1 /* crypto.c --- Crypto functions.
2 * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007 Simon Josefsson
4 * This file is part of Shishi.
6 * Shishi is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * Shishi is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, see http://www.gnu.org/licenses or write
18 * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
19 * Floor, Boston, MA 02110-1301, USA
28 /* Get _shishi_escapeprint, etc. */
37 return gcd (b
, a
% b
);
43 return a
* b
/ gcd (a
, b
);
47 rot13 (Shishi
* handle
, char *in
, char *out
, int len
)
49 if (VERBOSECRYPTONOISE (handle
))
51 printf ("\t ;; rot 13 in:\n");
52 _shishi_escapeprint (in
, len
);
53 _shishi_hexprint (in
, len
);
54 _shishi_binprint (in
, len
);
60 ((in
[0] >> 5) & 0x01) |
61 ((in
[0] >> 5) & 0x02) |
62 ((in
[0] >> 5) & 0x04) |
63 ((in
[0] << 3) & 0x08) |
64 ((in
[0] << 3) & 0x10) |
65 ((in
[0] << 3) & 0x20) | ((in
[0] << 3) & 0x40) | ((in
[0] << 3) & 0x80);
69 char nexttolast
, last
;
72 nexttolast
= in
[len
- 2];
75 for (i
= len
* 8 - 1; i
>= 13; i
--)
78 char mask
= ~(1 << (7 - i
% 8));
79 int pos2
= (i
- 13) / 8;
80 char mask2
= (1 << (7 - (i
- 13) % 8));
82 out
[pos
] = (out
[pos
] & mask
) |
83 (((in
[pos2
] & mask2
) ? 0xFF : 0x00) & ~mask
);
85 out
[0] = ((nexttolast
& 0xFF) << 3) | ((last
& 0xFF) >> 5);
86 out
[1] = (in
[1] & ~(0xFF & (0xFF << 3))) | (0xFF & (last
<< 3));
89 if (VERBOSECRYPTONOISE (handle
))
91 printf ("\t ;; rot13 out:\n");
92 _shishi_escapeprint (out
, len
);
93 _shishi_hexprint (out
, len
);
94 _shishi_binprint (out
, len
);
99 ocadd (char *add1
, char *add2
, char *sum
, int len
)
104 for (i
= len
- 1; i
>= 0; i
--)
106 int tmpsum
= (unsigned char) add1
[i
] + (unsigned char) add2
[i
];
108 sum
[i
] = (tmpsum
+ carry
) & 0xFF;
109 if (tmpsum
+ carry
> 0xFF)
119 for (i
= len
- 1; i
>= 0; i
--)
120 if ((unsigned char) sum
[i
] != 0xFF)
128 memset (sum
, 0, len
);
133 simplified_hmac (Shishi
* handle
,
135 const char *in
, size_t inlen
,
136 char **outhash
, size_t * outhashlen
)
138 *outhashlen
= shishi_checksum_cksumlen
139 (shishi_cipher_defaultcksumtype (shishi_key_type (key
)));
140 return shishi_hmac_sha1 (handle
, shishi_key_value (key
),
141 shishi_key_length (key
), in
, inlen
, outhash
);
145 simplified_hmac_verify (Shishi
* handle
, Shishi_key
* key
,
146 const char *in
, size_t inlen
,
147 const char *hmac
, size_t hmaclen
)
154 res
= simplified_hmac (handle
, key
, in
, inlen
, &hash
, &hlen
);
155 if (res
!= SHISHI_OK
|| hash
== NULL
)
158 if (VERBOSECRYPTO (handle
))
160 printf ("\t ;; HMAC verify:\n");
161 _shishi_escapeprint (hash
, hlen
);
162 _shishi_hexprint (hash
, hlen
);
163 _shishi_binprint (hash
, hlen
);
164 _shishi_escapeprint (hmac
, hmaclen
);
165 _shishi_hexprint (hmac
, hmaclen
);
166 _shishi_binprint (hmac
, hmaclen
);
169 same
= (hlen
== hmaclen
) && memcmp (hash
, hmac
, hmaclen
) == 0;
175 shishi_error_printf (handle
, "HMAC verify failed");
176 return SHISHI_CRYPTO_ERROR
;
183 _shishi_simplified_derivekey (Shishi
* handle
,
186 int derivekeymode
, Shishi_key
** outkey
)
190 Shishi_key
*derivedkey
;
192 if (VERBOSECRYPTO (handle
))
194 printf ("simplified_derivekey\n");
195 printf ("\t ;; mode %d (%s)\n", derivekeymode
,
196 derivekeymode
== SHISHI_DERIVEKEYMODE_CHECKSUM
? "checksum" :
197 derivekeymode
== SHISHI_DERIVEKEYMODE_INTEGRITY
? "integrity" :
198 derivekeymode
== SHISHI_DERIVEKEYMODE_PRIVACY
? "privacy" :
200 _shishi_hexprint (shishi_key_value (key
), shishi_key_length (key
));
204 res
= shishi_key_from_value (handle
, shishi_key_type (key
),
206 if (res
!= SHISHI_OK
)
209 *outkey
= derivedkey
;
213 uint32_t tmp
= htonl (keyusage
);
214 memcpy (prfconstant
, &tmp
, 4);
215 if (derivekeymode
== SHISHI_DERIVEKEYMODE_CHECKSUM
)
216 prfconstant
[4] = '\x99';
217 else if (derivekeymode
== SHISHI_DERIVEKEYMODE_INTEGRITY
)
218 prfconstant
[4] = '\x55';
219 else /* if (derivekeymode == SHISHI_DERIVEKEYMODE_PRIVACY) */
220 prfconstant
[4] = '\xAA';
222 res
= shishi_dk (handle
, key
, prfconstant
, 5, derivedkey
);
226 shishi_key_copy (derivedkey
, key
);
229 if (VERBOSECRYPTO (handle
))
231 printf ("\t ;; simplified_derivekey out (%d):\n",
232 shishi_key_length (derivedkey
));
233 _shishi_hexprint (shishi_key_value (derivedkey
),
234 shishi_key_length (derivedkey
));
241 _shishi_simplified_dencrypt (Shishi
* handle
,
243 const char *iv
, size_t ivlen
,
244 char **ivout
, size_t * ivoutlen
,
245 const char *in
, size_t inlen
,
246 char **out
, size_t * outlen
, int decryptp
)
251 size_t padzerolen
= 0;
253 if ((inlen
% 8) != 0)
254 while (((inlen
+ padzerolen
) % 8) != 0)
257 ptlen
= inlen
+ padzerolen
;
261 pt
= xmalloc (ptlen
);
262 memcpy (pt
, in
, inlen
);
263 memset (pt
+ inlen
, 0, padzerolen
);
268 switch (shishi_key_type (key
))
270 case SHISHI_DES_CBC_CRC
:
271 case SHISHI_DES_CBC_MD4
:
272 case SHISHI_DES_CBC_MD5
:
273 case SHISHI_DES_CBC_NONE
:
274 rc
= shishi_des (handle
, decryptp
, shishi_key_value (key
),
275 iv
, ivout
, pt
, ptlen
, out
);
282 case SHISHI_DES3_CBC_HMAC_SHA1_KD
:
283 case SHISHI_DES3_CBC_NONE
:
284 rc
= shishi_3des (handle
, decryptp
, shishi_key_value (key
),
285 iv
, ivout
, pt
, inlen
+ padzerolen
, out
);
292 case SHISHI_AES128_CTS_HMAC_SHA1_96
:
293 case SHISHI_AES256_CTS_HMAC_SHA1_96
:
294 rc
= shishi_aes_cts (handle
, decryptp
,
295 shishi_key_value (key
), shishi_key_length (key
),
296 iv
, ivout
, in
, inlen
, out
);
304 rc
= SHISHI_CRYPTO_ERROR
;
314 _shishi_simplified_encrypt (Shishi
* handle
,
317 const char *iv
, size_t ivlen
,
318 char **ivout
, size_t * ivoutlen
,
319 const char *in
, size_t inlen
,
320 char **out
, size_t * outlen
)
325 if ((shishi_key_type (key
) == SHISHI_DES3_CBC_HMAC_SHA1_KD
||
326 shishi_key_type (key
) == SHISHI_DES_CBC_CRC
||
327 shishi_key_type (key
) == SHISHI_DES_CBC_MD4
||
328 shishi_key_type (key
) == SHISHI_DES_CBC_MD5
) && (inlen
% 8) != 0)
329 while (((inlen
+ padzerolen
) % 8) != 0)
334 char *pt
= NULL
, *ct
= NULL
, *hmac
= NULL
;
335 int blen
= shishi_cipher_blocksize (shishi_key_type (key
));
336 size_t ctlen
, ptlen
, hmaclen
;
337 Shishi_key
*privacykey
= NULL
, *integritykey
= NULL
;
339 ptlen
= inlen
+ blen
+ padzerolen
;
340 pt
= xmalloc (ptlen
);
342 res
= shishi_randomize (handle
, 0, pt
, blen
);
343 if (res
!= SHISHI_OK
)
346 memcpy (pt
+ blen
, in
, inlen
);
347 memset (pt
+ blen
+ inlen
, 0, padzerolen
);
349 res
= _shishi_simplified_derivekey (handle
, key
, keyusage
,
350 SHISHI_DERIVEKEYMODE_PRIVACY
,
352 if (res
!= SHISHI_OK
)
355 res
= _shishi_simplified_dencrypt (handle
, privacykey
,
357 ivoutlen
, pt
, ptlen
, &ct
, &ctlen
, 0);
358 if (res
!= SHISHI_OK
)
362 res
= _shishi_simplified_derivekey (handle
, key
, keyusage
,
363 SHISHI_DERIVEKEYMODE_INTEGRITY
,
365 if (res
!= SHISHI_OK
)
368 res
= simplified_hmac (handle
, integritykey
, pt
, ptlen
,
370 if (res
!= SHISHI_OK
)
373 *outlen
= ctlen
+ hmaclen
;
374 *out
= xmalloc (*outlen
);
375 memcpy (*out
, ct
, ctlen
);
376 memcpy (*out
+ ctlen
, hmac
, hmaclen
);
380 shishi_key_done (privacykey
);
382 shishi_key_done (integritykey
);
392 res
= _shishi_simplified_dencrypt (handle
, key
, iv
, ivlen
,
394 in
, inlen
, out
, outlen
, 0);
401 _shishi_simplified_decrypt (Shishi
* handle
,
404 const char *iv
, size_t ivlen
,
405 char **ivout
, size_t * ivoutlen
,
406 const char *in
, size_t inlen
,
407 char **out
, size_t * outlen
)
413 Shishi_key
*privacykey
= NULL
, *integritykey
= NULL
;
414 int blen
= shishi_cipher_blocksize (shishi_key_type (key
));
415 size_t hlen
= shishi_checksum_cksumlen
416 (shishi_cipher_defaultcksumtype (shishi_key_type (key
)));
418 res
= _shishi_simplified_derivekey (handle
, key
, keyusage
,
419 SHISHI_DERIVEKEYMODE_PRIVACY
,
421 if (res
!= SHISHI_OK
)
424 res
= _shishi_simplified_dencrypt (handle
, privacykey
,
425 iv
, ivlen
, ivout
, ivoutlen
,
426 in
, inlen
- hlen
, out
, outlen
, 1);
427 if (res
!= SHISHI_OK
)
430 res
= _shishi_simplified_derivekey (handle
, key
, keyusage
,
431 SHISHI_DERIVEKEYMODE_INTEGRITY
,
433 if (res
!= SHISHI_OK
)
436 res
= simplified_hmac_verify (handle
, integritykey
, *out
, *outlen
,
437 in
+ inlen
- hlen
, hlen
);
439 if (res
!= SHISHI_OK
)
442 memmove (*out
, *out
+ blen
, *outlen
- blen
);
443 *outlen
= *outlen
- blen
;
444 *out
= xrealloc (*out
, *outlen
);
448 shishi_key_done (privacykey
);
450 shishi_key_done (integritykey
);
454 res
= _shishi_simplified_dencrypt (handle
, key
, iv
, ivlen
,
456 in
, inlen
, out
, outlen
, 1);
463 _shishi_simplified_checksum (Shishi
* handle
,
467 const char *in
, size_t inlen
,
468 char **out
, size_t * outlen
)
470 Shishi_key
*checksumkey
;
471 int cksumlen
= shishi_checksum_cksumlen (cksumtype
);
474 res
= _shishi_simplified_derivekey (handle
, key
, keyusage
,
475 SHISHI_DERIVEKEYMODE_CHECKSUM
,
477 if (res
!= SHISHI_OK
)
480 res
= simplified_hmac (handle
, checksumkey
, in
, inlen
, out
, outlen
);
482 shishi_key_done (checksumkey
);
484 if (res
!= SHISHI_OK
)
492 static cipherinfo
*ciphers
[] = {
504 &des3_cbc_sha1_kd_info
,
507 &aes128_cts_hmac_sha1_96_info
,
508 &aes256_cts_hmac_sha1_96_info
,
512 &arcfour_hmac_exp_info
517 * shishi_cipher_supported_p:
518 * @type: encryption type, see Shishi_etype.
520 * Find out if cipher is supported.
522 * Return value: Return 0 iff cipher is unsupported.
525 shishi_cipher_supported_p (int32_t type
)
529 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
530 if (type
== ciphers
[i
]->type
)
537 * shishi_cipher_name:
538 * @type: encryption type, see Shishi_etype.
540 * Read humanly readable string for cipher.
542 * Return value: Return name of encryption type,
543 * e.g. "des3-cbc-sha1-kd", as defined in the standards.
546 shishi_cipher_name (int32_t type
)
551 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
553 if (type
== ciphers
[i
]->type
)
554 return ciphers
[i
]->name
;
557 asprintf (&p
, "unknown cipher %d", type
);
562 * shishi_cipher_blocksize:
563 * @type: encryption type, see Shishi_etype.
565 * Get block size for cipher.
567 * Return value: Return block size for encryption type, as defined in
571 shishi_cipher_blocksize (int32_t type
)
575 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
576 if (type
== ciphers
[i
]->type
)
577 return ciphers
[i
]->blocksize
;
583 * shishi_cipher_confoundersize:
584 * @type: encryption type, see Shishi_etype.
586 * Get length of confounder for cipher.
588 * Return value: Returns the size of the confounder (random data) for
589 * encryption type, as defined in the standards.
592 shishi_cipher_confoundersize (int32_t type
)
596 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
597 if (type
== ciphers
[i
]->type
)
598 return ciphers
[i
]->confoundersize
;
604 * shishi_cipher_keylen:
605 * @type: encryption type, see Shishi_etype.
607 * Get key length for cipher.
609 * Return value: Return length of key used for the encryption type, as
610 * defined in the standards.
613 shishi_cipher_keylen (int32_t type
)
617 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
618 if (type
== ciphers
[i
]->type
)
619 return ciphers
[i
]->keylen
;
625 * shishi_cipher_randomlen:
626 * @type: encryption type, see Shishi_etype.
628 * Get length of random data for cipher.
630 * Return value: Return length of random used for the encryption type,
631 * as defined in the standards.
634 shishi_cipher_randomlen (int32_t type
)
638 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
639 if (type
== ciphers
[i
]->type
)
640 return ciphers
[i
]->randomlen
;
646 * shishi_cipher_defaultcksumtype:
647 * @type: encryption type, see Shishi_etype.
649 * Get the default checksum associated with cipher.
651 * Return value: Return associated checksum mechanism for the
652 * encryption type, as defined in the standards.
655 shishi_cipher_defaultcksumtype (int32_t type
)
659 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
660 if (type
== ciphers
[i
]->type
)
661 return ciphers
[i
]->defaultcksumtype
;
666 struct Cipher_aliases
672 static struct Cipher_aliases cipher_aliases
[] = {
673 {"des-crc", SHISHI_DES_CBC_CRC
},
674 {"des-md4", SHISHI_DES_CBC_MD4
},
675 {"des-md5", SHISHI_DES_CBC_MD5
},
676 {"des", SHISHI_DES_CBC_MD5
},
677 {"des3", SHISHI_DES3_CBC_HMAC_SHA1_KD
},
678 {"3des", SHISHI_DES3_CBC_HMAC_SHA1_KD
},
679 {"aes128", SHISHI_AES128_CTS_HMAC_SHA1_96
},
680 {"aes256", SHISHI_AES256_CTS_HMAC_SHA1_96
},
681 {"aes", SHISHI_AES256_CTS_HMAC_SHA1_96
},
682 {"arcfour", SHISHI_ARCFOUR_HMAC
}
686 * shishi_cipher_parse:
687 * @cipher: name of encryption type, e.g. "des3-cbc-sha1-kd".
689 * Get cipher number by parsing string.
691 * Return value: Return encryption type corresponding to a string.
694 shishi_cipher_parse (const char *cipher
)
699 i
= strtol (cipher
, &endptr
, 0);
701 if (endptr
!= cipher
)
704 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
705 if (strcasecmp (cipher
, ciphers
[i
]->name
) == 0)
706 return ciphers
[i
]->type
;
708 for (i
= 0; i
< sizeof (cipher_aliases
) / sizeof (cipher_aliases
[0]); i
++)
709 if (strcasecmp (cipher
, cipher_aliases
[i
].name
) == 0)
710 return cipher_aliases
[i
].type
;
715 static Shishi_random_to_key_function
716 _shishi_cipher_random_to_key (int32_t type
)
720 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
721 if (type
== ciphers
[i
]->type
)
722 return ciphers
[i
]->random2key
;
727 static Shishi_string_to_key_function
728 _shishi_cipher_string_to_key (int32_t type
)
732 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
733 if (type
== ciphers
[i
]->type
)
734 return ciphers
[i
]->string2key
;
739 static Shishi_encrypt_function
740 _shishi_cipher_encrypt (int32_t type
)
744 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
745 if (type
== ciphers
[i
]->type
)
746 return ciphers
[i
]->encrypt
;
751 static Shishi_decrypt_function
752 _shishi_cipher_decrypt (int32_t type
)
756 for (i
= 0; i
< sizeof (ciphers
) / sizeof (ciphers
[0]); i
++)
757 if (type
== ciphers
[i
]->type
)
758 return ciphers
[i
]->decrypt
;
763 static checksuminfo
*checksums
[] = {
781 &hmac_sha1_des3_kd_info
,
784 &hmac_sha1_96_aes128_info
,
785 &hmac_sha1_96_aes256_info
,
788 &arcfour_hmac_md5_info
793 * shishi_checksum_supported_p:
794 * @type: checksum type, see Shishi_cksumtype.
796 * Find out whether checksum is supported.
798 * Return value: Return 0 iff checksum is unsupported.
801 shishi_checksum_supported_p (int32_t type
)
805 for (i
= 0; i
< sizeof (checksums
) / sizeof (checksums
[0]); i
++)
806 if (type
== checksums
[i
]->type
)
813 * shishi_checksum_name:
814 * @type: checksum type, see Shishi_cksumtype.
816 * Get name of checksum.
818 * Return value: Return name of checksum type,
819 * e.g. "hmac-sha1-96-aes256", as defined in the standards.
822 shishi_checksum_name (int32_t type
)
827 for (i
= 0; i
< sizeof (checksums
) / sizeof (checksums
[0]); i
++)
829 if (type
== checksums
[i
]->type
)
830 return checksums
[i
]->name
;
833 asprintf (&p
, "unknown checksum %d", type
);
838 * shishi_checksum_cksumlen:
839 * @type: checksum type, see Shishi_cksumtype.
841 * Get length of checksum output.
843 * Return value: Return length of checksum used for the checksum type,
844 * as defined in the standards.
847 shishi_checksum_cksumlen (int32_t type
)
851 for (i
= 0; i
< sizeof (checksums
) / sizeof (checksums
[0]); i
++)
852 if (type
== checksums
[i
]->type
)
853 return checksums
[i
]->cksumlen
;
859 * shishi_checksum_parse:
860 * @checksum: name of checksum type, e.g. "hmac-sha1-96-aes256".
862 * Get checksum number by parsing a string.
864 * Return value: Return checksum type, see Shishi_cksumtype,
865 * corresponding to a string.
868 shishi_checksum_parse (const char *checksum
)
873 i
= strtol (checksum
, &endptr
, 0);
875 if (endptr
!= checksum
)
878 for (i
= 0; i
< sizeof (checksums
) / sizeof (checksums
[0]); i
++)
879 if (strcasecmp (checksum
, checksums
[i
]->name
) == 0)
880 return checksums
[i
]->type
;
885 static Shishi_checksum_function
886 _shishi_checksum (int32_t type
)
890 for (i
= 0; i
< sizeof (checksums
) / sizeof (checksums
[0]); i
++)
891 if (type
== checksums
[i
]->type
)
892 return checksums
[i
]->checksum
;
897 static Shishi_verify_function
898 _shishi_verify (int32_t type
)
902 for (i
= 0; i
< sizeof (checksums
) / sizeof (checksums
[0]); i
++)
903 if (type
== checksums
[i
]->type
)
904 return checksums
[i
]->verify
;
910 * shishi_string_to_key:
911 * @handle: shishi handle as allocated by shishi_init().
912 * @keytype: cryptographic encryption type, see Shishi_etype.
913 * @password: input array with password.
914 * @passwordlen: length of input array with password.
915 * @salt: input array with salt.
916 * @saltlen: length of input array with salt.
917 * @parameter: input array with opaque encryption type specific information.
918 * @outkey: allocated key handle that will contain new key.
920 * Derive key from a string (password) and salt (commonly
921 * concatenation of realm and principal) for specified key type, and
922 * set the type and value in the given key to the computed values.
923 * The parameter value is specific for each keytype, and can be set if
924 * the parameter information is not available.
926 * Return value: Returns %SHISHI_OK iff successful.
929 shishi_string_to_key (Shishi
* handle
,
931 const char *password
, size_t passwordlen
,
932 const char *salt
, size_t saltlen
,
933 const char *parameter
, Shishi_key
* outkey
)
935 Shishi_string_to_key_function string2key
;
938 shishi_key_type_set (outkey
, keytype
);
940 if (VERBOSECRYPTO (handle
))
942 printf ("string_to_key (%s, password, salt)\n",
943 shishi_key_name (outkey
));
944 printf ("\t ;; password:\n");
945 _shishi_escapeprint (password
, passwordlen
);
946 _shishi_hexprint (password
, passwordlen
);
947 printf ("\t ;; salt:\n");
948 _shishi_escapeprint (salt
, saltlen
);
949 _shishi_hexprint (salt
, saltlen
);
952 string2key
= _shishi_cipher_string_to_key (shishi_key_type (outkey
));
953 if (string2key
== NULL
)
955 shishi_error_printf (handle
, "Unsupported keytype %d",
956 shishi_key_type (outkey
));
957 return SHISHI_CRYPTO_ERROR
;
960 res
= (*string2key
) (handle
, password
, passwordlen
,
961 salt
, saltlen
, parameter
, outkey
);
963 if (VERBOSECRYPTO (handle
))
965 printf ("\t ;; string_to_key key:\n");
966 _shishi_hexprint (shishi_key_value (outkey
),
967 shishi_key_length (outkey
));
968 _shishi_binprint (shishi_key_value (outkey
),
969 shishi_key_length (outkey
));
976 * shishi_random_to_key:
977 * @handle: shishi handle as allocated by shishi_init().
978 * @keytype: cryptographic encryption type, see Shishi_etype.
979 * @rnd: input array with random data.
980 * @rndlen: length of input array with random data.
981 * @outkey: allocated key handle that will contain new key.
983 * Derive key from random data for specified key type, and set the
984 * type and value in the given key to the computed values.
986 * Return value: Returns %SHISHI_OK iff successful.
989 shishi_random_to_key (Shishi
* handle
,
991 const char *rnd
, size_t rndlen
, Shishi_key
* outkey
)
993 Shishi_random_to_key_function random2key
;
996 shishi_key_type_set (outkey
, keytype
);
998 if (VERBOSECRYPTO (handle
))
1000 printf ("random_to_key (%s, random)\n", shishi_key_name (outkey
));
1001 printf ("\t ;; random:\n");
1002 _shishi_hexprint (rnd
, rndlen
);
1003 _shishi_binprint (rnd
, rndlen
);
1006 random2key
= _shishi_cipher_random_to_key (keytype
);
1007 if (random2key
== NULL
)
1009 shishi_error_printf (handle
, "Unsupported random_to_key() ekeytype %d",
1011 return SHISHI_CRYPTO_ERROR
;
1014 res
= (*random2key
) (handle
, rnd
, rndlen
, outkey
);
1016 if (VERBOSECRYPTO (handle
))
1018 printf ("\t ;; random_to_key key:\n");
1019 _shishi_hexprint (shishi_key_value (outkey
),
1020 shishi_key_length (outkey
));
1021 _shishi_binprint (shishi_key_value (outkey
),
1022 shishi_key_length (outkey
));
1030 * @handle: shishi handle as allocated by shishi_init().
1031 * @key: key to compute checksum with.
1032 * @keyusage: integer specifying what this key is used for.
1033 * @cksumtype: the checksum algorithm to use.
1034 * @in: input array with data to integrity protect.
1035 * @inlen: size of input array with data to integrity protect.
1036 * @out: output array with newly allocated integrity protected data.
1037 * @outlen: output variable with length of output array with checksum.
1039 * Integrity protect data using key, possibly altered by supplied key
1040 * usage. If key usage is 0, no key derivation is used. The OUT
1041 * buffer must be deallocated by the caller.
1043 * Return value: Returns %SHISHI_OK iff successful.
1046 shishi_checksum (Shishi
* handle
,
1050 const char *in
, size_t inlen
, char **out
, size_t * outlen
)
1052 Shishi_checksum_function checksum
;
1055 if (VERBOSECRYPTO (handle
))
1057 printf ("checksum (%s, %d, in, out)\n",
1058 shishi_key_name (key
), cksumtype
);
1059 printf ("\t ;; key (%d):\n", shishi_key_length (key
));
1060 _shishi_hexprint (shishi_key_value (key
), shishi_key_length (key
));
1061 printf ("\t ;; in:\n");
1062 _shishi_escapeprint (in
, inlen
);
1063 _shishi_hexprint (in
, inlen
);
1067 cksumtype
= shishi_cipher_defaultcksumtype (shishi_key_type (key
));
1069 checksum
= _shishi_checksum (cksumtype
);
1070 if (checksum
== NULL
)
1072 shishi_error_printf (handle
, "Unsupported checksum type %d", cksumtype
);
1073 return SHISHI_CRYPTO_ERROR
;
1076 /* XXX? check if etype and cksumtype are compatible? */
1078 res
= (*checksum
) (handle
, key
, keyusage
, cksumtype
,
1079 in
, inlen
, out
, outlen
);
1081 if (VERBOSECRYPTO (handle
))
1083 printf ("\t ;; checksum out:\n");
1084 _shishi_escapeprint (*out
, *outlen
);
1085 _shishi_hexprint (*out
, *outlen
);
1093 * @handle: shishi handle as allocated by shishi_init().
1094 * @key: key to verify checksum with.
1095 * @keyusage: integer specifying what this key is used for.
1096 * @cksumtype: the checksum algorithm to use.
1097 * @in: input array with data that was integrity protected.
1098 * @inlen: size of input array with data that was integrity protected.
1099 * @cksum: input array with alleged checksum of data.
1100 * @cksumlen: size of input array with alleged checksum of data.
1102 * Verify checksum of data using key, possibly altered by supplied key
1103 * usage. If key usage is 0, no key derivation is used.
1105 * Return value: Returns %SHISHI_OK iff successful.
1108 shishi_verify (Shishi
* handle
,
1112 const char *in
, size_t inlen
,
1113 const char *cksum
, size_t cksumlen
)
1115 Shishi_verify_function verify
;
1118 if (VERBOSECRYPTO (handle
))
1120 printf ("verify (%s, %d, in, out)\n", shishi_key_name (key
), cksumtype
);
1121 printf ("\t ;; key (%d):\n", shishi_key_length (key
));
1122 _shishi_hexprint (shishi_key_value (key
), shishi_key_length (key
));
1123 printf ("\t ;; data:\n");
1124 _shishi_escapeprint (in
, inlen
);
1125 _shishi_hexprint (in
, inlen
);
1126 printf ("\t ;; mic:\n");
1127 _shishi_escapeprint (cksum
, cksumlen
);
1128 _shishi_hexprint (cksum
, cksumlen
);
1132 cksumtype
= shishi_cipher_defaultcksumtype (shishi_key_type (key
));
1134 verify
= _shishi_verify (cksumtype
);
1137 shishi_error_printf (handle
, "Unsupported checksum type %d", cksumtype
);
1138 return SHISHI_CRYPTO_ERROR
;
1141 /* XXX? check if etype and cksumtype are compatible? */
1143 res
= (*verify
) (handle
, key
, keyusage
, cksumtype
,
1144 in
, inlen
, cksum
, cksumlen
);
1146 if (VERBOSECRYPTO (handle
))
1147 printf ("\t ;; verify return: %d\n", res
);
1153 * shishi_encrypt_ivupdate_etype:
1154 * @handle: shishi handle as allocated by shishi_init().
1155 * @key: key to encrypt with.
1156 * @keyusage: integer specifying what this key is encrypting.
1157 * @etype: integer specifying what cipher to use.
1158 * @iv: input array with initialization vector
1159 * @ivlen: size of input array with initialization vector.
1160 * @ivout: output array with newly allocated updated initialization vector.
1161 * @ivoutlen: size of output array with updated initialization vector.
1162 * @in: input array with data to encrypt.
1163 * @inlen: size of input array with data to encrypt.
1164 * @out: output array with newly allocated encrypted data.
1165 * @outlen: output variable with size of newly allocated output array.
1167 * Encrypts data as per encryption method using specified
1168 * initialization vector and key. The key actually used is derived
1169 * using the key usage. If key usage is 0, no key derivation is used.
1170 * The OUT buffer must be deallocated by the caller. If IVOUT or
1171 * IVOUTLEN is NULL, the updated IV is not saved anywhere.
1173 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1174 * exactly. Some encryption types add pad to make the data fit into
1175 * the block size of the encryption algorithm. Furthermore, the pad
1176 * is not guaranteed to look in any special way, although existing
1177 * implementations often pad with the zero byte. This means that you
1178 * may have to "frame" data, so it is possible to infer the original
1179 * length after decryption. Compare ASN.1 DER which contains such
1182 * Return value: Returns %SHISHI_OK iff successful.
1185 shishi_encrypt_ivupdate_etype (Shishi
* handle
,
1189 const char *iv
, size_t ivlen
,
1190 char **ivout
, size_t * ivoutlen
,
1191 const char *in
, size_t inlen
,
1192 char **out
, size_t * outlen
)
1194 Shishi_encrypt_function enc
;
1197 if (VERBOSECRYPTO (handle
))
1199 printf ("encrypt (type=%s, usage=%d, key, in)\n",
1200 shishi_key_name (key
), keyusage
);
1201 printf ("\t ;; key (%d):\n", shishi_key_length (key
));
1202 _shishi_hexprint (shishi_key_value (key
), shishi_key_length (key
));
1203 printf ("\t ;; in (%d):\n", inlen
);
1204 _shishi_escapeprint (in
, inlen
);
1205 _shishi_hexprint (in
, inlen
);
1208 printf ("\t ;; iv (%d):\n", ivlen
);
1209 _shishi_escapeprint (iv
, ivlen
);
1210 _shishi_hexprint (iv
, ivlen
);
1214 enc
= _shishi_cipher_encrypt (etype
);
1217 shishi_error_printf (handle
, "Unsupported keytype %d",
1218 shishi_key_type (key
));
1219 return SHISHI_CRYPTO_ERROR
;
1222 res
= (*enc
) (handle
, key
, keyusage
, iv
, ivlen
, ivout
, ivoutlen
,
1223 in
, inlen
, out
, outlen
);
1225 if (VERBOSECRYPTO (handle
))
1227 if (res
== SHISHI_OK
)
1229 printf ("\t ;; encrypt out:\n");
1230 _shishi_escapeprint (*out
, *outlen
);
1231 _shishi_hexprint (*out
, *outlen
);
1232 if (ivout
&& ivoutlen
)
1234 printf ("\t ;; iv out:\n");
1235 _shishi_escapeprint (*ivout
, *ivoutlen
);
1236 _shishi_hexprint (*ivout
, *ivoutlen
);
1241 printf ("\t ;; encrypt out failed %d\n", res
);
1249 * shishi_encrypt_iv_etype:
1250 * @handle: shishi handle as allocated by shishi_init().
1251 * @key: key to encrypt with.
1252 * @keyusage: integer specifying what this key is encrypting.
1253 * @etype: integer specifying what cipher to use.
1254 * @iv: input array with initialization vector
1255 * @ivlen: size of input array with initialization vector.
1256 * @in: input array with data to encrypt.
1257 * @inlen: size of input array with data to encrypt.
1258 * @out: output array with newly allocated encrypted data.
1259 * @outlen: output variable with size of newly allocated output array.
1261 * Encrypts data as per encryption method using specified
1262 * initialization vector and key. The key actually used is derived
1263 * using the key usage. If key usage is 0, no key derivation is used.
1264 * The OUT buffer must be deallocated by the caller. The next IV is
1265 * lost, see shishi_encrypt_ivupdate_etype if you need it.
1267 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1268 * exactly. Some encryption types add pad to make the data fit into
1269 * the block size of the encryption algorithm. Furthermore, the pad
1270 * is not guaranteed to look in any special way, although existing
1271 * implementations often pad with the zero byte. This means that you
1272 * may have to "frame" data, so it is possible to infer the original
1273 * length after decryption. Compare ASN.1 DER which contains such
1276 * Return value: Returns %SHISHI_OK iff successful.
1279 shishi_encrypt_iv_etype (Shishi
* handle
,
1283 const char *iv
, size_t ivlen
,
1284 const char *in
, size_t inlen
,
1285 char **out
, size_t * outlen
)
1287 return shishi_encrypt_ivupdate_etype (handle
, key
, keyusage
, etype
,
1288 iv
, ivlen
, NULL
, NULL
,
1289 in
, inlen
, out
, outlen
);
1293 * shishi_encrypt_etype:
1294 * @handle: shishi handle as allocated by shishi_init().
1295 * @key: key to encrypt with.
1296 * @keyusage: integer specifying what this key is encrypting.
1297 * @etype: integer specifying what cipher to use.
1298 * @in: input array with data to encrypt.
1299 * @inlen: size of input array with data to encrypt.
1300 * @out: output array with newly allocated encrypted data.
1301 * @outlen: output variable with size of newly allocated output array.
1303 * Encrypts data as per encryption method using specified
1304 * initialization vector and key. The key actually used is derived
1305 * using the key usage. If key usage is 0, no key derivation is used.
1306 * The OUT buffer must be deallocated by the caller. The default IV
1307 * is used, see shishi_encrypt_iv_etype if you need to alter it. The
1308 * next IV is lost, see shishi_encrypt_ivupdate_etype if you need it.
1310 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1311 * exactly. Some encryption types add pad to make the data fit into
1312 * the block size of the encryption algorithm. Furthermore, the pad
1313 * is not guaranteed to look in any special way, although existing
1314 * implementations often pad with the zero byte. This means that you
1315 * may have to "frame" data, so it is possible to infer the original
1316 * length after decryption. Compare ASN.1 DER which contains such
1319 * Return value: Returns %SHISHI_OK iff successful.
1322 shishi_encrypt_etype (Shishi
* handle
,
1326 const char *in
, size_t inlen
,
1327 char **out
, size_t * outlen
)
1329 return shishi_encrypt_ivupdate_etype (handle
, key
, keyusage
,
1330 shishi_key_type (key
),
1331 NULL
, 0, NULL
, NULL
,
1332 in
, inlen
, out
, outlen
);
1336 * shishi_encrypt_ivupdate:
1337 * @handle: shishi handle as allocated by shishi_init().
1338 * @key: key to encrypt with.
1339 * @keyusage: integer specifying what this key is encrypting.
1340 * @iv: input array with initialization vector
1341 * @ivlen: size of input array with initialization vector.
1342 * @ivout: output array with newly allocated updated initialization vector.
1343 * @ivoutlen: size of output array with updated initialization vector.
1344 * @in: input array with data to encrypt.
1345 * @inlen: size of input array with data to encrypt.
1346 * @out: output array with newly allocated encrypted data.
1347 * @outlen: output variable with size of newly allocated output array.
1349 * Encrypts data using specified initialization vector and key. The
1350 * key actually used is derived using the key usage. If key usage is
1351 * 0, no key derivation is used. The OUT buffer must be deallocated
1352 * by the caller. If IVOUT or IVOUTLEN is NULL, the updated IV is not
1355 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1356 * exactly. Some encryption types add pad to make the data fit into
1357 * the block size of the encryption algorithm. Furthermore, the pad
1358 * is not guaranteed to look in any special way, although existing
1359 * implementations often pad with the zero byte. This means that you
1360 * may have to "frame" data, so it is possible to infer the original
1361 * length after decryption. Compare ASN.1 DER which contains such
1364 * Return value: Returns %SHISHI_OK iff successful.
1367 shishi_encrypt_ivupdate (Shishi
* handle
,
1370 const char *iv
, size_t ivlen
,
1371 char **ivout
, size_t * ivoutlen
,
1372 const char *in
, size_t inlen
,
1373 char **out
, size_t * outlen
)
1375 return shishi_encrypt_ivupdate_etype (handle
, key
, keyusage
,
1376 shishi_key_type (key
),
1377 iv
, ivlen
, ivout
, ivoutlen
,
1378 in
, inlen
, out
, outlen
);
1382 * shishi_encrypt_iv:
1383 * @handle: shishi handle as allocated by shishi_init().
1384 * @key: key to encrypt with.
1385 * @keyusage: integer specifying what this key is encrypting.
1386 * @iv: input array with initialization vector
1387 * @ivlen: size of input array with initialization vector.
1388 * @in: input array with data to encrypt.
1389 * @inlen: size of input array with data to encrypt.
1390 * @out: output array with newly allocated encrypted data.
1391 * @outlen: output variable with size of newly allocated output array.
1393 * Encrypts data using specified initialization vector and key. The
1394 * key actually used is derived using the key usage. If key usage is
1395 * 0, no key derivation is used. The OUT buffer must be deallocated
1396 * by the caller. The next IV is lost, see shishi_encrypt_ivupdate if
1399 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1400 * exactly. Some encryption types add pad to make the data fit into
1401 * the block size of the encryption algorithm. Furthermore, the pad
1402 * is not guaranteed to look in any special way, although existing
1403 * implementations often pad with the zero byte. This means that you
1404 * may have to "frame" data, so it is possible to infer the original
1405 * length after decryption. Compare ASN.1 DER which contains such
1408 * Return value: Returns %SHISHI_OK iff successful.
1411 shishi_encrypt_iv (Shishi
* handle
,
1414 const char *iv
, size_t ivlen
,
1415 const char *in
, size_t inlen
, char **out
, size_t * outlen
)
1417 return shishi_encrypt_ivupdate_etype (handle
, key
, keyusage
,
1418 shishi_key_type (key
),
1419 iv
, ivlen
, NULL
, NULL
,
1420 in
, inlen
, out
, outlen
);
1425 * @handle: shishi handle as allocated by shishi_init().
1426 * @key: key to encrypt with.
1427 * @keyusage: integer specifying what this key is encrypting.
1428 * @in: input array with data to encrypt.
1429 * @inlen: size of input array with data to encrypt.
1430 * @out: output array with newly allocated encrypted data.
1431 * @outlen: output variable with size of newly allocated output array.
1433 * Encrypts data using specified key. The key actually used is
1434 * derived using the key usage. If key usage is 0, no key derivation
1435 * is used. The OUT buffer must be deallocated by the caller. The
1436 * default IV is used, see shishi_encrypt_iv if you need to alter it.
1437 * The next IV is lost, see shishi_encrypt_ivupdate if you need it.
1439 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1440 * exactly. Some encryption types add pad to make the data fit into
1441 * the block size of the encryption algorithm. Furthermore, the pad
1442 * is not guaranteed to look in any special way, although existing
1443 * implementations often pad with the zero byte. This means that you
1444 * may have to "frame" data, so it is possible to infer the original
1445 * length after decryption. Compare ASN.1 DER which contains such
1448 * Return value: Returns %SHISHI_OK iff successful.
1451 shishi_encrypt (Shishi
* handle
,
1454 char *in
, size_t inlen
, char **out
, size_t * outlen
)
1456 return shishi_encrypt_ivupdate_etype (handle
, key
, keyusage
,
1457 shishi_key_type (key
),
1458 NULL
, 0, NULL
, NULL
,
1459 in
, inlen
, out
, outlen
);
1463 * shishi_decrypt_ivupdate_etype:
1464 * @handle: shishi handle as allocated by shishi_init().
1465 * @key: key to decrypt with.
1466 * @keyusage: integer specifying what this key is decrypting.
1467 * @etype: integer specifying what cipher to use.
1468 * @iv: input array with initialization vector
1469 * @ivlen: size of input array with initialization vector.
1470 * @ivout: output array with newly allocated updated initialization vector.
1471 * @ivoutlen: size of output array with updated initialization vector.
1472 * @in: input array with data to decrypt.
1473 * @inlen: size of input array with data to decrypt.
1474 * @out: output array with newly allocated decrypted data.
1475 * @outlen: output variable with size of newly allocated output array.
1477 * Decrypts data as per encryption method using specified
1478 * initialization vector and key. The key actually used is derived
1479 * using the key usage. If key usage is 0, no key derivation is used.
1480 * The OUT buffer must be deallocated by the caller. If IVOUT or
1481 * IVOUTLEN is NULL, the updated IV is not saved anywhere.
1483 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1484 * exactly. Some encryption types add pad to make the data fit into
1485 * the block size of the encryption algorithm. Furthermore, the pad
1486 * is not guaranteed to look in any special way, although existing
1487 * implementations often pad with the zero byte. This means that you
1488 * may have to "frame" data, so it is possible to infer the original
1489 * length after decryption. Compare ASN.1 DER which contains such
1492 * Return value: Returns %SHISHI_OK iff successful.
1495 shishi_decrypt_ivupdate_etype (Shishi
* handle
,
1499 const char *iv
, size_t ivlen
,
1500 char **ivout
, size_t * ivoutlen
,
1501 const char *in
, size_t inlen
,
1502 char **out
, size_t * outlen
)
1504 Shishi_decrypt_function decrypt
;
1507 if (VERBOSECRYPTO (handle
))
1509 printf ("decrypt (type=%s, usage=%d, key, in, out)\n",
1510 shishi_key_name (key
), keyusage
);
1511 printf ("\t ;; key (%d):\n", shishi_key_length (key
));
1512 _shishi_hexprint (shishi_key_value (key
), shishi_key_length (key
));
1513 printf ("\t ;; in (%d):\n", inlen
);
1514 _shishi_escapeprint (in
, inlen
);
1515 _shishi_hexprint (in
, inlen
);
1518 printf ("\t ;; iv (%d):\n", ivlen
);
1519 _shishi_escapeprint (iv
, ivlen
);
1520 _shishi_hexprint (iv
, ivlen
);
1524 decrypt
= _shishi_cipher_decrypt (etype
);
1525 if (decrypt
== NULL
)
1527 shishi_error_printf (handle
, "Unsupported keytype %d",
1528 shishi_key_type (key
));
1529 return SHISHI_CRYPTO_ERROR
;
1532 res
= (*decrypt
) (handle
, key
, keyusage
,
1533 iv
, ivlen
, ivout
, ivoutlen
, in
, inlen
, out
, outlen
);
1535 if (VERBOSECRYPTO (handle
))
1537 if (res
== SHISHI_OK
)
1539 printf ("\t ;; decrypt out:\n");
1540 _shishi_escapeprint (*out
, *outlen
);
1541 _shishi_hexprint (*out
, *outlen
);
1545 printf ("\t ;; decrypt out failed %d\n", res
);
1553 * shishi_decrypt_iv_etype:
1554 * @handle: shishi handle as allocated by shishi_init().
1555 * @key: key to decrypt with.
1556 * @keyusage: integer specifying what this key is decrypting.
1557 * @etype: integer specifying what cipher to use.
1558 * @iv: input array with initialization vector
1559 * @ivlen: size of input array with initialization vector.
1560 * @in: input array with data to decrypt.
1561 * @inlen: size of input array with data to decrypt.
1562 * @out: output array with newly allocated decrypted data.
1563 * @outlen: output variable with size of newly allocated output array.
1565 * Decrypts data as per encryption method using specified
1566 * initialization vector and key. The key actually used is derived
1567 * using the key usage. If key usage is 0, no key derivation is used.
1568 * The OUT buffer must be deallocated by the caller. The next IV is
1569 * lost, see shishi_decrypt_ivupdate_etype if you need it.
1571 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1572 * exactly. Some encryption types add pad to make the data fit into
1573 * the block size of the encryption algorithm. Furthermore, the pad
1574 * is not guaranteed to look in any special way, although existing
1575 * implementations often pad with the zero byte. This means that you
1576 * may have to "frame" data, so it is possible to infer the original
1577 * length after decryption. Compare ASN.1 DER which contains such
1580 * Return value: Returns %SHISHI_OK iff successful.
1583 shishi_decrypt_iv_etype (Shishi
* handle
,
1587 const char *iv
, size_t ivlen
,
1588 const char *in
, size_t inlen
,
1589 char **out
, size_t * outlen
)
1591 return shishi_decrypt_ivupdate_etype (handle
, key
, keyusage
, etype
,
1592 iv
, ivlen
, NULL
, NULL
,
1593 in
, inlen
, out
, outlen
);
1597 * shishi_decrypt_etype:
1598 * @handle: shishi handle as allocated by shishi_init().
1599 * @key: key to decrypt with.
1600 * @keyusage: integer specifying what this key is decrypting.
1601 * @etype: integer specifying what cipher to use.
1602 * @in: input array with data to decrypt.
1603 * @inlen: size of input array with data to decrypt.
1604 * @out: output array with newly allocated decrypted data.
1605 * @outlen: output variable with size of newly allocated output array.
1607 * Decrypts data as per encryption method using specified key. The
1608 * key actually used is derived using the key usage. If key usage is
1609 * 0, no key derivation is used. The OUT buffer must be deallocated
1610 * by the caller. The default IV is used, see shishi_decrypt_iv_etype
1611 * if you need to alter it. The next IV is lost, see
1612 * shishi_decrypt_ivupdate_etype if you need it.
1614 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1615 * exactly. Some encryption types add pad to make the data fit into
1616 * the block size of the encryption algorithm. Furthermore, the pad
1617 * is not guaranteed to look in any special way, although existing
1618 * implementations often pad with the zero byte. This means that you
1619 * may have to "frame" data, so it is possible to infer the original
1620 * length after decryption. Compare ASN.1 DER which contains such
1623 * Return value: Returns %SHISHI_OK iff successful.
1626 shishi_decrypt_etype (Shishi
* handle
,
1630 const char *in
, size_t inlen
,
1631 char **out
, size_t * outlen
)
1633 return shishi_decrypt_ivupdate_etype (handle
, key
, keyusage
, etype
,
1634 NULL
, 0, NULL
, NULL
,
1635 in
, inlen
, out
, outlen
);
1639 * shishi_decrypt_ivupdate:
1640 * @handle: shishi handle as allocated by shishi_init().
1641 * @key: key to decrypt with.
1642 * @keyusage: integer specifying what this key is decrypting.
1643 * @iv: input array with initialization vector
1644 * @ivlen: size of input array with initialization vector.
1645 * @ivout: output array with newly allocated updated initialization vector.
1646 * @ivoutlen: size of output array with updated initialization vector.
1647 * @in: input array with data to decrypt.
1648 * @inlen: size of input array with data to decrypt.
1649 * @out: output array with newly allocated decrypted data.
1650 * @outlen: output variable with size of newly allocated output array.
1652 * Decrypts data using specified initialization vector and key. The
1653 * key actually used is derived using the key usage. If key usage is
1654 * 0, no key derivation is used. The OUT buffer must be deallocated
1655 * by the caller. If IVOUT or IVOUTLEN is NULL, the updated IV is not
1658 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1659 * exactly. Some encryption types add pad to make the data fit into
1660 * the block size of the encryption algorithm. Furthermore, the pad
1661 * is not guaranteed to look in any special way, although existing
1662 * implementations often pad with the zero byte. This means that you
1663 * may have to "frame" data, so it is possible to infer the original
1664 * length after decryption. Compare ASN.1 DER which contains such
1667 * Return value: Returns %SHISHI_OK iff successful.
1670 shishi_decrypt_ivupdate (Shishi
* handle
,
1673 const char *iv
, size_t ivlen
,
1674 char **ivout
, size_t * ivoutlen
,
1675 const char *in
, size_t inlen
,
1676 char **out
, size_t * outlen
)
1678 return shishi_decrypt_ivupdate_etype (handle
, key
, keyusage
,
1679 shishi_key_type (key
),
1680 iv
, ivlen
, ivout
, ivoutlen
,
1681 in
, inlen
, out
, outlen
);
1685 * shishi_decrypt_iv:
1686 * @handle: shishi handle as allocated by shishi_init().
1687 * @key: key to decrypt with.
1688 * @keyusage: integer specifying what this key is decrypting.
1689 * @iv: input array with initialization vector
1690 * @ivlen: size of input array with initialization vector.
1691 * @in: input array with data to decrypt.
1692 * @inlen: size of input array with data to decrypt.
1693 * @out: output array with newly allocated decrypted data.
1694 * @outlen: output variable with size of newly allocated output array.
1696 * Decrypts data using specified initialization vector and key. The
1697 * key actually used is derived using the key usage. If key usage is
1698 * 0, no key derivation is used. The OUT buffer must be deallocated
1699 * by the caller. The next IV is lost, see
1700 * shishi_decrypt_ivupdate_etype if you need it.
1702 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1703 * exactly. Some encryption types add pad to make the data fit into
1704 * the block size of the encryption algorithm. Furthermore, the pad
1705 * is not guaranteed to look in any special way, although existing
1706 * implementations often pad with the zero byte. This means that you
1707 * may have to "frame" data, so it is possible to infer the original
1708 * length after decryption. Compare ASN.1 DER which contains such
1711 * Return value: Returns %SHISHI_OK iff successful.
1714 shishi_decrypt_iv (Shishi
* handle
,
1717 const char *iv
, size_t ivlen
,
1718 const char *in
, size_t inlen
, char **out
, size_t * outlen
)
1720 return shishi_decrypt_ivupdate_etype (handle
, key
, keyusage
,
1721 shishi_key_type (key
),
1722 iv
, ivlen
, NULL
, NULL
,
1723 in
, inlen
, out
, outlen
);
1728 * @handle: shishi handle as allocated by shishi_init().
1729 * @key: key to decrypt with.
1730 * @keyusage: integer specifying what this key is decrypting.
1731 * @in: input array with data to decrypt.
1732 * @inlen: size of input array with data to decrypt.
1733 * @out: output array with newly allocated decrypted data.
1734 * @outlen: output variable with size of newly allocated output array.
1736 * Decrypts data specified key. The key actually used is derived
1737 * using the key usage. If key usage is 0, no key derivation is used.
1738 * The OUT buffer must be deallocated by the caller. The default IV
1739 * is used, see shishi_decrypt_iv if you need to alter it. The next
1740 * IV is lost, see shishi_decrypt_ivupdate if you need it.
1742 * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1743 * exactly. Some encryption types add pad to make the data fit into
1744 * the block size of the encryption algorithm. Furthermore, the pad
1745 * is not guaranteed to look in any special way, although existing
1746 * implementations often pad with the zero byte. This means that you
1747 * may have to "frame" data, so it is possible to infer the original
1748 * length after decryption. Compare ASN.1 DER which contains such
1751 * Return value: Returns %SHISHI_OK iff successful.
1754 shishi_decrypt (Shishi
* handle
,
1757 const char *in
, size_t inlen
, char **out
, size_t * outlen
)
1759 return shishi_decrypt_ivupdate_etype (handle
, key
, keyusage
,
1760 shishi_key_type (key
),
1761 NULL
, 0, NULL
, NULL
,
1762 in
, inlen
, out
, outlen
);
1767 * @handle: shishi handle as allocated by shishi_init().
1768 * @in: input array with data to decrypt.
1769 * @inlen: size of input array with data to decrypt ("M").
1770 * @out: output array with decrypted data.
1771 * @outlen: size of output array ("N").
1773 * Fold data into a fixed length output array, with the intent to give
1774 * each input bit approximately equal weight in determining the value
1775 * of each output bit.
1777 * The algorithm is from "A Better Key Schedule For DES-like Ciphers"
1778 * by Uri Blumenthal and Steven M. Bellovin,
1779 * <URL:http://www.research.att.com/~smb/papers/ides.pdf>, although
1780 * the sample vectors provided by the paper are incorrect.
1782 * Return value: Returns %SHISHI_OK iff successful.
1785 shishi_n_fold (Shishi
* handle
,
1786 const char *in
, size_t inlen
, char *out
, size_t outlen
)
1796 To n-fold a number X, replicate the input value to a length that is
1797 the least common multiple of n and the length of X. Before each
1798 repetition, the input is rotated to the right by 13 bit
1799 positions. The successive n-bit chunks are added together using
1800 1's-complement addition (that is, addition with end-around carry)
1801 to yield a n-bit result denoted <X>_n.
1804 a
= xmemdup (in
, m
);
1808 if (VERBOSECRYPTONOISE (handle
))
1810 printf ("%d-fold (string)\n", n
* 8);
1811 printf ("\t ;; string length %d bytes %d bits\n", m
, m
* 8);
1812 _shishi_escapeprint (a
, m
);
1813 _shishi_hexprint (a
, m
);
1814 printf ("\t ;; lcm(%d, %d) = lcm(%d, %d) = %d\n",
1815 8 * m
, 8 * n
, m
, n
, lcmmn
);
1818 buf
= (char *) xmalloc (lcmmn
);
1820 /* Replicate the input th the LCMMN length */
1821 for (i
= 0; i
< (lcmmn
/ m
); i
++)
1823 if (VERBOSECRYPTONOISE (handle
))
1825 printf ("\t ;; %d-th replication\n", i
+ 1);
1826 printf ("string = rot13(string)\n");
1829 memcpy ((char *) &buf
[i
* m
], a
, m
);
1830 rot13 (handle
, a
, a
, m
);
1833 memset (out
, 0, n
); /* just in case */
1835 if (VERBOSECRYPTONOISE (handle
))
1837 printf ("\t ;; replicated string (length %d):\n", lcmmn
);
1838 _shishi_hexprint (buf
, lcmmn
);
1839 _shishi_binprint (buf
, lcmmn
);
1840 printf ("sum = 0\n");
1843 /* Now we view the buf as set of n-byte strings
1844 Add the n-byte long chunks together, using
1845 one's complement addition, storing the
1846 result in the output string. */
1848 for (i
= 0; i
< (lcmmn
/ n
); i
++)
1850 if (VERBOSECRYPTONOISE (handle
))
1852 printf ("\t ;; %d-th one's complement addition sum\n", i
+ 1);
1853 printf ("\t ;; sum:\n");
1854 _shishi_hexprint (out
, n
);
1855 _shishi_binprint (out
, n
);
1856 printf ("\t ;; A (offset %d):\n", i
* n
);
1857 _shishi_hexprint (&buf
[i
* n
], n
);
1858 _shishi_binprint (&buf
[i
* n
], n
);
1859 printf ("sum = ocadd(sum, A);\n");
1862 ocadd (out
, (char *) &buf
[i
* n
], out
, n
);
1864 if (VERBOSECRYPTONOISE (handle
))
1866 printf ("\t ;; sum:\n");
1867 _shishi_hexprint (out
, n
);
1868 _shishi_binprint (out
, n
);
1872 if (VERBOSECRYPTONOISE (handle
))
1874 printf ("\t ;; nfold\n");
1875 _shishi_hexprint (out
, n
);
1876 _shishi_binprint (out
, n
);
1885 #define MAX_DR_PRFCONSTANT 1024
1889 * @handle: shishi handle as allocated by shishi_init().
1890 * @key: input array with cryptographic key to use.
1891 * @prfconstant: input array with the constant string.
1892 * @prfconstantlen: size of input array with the constant string.
1893 * @derivedrandom: output array with derived random data.
1894 * @derivedrandomlen: size of output array with derived random data.
1896 * Derive "random" data from a key and a constant thusly:
1897 * DR(KEY, PRFCONSTANT) = TRUNCATE(DERIVEDRANDOMLEN,
1898 * SHISHI_ENCRYPT(KEY, PRFCONSTANT)).
1900 * Return value: Returns %SHISHI_OK iff successful.
1903 shishi_dr (Shishi
* handle
,
1905 const char *prfconstant
, size_t prfconstantlen
,
1906 char *derivedrandom
, size_t derivedrandomlen
)
1909 char plaintext
[MAX_DR_PRFCONSTANT
];
1910 char nfoldprfconstant
[MAX_DR_PRFCONSTANT
];
1911 size_t blocksize
= shishi_cipher_blocksize (shishi_key_type (key
));
1912 size_t totlen
, cipherlen
;
1915 if (VERBOSECRYPTO (handle
))
1917 printf ("dr (%s, key, prfconstant, %d)\n",
1918 shishi_cipher_name (shishi_key_type (key
)), derivedrandomlen
);
1919 printf ("\t ;; key (length %d):\n", shishi_key_length (key
));
1920 _shishi_hexprint (shishi_key_value (key
), shishi_key_length (key
));
1921 _shishi_binprint (shishi_key_value (key
), shishi_key_length (key
));
1922 printf ("\t ;; prfconstant %s':\n", prfconstant
);
1923 _shishi_escapeprint (prfconstant
, prfconstantlen
);
1924 _shishi_hexprint (prfconstant
, prfconstantlen
);
1925 _shishi_binprint (prfconstant
, prfconstantlen
);
1928 if (prfconstantlen
> MAX_DR_PRFCONSTANT
)
1929 return SHISHI_TOO_SMALL_BUFFER
;
1931 if (prfconstantlen
== blocksize
)
1932 memcpy (nfoldprfconstant
, prfconstant
, prfconstantlen
);
1935 res
= shishi_n_fold (handle
, prfconstant
, prfconstantlen
,
1936 nfoldprfconstant
, blocksize
);
1937 if (res
!= SHISHI_OK
)
1941 if (VERBOSECRYPTO (handle
))
1943 printf ("\t ;; possibly nfolded prfconstant (length %d):\n", blocksize
);
1944 _shishi_escapeprint (nfoldprfconstant
, blocksize
);
1945 _shishi_hexprint (nfoldprfconstant
, blocksize
);
1946 _shishi_binprint (nfoldprfconstant
, blocksize
);
1949 memcpy (plaintext
, nfoldprfconstant
, blocksize
);
1954 res
= shishi_encrypt (handle
, key
, 0, plaintext
, blocksize
,
1955 &cipher
, &cipherlen
);
1956 if (res
!= SHISHI_OK
)
1958 if (cipherlen
!= blocksize
)
1959 return SHISHI_CRYPTO_ERROR
;
1960 memcpy (derivedrandom
+ totlen
, cipher
, cipherlen
);
1961 memcpy (plaintext
, cipher
, cipherlen
);
1963 totlen
+= cipherlen
;
1965 while (totlen
< derivedrandomlen
);
1967 if (VERBOSECRYPTO (handle
))
1969 printf ("\t ;; derived random (length %d):\n", derivedrandomlen
);
1970 _shishi_hexprint (derivedrandom
, derivedrandomlen
);
1971 _shishi_binprint (derivedrandom
, derivedrandomlen
);
1979 * @handle: shishi handle as allocated by shishi_init().
1980 * @key: input cryptographic key to use.
1981 * @prfconstant: input array with the constant string.
1982 * @prfconstantlen: size of input array with the constant string.
1983 * @derivedkey: pointer to derived key (allocated by caller).
1985 * Derive a key from a key and a constant thusly:
1986 * DK(KEY, PRFCONSTANT) = SHISHI_RANDOM-TO-KEY(SHISHI_DR(KEY, PRFCONSTANT)).
1988 * Return value: Returns %SHISHI_OK iff successful.
1991 shishi_dk (Shishi
* handle
,
1993 const char *prfconstant
, size_t prfconstantlen
,
1994 Shishi_key
* derivedkey
)
1996 char rnd
[MAX_RANDOM_LEN
];
1999 if (VERBOSECRYPTO (handle
))
2001 printf ("dk (%s, key, prfconstant)\n", shishi_key_name (key
));
2002 printf ("\t ;; key (length %d):\n", shishi_key_length (key
));
2003 _shishi_hexprint (shishi_key_value (key
), shishi_key_length (key
));
2004 _shishi_binprint (shishi_key_value (key
), shishi_key_length (key
));
2005 printf ("\t ;; prfconstant:\n");
2006 _shishi_escapeprint (prfconstant
, prfconstantlen
);
2007 _shishi_hexprint (prfconstant
, prfconstantlen
);
2008 _shishi_binprint (prfconstant
, prfconstantlen
);
2011 shishi_key_type_set (derivedkey
, shishi_key_type (key
));
2013 res
= shishi_dr (handle
, key
, prfconstant
, prfconstantlen
, rnd
,
2014 shishi_key_length (derivedkey
));
2015 if (res
!= SHISHI_OK
)
2018 res
= shishi_random_to_key (handle
, shishi_key_type (derivedkey
),
2019 rnd
, shishi_key_length (derivedkey
),
2021 if (res
!= SHISHI_OK
)