return value: Returns %SHISHI_OK iff successful.
1669 shishi_decrypt_ivupdate (Shishi
* handle
,
1672 const char *iv
, size_t ivlen
,
1673 char **ivout
, size_t * ivoutlen
,
1674 const char *in
, size_t inlen
,
1675 char **out
, size_t * outlen
)
1677 return shishi_decrypt_ivupdate_etype (handle
, key
, keyusage
,
1678 shishi_key_type (key
),
1679 iv
, ivlen
, ivout
, ivoutlen
,
1680 in
, inlen
, out
, outlen
);
1684 * shishi_decrypt_iv:
1685 * @handle: shishi handle as allocated by shishi_init().
1686 * @key: key to decrypt with.
1687 * @keyusage: integer specifying what this key is decrypting.
1688 * @iv: input array with initialization vector
1689 * @ivlen: size of input array with initialization vector.
1690 * @in: input array with data to decrypt.
1691 * @inlen: size of input array with data to decrypt.
1692 * @out: output array with newly allocated decrypted data.
1693 * @outlen: output variable with size of newly allocated output array.
1695 * Decrypts data using specified initialization vector and key. The
1696 * key actually used is derived using the key usage. If key usage is
1697 * 0, no key derivation is used. The OUT buffer must be deallocated
1698 * by the caller. The next IV is lost, see
1699 * shishi_decrypt_ivupdate_etype if you need it.
1701 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1702 * exactly. Some encryption types add pad to make the data fit into
1703 * the block size of the encryption algorithm. Furthermore, the pad
1704 * is not guaranteed to look in any special way, although existing
1705 * implementations often pad with the zero byte. This means that you
1706 * may have to "frame" data, so it is possible to infer the original
1707 * length after decryption. Compare ASN.1 DER which contains such
1710 * Return value: Returns %SHISHI_OK iff successful.
1713 shishi_decrypt_iv (Shishi
* handle
,
1716 const char *iv
, size_t ivlen
,
1717 const char *in
, size_t inlen
, char **out
, size_t * outlen
)
1719 return shishi_decrypt_ivupdate_etype (handle
, key
, keyusage
,
1720 shishi_key_type (key
),
1721 iv
, ivlen
, NULL
, NULL
,
1722 in
, inlen
, out
, outlen
);
1727 * @handle: shishi handle as allocated by shishi_init().
1728 * @key: key to decrypt with.
1729 * @keyusage: integer specifying what this key is decrypting.
1730 * @in: input array with data to decrypt.
1731 * @inlen: size of input array with data to decrypt.
1732 * @out: output array with newly allocated decrypted data.
1733 * @outlen: output variable with size of newly allocated output array.
1735 * Decrypts data specified key. The key actually used is derived
1736 * using the key usage. If key usage is 0, no key derivation is used.
1737 * The OUT buffer must be deallocated by the caller. The default IV
1738 * is used, see shishi_decrypt_iv if you need to alter it. The next
1739 * IV is lost, see shishi_decrypt_ivupdate if you need it.
1741 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1742 * exactly. Some encryption types add pad to make the data fit into
1743 * the block size of the encryption algorithm. Furthermore, the pad
1744 * is not guaranteed to look in any special way, although existing
1745 * implementations often pad with the zero byte. This means that you
1746 * may have to "frame" data, so it is possible to infer the original
1747 * length after decryption. Compare ASN.1 DER which contains such
1750 * Return value: Returns %SHISHI_OK iff successful.
1753 shishi_decrypt (Shishi
* handle
,
1756 const char *in
, size_t inlen
, char **out
, size_t * outlen
)
1758 return shishi_decrypt_ivupdate_etype (handle
, key
, keyusage
,
1759 shishi_key_type (key
),
1760 NULL
, 0, NULL
, NULL
,
1761 in
, inlen
, out
, outlen
);
1766 * @handle: shishi handle as allocated by shishi_init().
1767 * @in: input array with data to decrypt.
1768 * @inlen: size of input array with data to decrypt ("M").
1769 * @out: output array with decrypted data.
1770 * @outlen: size of output array ("N").
1772 * Fold data into a fixed length output array, with the intent to give
1773 * each input bit approximately equal weight in determining the value
1774 * of each output bit.
1776 * The algorithm is from "A Better Key Schedule For DES-like Ciphers"
1777 * by Uri Blumenthal and Steven M. Bellovin,
1778 * <URL:http://www.research.att.com/~smb/papers/ides.pdf>, although
1779 * the sample vectors provided by the paper are incorrect.
1781 * Return value: Returns %SHISHI_OK iff successful.
1784 shishi_n_fold (Shishi
* handle
,
1785 const char *in
, size_t inlen
, char *out
, size_t outlen
)
1795 To n-fold a number X, replicate the input value to a length that is
1796 the least common multiple of n and the length of X. Before each
1797 repetition, the input is rotated to the right by 13 bit
1798 positions. The successive n-bit chunks are added together using
1799 1's-complement addition (that is, addition with end-around carry)
1800 to yield a n-bit result denoted <X>_n.
1803 a
= xmemdup (in
, m
);
1807 if (VERBOSECRYPTONOISE (handle
))
1809 printf ("%d-fold (string)\n", n
* 8);
1810 printf ("\t ;; string length %d bytes %d bits\n", m
, m
* 8);
1811 _shishi_escapeprint (a
, m
);
1812 _shishi_hexprint (a
, m
);
1813 printf ("\t ;; lcm(%d, %d) = lcm(%d, %d) = %d\n",
1814 8 * m
, 8 * n
, m
, n
, lcmmn
);
1817 buf
= (char *) xmalloc (lcmmn
);
1819 /* Replicate the input th the LCMMN length */
1820 for (i
= 0; i
< (lcmmn
/ m
); i
++)
1822 if (VERBOSECRYPTONOISE (handle
))
1824 printf ("\t ;; %d-th replication\n", i
+ 1);
1825 printf ("string = rot13(string)\n");
1828 memcpy ((char *) &buf
[i
* m
], a
, m
);
1829 rot13 (handle
, a
, a
, m
);
1832 memset (out
, 0, n
); /* just in case */
1834 if (VERBOSECRYPTONOISE (handle
))
1836 printf ("\t ;; replicated string (length %d):\n", lcmmn
);
1837 _shishi_hexprint (buf
, lcmmn
);
1838 _shishi_binprint (buf
, lcmmn
);
1839 printf ("sum = 0\n");
1842 /* Now we view the buf as set of n-byte strings
1843 Add the n-byte long chunks together, using
1844 one's complement addition, storing the
1845 result in the output string. */
1847 for (i
= 0; i
< (lcmmn
/ n
); i
++)
1849 if (VERBOSECRYPTONOISE (handle
))
1851 printf ("\t ;; %d-th one's complement addition sum\n", i
+ 1);
1852 printf ("\t ;; sum:\n");
1853 _shishi_hexprint (out
, n
);
1854 _shishi_binprint (out
, n
);
1855 printf ("\t ;; A (offset %d):\n", i
* n
);
1856 _shishi_hexprint (&buf
[i
* n
], n
);
1857 _shishi_binprint (&buf
[i
* n
], n
);
1858 printf ("sum = ocadd(sum, A);\n");
1861 ocadd (out
, (char *) &buf
[i
* n
], out
, n
);
1863 if (VERBOSECRYPTONOISE (handle
))
1865 printf ("\t ;; sum:\n");
1866 _shishi_hexprint (out
, n
);
1867 _shishi_binprint (out
, n
);
1871 if (VERBOSECRYPTONOISE (handle
))
1873 printf ("\t ;; nfold\n");
1874 _shishi_hexprint (out
, n
);
1875 _shishi_binprint (out
, n
);
1884 #define MAX_DR_PRFCONSTANT 1024
1888 * @handle: shishi handle as allocated by shishi_init().
1889 * @key: input array with cryptographic key to use.
1890 * @prfconstant: input array with the constant string.
1891 * @prfconstantlen: size of input array with the constant string.
1892 * @derivedrandom: output array with derived random data.
1893 * @derivedrandomlen: size of output array with derived random data.
1895 * Derive "random" data from a key and a constant thusly:
1896 * DR(KEY, PRFCONSTANT) = TRUNCATE(DERIVEDRANDOMLEN,
1897 * SHISHI_ENCRYPT(KEY, PRFCONSTANT)).
1899 * Return value: Returns %SHISHI_OK iff successful.
1902 shishi_dr (Shishi
* handle
,
1904 const char *prfconstant
, size_t prfconstantlen
,
1905 char *derivedrandom
, size_t derivedrandomlen
)
1908 char plaintext
[MAX_DR_PRFCONSTANT
];
1909 char nfoldprfconstant
[MAX_DR_PRFCONSTANT
];
1910 size_t blocksize
= shishi_cipher_blocksize (shishi_key_type (key
));
1911 size_t totlen
, cipherlen
;
1914 if (VERBOSECRYPTO (handle
))
1916 printf ("dr (%s, key, prfconstant, %d)\n",
1917 shishi_cipher_name (shishi_key_type (key
)), derivedrandomlen
);
1918 printf ("\t ;; key (length %d):\n", shishi_key_length (key
));
1919 _shishi_hexprint (shishi_key_value (key
), shishi_key_length (key
));
1920 _shishi_binprint (shishi_key_value (key
), shishi_key_length (key
));
1921 printf ("\t ;; prfconstant %s':\n", prfconstant
);
1922 _shishi_escapeprint (prfconstant
, prfconstantlen
);
1923 _shishi_hexprint (prfconstant
, prfconstantlen
);
1924 _shishi_binprint (prfconstant
, prfconstantlen
);
1927 if (prfconstantlen
> MAX_DR_PRFCONSTANT
)
1928 return SHISHI_TOO_SMALL_BUFFER
;
1930 if (prfconstantlen
== blocksize
)
1931 memcpy (nfoldprfconstant
, prfconstant
, prfconstantlen
);
1934 res
= shishi_n_fold (handle
, prfconstant
, prfconstantlen
,
1935 nfoldprfconstant
, blocksize
);
1936 if (res
!= SHISHI_OK
)
1940 if (VERBOSECRYPTO (handle
))
1942 printf ("\t ;; possibly nfolded prfconstant (length %d):\n", blocksize
);
1943 _shishi_escapeprint (nfoldprfconstant
, blocksize
);
1944 _shishi_hexprint (nfoldprfconstant
, blocksize
);
1945 _shishi_binprint (nfoldprfconstant
, blocksize
);
1948 memcpy (plaintext
, nfoldprfconstant
, blocksize
);
1953 res
= shishi_encrypt (handle
, key
, 0, plaintext
, blocksize
,
1954 &cipher
, &cipherlen
);
1955 if (res
!= SHISHI_OK
)
1957 if (cipherlen
!= blocksize
)
1958 return SHISHI_CRYPTO_ERROR
;
1959 memcpy (derivedrandom
+ totlen
, cipher
, cipherlen
);
1960 memcpy (plaintext
, cipher
, cipherlen
);
1962 totlen
+= cipherlen
;
1964 while (totlen
< derivedrandomlen
);
1966 if (VERBOSECRYPTO (handle
))
1968 printf ("\t ;; derived random (length %d):\n", derivedrandomlen
);
1969 _shishi_hexprint (derivedrandom
, derivedrandomlen
);
1970 _shishi_binprint (derivedrandom
, derivedrandomlen
);
1978 * @handle: shishi handle as allocated by shishi_init().
1979 * @key: input cryptographic key to use.
1980 * @prfconstant: input array with the constant string.
1981 * @prfconstantlen: size of input array with the constant string.
1982 * @derivedkey: pointer to derived key (allocated by caller).
1984 * Derive a key from a key and a constant thusly:
1985 * DK(KEY, PRFCONSTANT) = SHISHI_RANDOM-TO-KEY(SHISHI_DR(KEY, PRFCONSTANT)).
1987 * Return value: Returns %SHISHI_OK iff successful.
1990 shishi_dk (Shishi
* handle
,
1992 const char *prfconstant
, size_t prfconstantlen
,
1993 Shishi_key
* derivedkey
)
1995 char rnd
[MAX_RANDOM_LEN
];
1998 if (VERBOSECRYPTO (handle
))
2000 printf ("dk (%s, key, prfconstant)\n", shishi_key_name (key
));
2001 printf ("\t ;; key (length %d):\n", shishi_key_length (key
));
2002 _shishi_hexprint (shishi_key_value (key
), shishi_key_length (key
));
2003 _shishi_binprint (shishi_key_value (key
), shishi_key_length (key
));
2004 printf ("\t ;; prfconstant:\n");
2005 _shishi_escapeprint (prfconstant
, prfconstantlen
);
2006 _shishi_hexprint (prfconstant
, prfconstantlen
);
2007 _shishi_binprint (prfconstant
, prfconstantlen
);
2010 shishi_key_type_set (derivedkey
, shishi_key_type (key
));
2012 res
= shishi_dr (handle
, key
, prfconstant
, prfconstantlen
, rnd
,
2013 shishi_key_length (derivedkey
));
2014 if (res
!= SHISHI_OK
)
2017 res
= shishi_random_to_key (handle
, shishi_key_type (derivedkey
),
2018 rnd
, shishi_key_length (derivedkey
),
2020 if (res
!= SHISHI_OK
)