search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Generated.
[shishi.git] / lib / crypto.c
blob2f43fd7793f88d9c752c43b61d5f7cdb33a1912e
1 /* crypto.c crypto functions
2 * Copyright (C) 2002, 2003 Simon Josefsson
3 *
4 * This file is part of Shishi.
5 *
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 *
20 */
21
22 /* XXX several functions with out/outlen writes longer than the outlen */
23
24 #include "internal.h"
25 #ifdef USE_GCRYPT
26 #include <gcrypt.h>
27 #else
28 #include "hmac.h"
29 #include "des.h"
30 #include "aes.h"
31 #include "cbc.h"
32 #include "cbc-cts.h"
33 #include "cbc-mac.h"
34 #endif
35
36 static void
37 escapeprint (const char *str, int len)
38 {
39 int i;
40
41 printf ("\t ;; `");
42 for (i = 0; i < len; i++)
43 if ((str[i] >= 'A' && str[i] <= 'Z') ||
44 (str[i] >= 'a' && str[i] <= 'z') ||
45 (str[i] >= '0' && str[i] <= '9') || str[i] == '.')
46 printf ("%c", str[i] & 0xFF);
47 else
48 printf ("\\x%02x", str[i] & 0xFF);
49 printf ("' (length %d bytes)\n", len);
50 }
51
52 static void
53 hexprint (const char *str, int len)
54 {
55 int i;
56
57 printf ("\t ;; ");
58 for (i = 0; i < len; i++)
59 {
60 printf ("%02x ", str[i] & 0xFF);
61 if ((i + 1) % 8 == 0)
62 printf (" ");
63 if ((i + 1) % 16 == 0 && i + 1 < len)
64 printf ("\n\t ;; ");
65 }
66 }
67
68 static void
69 binprint (const char *str, int len)
70 {
71 int i;
72
73 printf ("\t ;; ");
74 for (i = 0; i < len; i++)
75 {
76 printf ("%d%d%d%d%d%d%d%d ",
77 str[i] & 0x80 ? 1 : 0,
78 str[i] & 0x40 ? 1 : 0,
79 str[i] & 0x20 ? 1 : 0,
80 str[i] & 0x10 ? 1 : 0,
81 str[i] & 0x08 ? 1 : 0,
82 str[i] & 0x04 ? 1 : 0,
83 str[i] & 0x02 ? 1 : 0, str[i] & 0x01 ? 1 : 0);
84 if ((i + 1) % 3 == 0)
85 printf (" ");
86 if ((i + 1) % 6 == 0 && i + 1 < len)
87 printf ("\n\t ;; ");
88 }
89 }
90
91 static void
92 bin7print (const char *str, int len)
93 {
94 int i;
95
96 printf ("\t ;; ");
97 for (i = 0; i < len; i++)
98 {
99 printf ("%d%d%d%d%d%d%d ",
100 str[i] & 0x40 ? 1 : 0,
101 str[i] & 0x20 ? 1 : 0,
102 str[i] & 0x10 ? 1 : 0,
103 str[i] & 0x08 ? 1 : 0,
104 str[i] & 0x04 ? 1 : 0,
105 str[i] & 0x02 ? 1 : 0, str[i] & 0x01 ? 1 : 0);
106 if ((i + 1) % 3 == 0)
107 printf (" ");
108 if ((i + 1) % 6 == 0 && i + 1 < len)
109 printf ("\n\t ;; ");
110 }
111 }
112
113 static int
114 gcd (int a, int b)
115 {
116 if (b == 0)
117 return a;
118 else
119 return gcd (b, a % b);
120 }
121
122 static int
123 lcm (int a, int b)
124 {
125 return a * b / gcd (a, b);
126 }
127
128 static int
129 rot13 (Shishi * handle, char *in, char *out, int len)
130 {
131 if (VERBOSECRYPTO (handle))
132 {
133 printf ("\t ;; rot 13 in:\n");
134 escapeprint (in, len);
135 hexprint (in, len);
136 puts ("");
137 binprint (in, len);
138 puts ("");
139 }
140
141 if (len == 1)
142 {
143 out[0] =
144 ((in[0] >> 5) & 0x01) |
145 ((in[0] >> 5) & 0x02) |
146 ((in[0] >> 5) & 0x04) |
147 ((in[0] << 3) & 0x08) |
148 ((in[0] << 3) & 0x10) |
149 ((in[0] << 3) & 0x20) | ((in[0] << 3) & 0x40) | ((in[0] << 3) & 0x80);
150 }
151 else if (len > 1)
152 {
153 char nexttolast, last;
154 int i;
155
156 nexttolast = in[len - 2];
157 last = in[len - 1];
158
159 for (i = len * 8 - 1; i >= 13; i--)
160 {
161 int pos = i / 8;
162 char mask = ~(1 << (7 - i % 8));
163 int pos2 = (i - 13) / 8;
164 char mask2 = (1 << (7 - (i - 13) % 8));
165
166 out[pos] = (out[pos] & mask) |
167 (((in[pos2] & mask2) ? 0xFF : 0x00) & ~mask);
168 }
169 out[0] = ((nexttolast & 0xFF) << 3) | ((last & 0xFF) >> 5);
170 out[1] = (in[1] & ~(0xFF & (0xFF << 3))) | (0xFF & (last << 3));
171 }
172
173 if (VERBOSECRYPTO (handle))
174 {
175 printf ("\t ;; rot13 out:\n");
176 escapeprint (out, len);
177 hexprint (out, len);
178 puts ("");
179 binprint (out, len);
180 puts ("");
181 }
182
183 return SHISHI_OK;
184 }
185
186 static int
187 ocadd (char *add1, char *add2, char *sum, int len)
188 {
189 int i;
190 int carry = 0;
191
192 for (i = len - 1; i >= 0; i--)
193 {
194 int tmpsum = (unsigned char) add1[i] + (unsigned char) add2[i];
195
196 sum[i] = (tmpsum + carry) & 0xFF;
197 if (tmpsum + carry > 0xFF)
198 carry = 1;
199 else
200 carry = 0;
201 }
202 if (carry)
203 {
204 int done = 0;
205
206 for (i = len - 1; i >= 0; i--)
207 if ((unsigned char) sum[i] != 0xFF)
208 {
209 sum[i]++;
210 done = 1;
211 break;
212 }
213
214 if (!done)
215 memset (sum, 0, len);
216 }
217
218 return SHISHI_OK;
219 }
220
221 static int
222 simplified_hmac (Shishi * handle,
223 Shishi_key * key,
224 const char *in, size_t inlen,
225 char **outhash, size_t * outhashlen)
226 {
227 #if USE_GCRYPT
228 gcry_md_hd_t mdh;
229 int halg = GCRY_MD_SHA1;
230 size_t hlen = gcry_md_get_algo_dlen (halg);
231 unsigned char *hash;
232 gpg_error_t err;
233
234 err = gcry_md_open (&mdh, halg, GCRY_MD_FLAG_HMAC);
235 if (err != GPG_ERR_NO_ERROR)
236 {
237 shishi_error_printf (handle, "Libgcrypt md open failed");
238 shishi_error_set (handle, gpg_strerror (err));
239 return SHISHI_CRYPTO_INTERNAL_ERROR;
240 }
241
242 err = gcry_md_setkey (mdh, shishi_key_value (key), shishi_key_length (key));
243 if (err != GPG_ERR_NO_ERROR)
244 {
245 shishi_error_printf (handle, "Libgcrypt md setkey failed");
246 shishi_error_set (handle, gpg_strerror (err));
247 return SHISHI_CRYPTO_INTERNAL_ERROR;
248 }
249
250 gcry_md_write (mdh, in, inlen);
251
252 hash = gcry_md_read (mdh, halg);
253 if (hash == NULL)
254 {
255 shishi_error_printf (handle, "Libgcrypt failed to compute hash");
256 return SHISHI_CRYPTO_INTERNAL_ERROR;
257 }
258
259 *outhashlen = hlen;
260 *outhash = xmalloc (*outhashlen);
261 memcpy (*outhash, hash, *outhashlen);
262
263 gcry_md_close (mdh);
264 #else
265 struct hmac_sha1_ctx ctx;
266 hmac_sha1_set_key (&ctx, shishi_key_length (key), shishi_key_value (key));
267 hmac_sha1_update (&ctx, inlen, in);
268 *outhashlen = SHA1_DIGEST_SIZE;
269 *outhash = xmalloc (*outhashlen);
270 hmac_sha1_digest (&ctx, *outhashlen, *outhash);
271 #endif
272 return SHISHI_OK;
273 }
274
275 static int
276 simplified_hmac_verify (Shishi * handle,
277 Shishi_key * key,
278 const char *in, size_t inlen,
279 const char *hmac, size_t hmaclen)
280 {
281 char *hash;
282 size_t hlen;
283 int same;
284 int res;
285
286 res = simplified_hmac (handle, key, in, inlen, &hash, &hlen);
287 if (res != SHISHI_OK || hash == NULL)
288 return res;
289
290 same = (hlen == hmaclen) && memcmp (hash, hmac, hmaclen) == 0;
291
292 free (hash);
293
294 if (!same)
295 {
296 shishi_error_printf (handle, "HMAC verify failed");
297 return SHISHI_CRYPTO_ERROR;
298 }
299
300 return SHISHI_OK;
301 }
302
303 typedef enum
304 {
305 SHISHI_DERIVEKEYMODE_CHECKSUM,
306 SHISHI_DERIVEKEYMODE_PRIVACY,
307 SHISHI_DERIVEKEYMODE_INTEGRITY
308 }
309 Shishi_derivekeymode;
310
311 static int
312 simplified_derivekey (Shishi * handle,
313 Shishi_key * key,
314 int keyusage, int derivekeymode, Shishi_key ** outkey)
315 {
316 char constant[5];
317 int res = SHISHI_OK;
318 Shishi_key *derivedkey;
319
320 if (VERBOSECRYPTO (handle))
321 {
322 printf ("simplified_derivekey\n");
323 printf ("\t ;; mode %d (%s)\n", derivekeymode,
324 derivekeymode == SHISHI_DERIVEKEYMODE_CHECKSUM ? "checksum" :
325 derivekeymode == SHISHI_DERIVEKEYMODE_INTEGRITY ? "integrity" :
326 derivekeymode == SHISHI_DERIVEKEYMODE_PRIVACY ? "privacy" :
327 "base-key");
328 hexprint (shishi_key_value (key), shishi_key_length (key));
329 puts ("");
330 }
331
332
333 res = shishi_key_from_value (handle, shishi_key_type (key),
334 NULL, &derivedkey);
335 if (res != SHISHI_OK)
336 return res;
337
338 *outkey = derivedkey;
339
340 if (keyusage)
341 {
342 uint32_t tmp = htonl (keyusage);
343 memcpy (constant, &tmp, 4);
344 if (derivekeymode == SHISHI_DERIVEKEYMODE_CHECKSUM)
345 constant[4] = '\x99';
346 else if (derivekeymode == SHISHI_DERIVEKEYMODE_INTEGRITY)
347 constant[4] = '\x55';
348 else /* if (derivekeymode == SHISHI_DERIVEKEYMODE_PRIVACY) */
349 constant[4] = '\xAA';
350
351 res = shishi_dk (handle, key, constant, 5, derivedkey);
352 }
353 else
354 {
355 shishi_key_copy (derivedkey, key);
356 }
357
358 if (VERBOSECRYPTO (handle))
359 {
360 printf ("\t ;; simplified_derivekey out (%d):\n",
361 shishi_key_length (derivedkey));
362 hexprint (shishi_key_value (derivedkey),
363 shishi_key_length (derivedkey));
364 puts ("");
365 }
366
367 return res;
368 }
369
370 static int
371 simplified_dencrypt (Shishi * handle,
372 Shishi_key * key,
373 const char *iv, size_t ivlen,
374 const char *in, size_t inlen,
375 char **out, size_t * outlen, int decryptp)
376 {
377 #ifdef USE_GCRYPT
378 gcry_cipher_hd_t ch;
379 gpg_error_t err;
380 int alg = 0;
381 int mode = GCRY_CIPHER_MODE_CBC;
382 int flags = 0;
383
384 switch (shishi_key_type (key))
385 {
386 case SHISHI_DES_CBC_CRC:
387 case SHISHI_DES_CBC_MD4:
388 case SHISHI_DES_CBC_MD5:
389 alg = GCRY_CIPHER_DES;
390 *outlen = inlen;
391 break;
392
393 case SHISHI_DES3_CBC_HMAC_SHA1_KD:
394 alg = GCRY_CIPHER_3DES;
395 *outlen = inlen;
396 break;
397
398 case SHISHI_AES128_CTS_HMAC_SHA1_96:
399 case SHISHI_AES256_CTS_HMAC_SHA1_96:
400 alg = GCRY_CIPHER_AES;
401 flags |= GCRY_CIPHER_CBC_CTS;
402 *outlen = inlen;
403 break;
404 }
405
406 err = gcry_cipher_open (&ch, alg, mode, flags);
407 if (err != GPG_ERR_NO_ERROR)
408 {
409 shishi_error_printf (handle, "Libgcrypt cipher open failed");
410 shishi_error_set (handle, gpg_strerror (err));
411 return SHISHI_CRYPTO_INTERNAL_ERROR;
412 }
413
414 err = gcry_cipher_setkey (ch, shishi_key_value (key),
415 shishi_key_length (key));
416 if (err != GPG_ERR_NO_ERROR)
417 {
418 shishi_error_printf (handle, "Libgcrypt setkey failed");
419 shishi_error_set (handle, gpg_strerror (err));
420 return SHISHI_CRYPTO_INTERNAL_ERROR;
421 }
422
423 err = gcry_cipher_setiv (ch, iv, ivlen);
424 if (err != GPG_ERR_NO_ERROR)
425 {
426 shishi_error_printf (handle, "Libgcrypt setiv failed");
427 shishi_error_set (handle, gpg_strerror (err));
428 return SHISHI_CRYPTO_INTERNAL_ERROR;
429 }
430
431 *out = xmalloc (*outlen);
432
433 if (decryptp)
434 err = gcry_cipher_decrypt (ch, (unsigned char *) *out, *outlen,
435 (const unsigned char *) in, inlen);
436 else
437 err = gcry_cipher_encrypt (ch, (unsigned char *) *out, *outlen,
438 (const unsigned char *) in, inlen);
439 if (err != GPG_ERR_NO_ERROR)
440 {
441 shishi_error_set (handle, gpg_strerror (err));
442 return SHISHI_CRYPTO_INTERNAL_ERROR;
443 }
444
445 gcry_cipher_close (ch);
446
447 #else
448 struct CBC_CTX(struct des_ctx, DES_BLOCK_SIZE) des;
449 struct CBC_CTX(struct des3_ctx, DES3_BLOCK_SIZE) des3;
450 struct CBC_CTS_CTX(struct aes_ctx, AES_BLOCK_SIZE) aes;
451 void *p;
452 int rc;
453
454 *outlen = inlen;
455 *out = xmalloc (*outlen);
456
457 switch (shishi_key_type (key))
458 {
459 case SHISHI_DES_CBC_CRC:
460 case SHISHI_DES_CBC_MD4:
461 case SHISHI_DES_CBC_MD5:
462 rc = des_set_key (&des.ctx, shishi_key_value (key));
463 if (!rc)
464 {
465 shishi_error_printf (handle, "Nettle setkey failed");
466 return SHISHI_CRYPTO_INTERNAL_ERROR;
467 }
468 if (iv)
469 CBC_SET_IV (&des, iv);
470 else
471 memset(des.iv, 0, sizeof(des.iv));
472 if (decryptp)
473 CBC_DECRYPT (&des, des_decrypt, inlen, *out, in);
474 else
475 CBC_ENCRYPT (&des, des_encrypt, inlen, *out, in);
476 break;
477
478 case SHISHI_DES3_CBC_HMAC_SHA1_KD:
479 rc = des3_set_key (&des3.ctx, shishi_key_value (key));
480 if (!rc)
481 {
482 shishi_error_printf (handle, "Nettle setkey failed");
483 return SHISHI_CRYPTO_INTERNAL_ERROR;
484 }
485 if (iv)
486 CBC_SET_IV (&des3, iv);
487 else
488 memset(des3.iv, 0, sizeof(des3.iv));
489 if (decryptp)
490 CBC_DECRYPT (&des3, des3_decrypt, inlen, *out, in);
491 else
492 CBC_ENCRYPT (&des3, des3_encrypt, inlen, *out, in);
493 break;
494
495 case SHISHI_AES128_CTS_HMAC_SHA1_96:
496 case SHISHI_AES256_CTS_HMAC_SHA1_96:
497 if (iv)
498 CBC_CTS_SET_IV (&aes, iv);
499 else
500 memset(aes.iv, 0, sizeof(aes.iv));
501 if (decryptp)
502 {
503 aes_set_decrypt_key (&aes.ctx, shishi_key_length (key),
504 shishi_key_value (key));
505 CBC_CTS_DECRYPT (&aes, aes_decrypt, inlen, *out, in);
506 }
507 else
508 {
509 aes_set_encrypt_key (&aes.ctx, shishi_key_length (key),
510 shishi_key_value (key));
511 CBC_CTS_ENCRYPT (&aes, aes_encrypt, inlen, *out, in);
512 }
513 break;
514 }
515
516 #endif
517 return SHISHI_OK;
518 }
519
520 static int
521 simplified_encrypt (Shishi * handle,
522 Shishi_key * key,
523 int keyusage,
524 const char *iv, size_t ivlen,
525 const char *in, size_t inlen, char **out, size_t * outlen)
526 {
527 int res;
528 int padzerolen = 0;
529
530 if ((shishi_key_type (key) == SHISHI_DES3_CBC_HMAC_SHA1_KD ||
531 shishi_key_type (key) == SHISHI_DES_CBC_CRC ||
532 shishi_key_type (key) == SHISHI_DES_CBC_MD4 ||
533 shishi_key_type (key) == SHISHI_DES_CBC_MD5) && (inlen % 8) != 0)
534 while (((inlen + padzerolen) % 8) != 0)
535 padzerolen++;
536
537 if (keyusage != 0)
538 {
539 char *pt = NULL, *ct = NULL, *hmac = NULL;
540 int blen = shishi_cipher_blocksize (shishi_key_type (key));
541 size_t ctlen, ptlen, hmaclen;
542 Shishi_key *privacykey = NULL, *integritykey = NULL;
543
544 ptlen = inlen + blen + padzerolen;
545 pt = xmalloc (ptlen);
546
547 res = shishi_randomize (handle, pt, blen);
548 if (res != SHISHI_OK)
549 goto done;
550
551 memcpy (pt + blen, in, inlen);
552 memset (pt + blen + inlen, 0, padzerolen);
553
554 res = simplified_derivekey (handle, key, keyusage,
555 SHISHI_DERIVEKEYMODE_PRIVACY, &privacykey);
556 if (res != SHISHI_OK)
557 goto done;
558
559 res = simplified_dencrypt (handle, privacykey, iv, ivlen,
560 pt, ptlen, &ct, &ctlen, 0);
561 if (res != SHISHI_OK)
562 goto done;
563
564
565 res = simplified_derivekey (handle, key, keyusage,
566 SHISHI_DERIVEKEYMODE_INTEGRITY,
567 &integritykey);
568 if (res != SHISHI_OK)
569 goto done;
570
571 res =
572 simplified_hmac (handle, integritykey, pt, ptlen, &hmac, &hmaclen);
573 if (res != SHISHI_OK)
574 goto done;
575
576 *outlen = ctlen + hmaclen;
577 *out = xmalloc (*outlen);
578 memcpy (*out, ct, ctlen);
579 memcpy (*out + ctlen, hmac, hmaclen);
580
581 done:
582 if (&privacykey)
583 shishi_key_done (&privacykey);
584 if (&integritykey)
585 shishi_key_done (&integritykey);
586 if (hmac)
587 free (hmac);
588 if (ct)
589 free (ct);
590 if (pt)
591 free (pt);
592 }
593 else
594 {
595 res = simplified_dencrypt (handle, key, iv, ivlen,
596 in, inlen, out, outlen, 0);
597 }
598
599 return res;
600 }
601
602 static int
603 simplified_decrypt (Shishi * handle,
604 Shishi_key * key,
605 int keyusage,
606 const char *iv, size_t ivlen,
607 const char *in, size_t inlen, char **out, size_t * outlen)
608 {
609 int res;
610
611 if (keyusage)
612 {
613 Shishi_key *privacykey = NULL, *integritykey = NULL;
614 int blen = shishi_cipher_blocksize (shishi_key_type (key));
615 size_t hlen = 20; /* XXX only works for SHA-1 */
616 size_t len;
617
618 res = simplified_derivekey (handle, key, keyusage,
619 SHISHI_DERIVEKEYMODE_PRIVACY, &privacykey);
620 if (res != SHISHI_OK)
621 goto done;
622
623 res = simplified_dencrypt (handle, privacykey, iv, ivlen,
624 in, inlen - hlen, out, outlen, 1);
625 if (res != SHISHI_OK)
626 goto done;
627
628 res = simplified_derivekey (handle, key, keyusage,
629 SHISHI_DERIVEKEYMODE_INTEGRITY,
630 &integritykey);
631 if (res != SHISHI_OK)
632 goto done;
633
634 res = simplified_hmac_verify (handle, integritykey, *out, *outlen,
635 in + inlen - hlen, hlen);
636
637 if (res != SHISHI_OK)
638 goto done;
639
640 memmove (*out, *out + blen, *outlen - blen);
641 *outlen = *outlen - blen;
642 *out = xrealloc (*out, *outlen);
643
644 done:
645 if (privacykey)
646 shishi_key_done (&privacykey);
647 if (integritykey)
648 shishi_key_done (&integritykey);
649 }
650 else
651 {
652 res = simplified_dencrypt (handle, key, iv, ivlen,
653 in, inlen, out, outlen, 1);
654 }
655
656 return res;
657 }
658
659 static int
660 simplified_checksum (Shishi * handle,
661 Shishi_key * key,
662 int keyusage,
663 int cksumtype,
664 char *in, size_t inlen, char **out, size_t * outlen)
665 {
666 Shishi_key *checksumkey;
667 size_t hlen = 20; /* XXX only works for SHA-1 */
668 int cksumlen = shishi_checksum_cksumlen (cksumtype);
669 int res;
670
671 res = simplified_derivekey (handle, key, keyusage,
672 SHISHI_DERIVEKEYMODE_CHECKSUM, &checksumkey);
673 if (res != SHISHI_OK)
674 return res;
675
676 res = simplified_hmac (handle, checksumkey, in, inlen, out, outlen);
677
678 shishi_key_done (&checksumkey);
679
680 if (res != SHISHI_OK)
681 return res;
682
683 *outlen = cksumlen;
684
685 return SHISHI_OK;
686 }
687
688 int
689 _shishi_cipher_init (void)
690 {
691 #ifdef USE_GCRYPT
692 if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P) == 0)
693 {
694 if (gcry_check_version (GCRYPT_VERSION) == NULL)
695 return SHISHI_CRYPTO_INTERNAL_ERROR;
696 if (gcry_control (GCRYCTL_DISABLE_SECMEM, NULL, 0) != GPG_ERR_NO_ERROR)
697 return SHISHI_CRYPTO_INTERNAL_ERROR;
698 if (gcry_control (GCRYCTL_INITIALIZATION_FINISHED,
699 NULL, 0) != GPG_ERR_NO_ERROR)
700 return SHISHI_CRYPTO_INTERNAL_ERROR;
701 }
702 #endif
703
704 return SHISHI_OK;
705 }
706
707 typedef int (*Shishi_random_to_key_function) (Shishi * handle,
708 const char *random,
709 size_t randomlen,
710 Shishi_key * outkey);
711
712 typedef int (*Shishi_string_to_key_function) (Shishi * handle,
713 const char *password,
714 size_t passwordlen,
715 const char *salt,
716 size_t saltlen,
717 const char *parameter,
718 Shishi_key * outkey);
719
720 typedef int (*Shishi_encrypt_function) (Shishi * handle,
721 Shishi_key * key,
722 int keyusage,
723 const char *iv, size_t ivlen,
724 const char *in, size_t inlen,
725 char **out, size_t * outlen);
726
727 typedef int (*Shishi_decrypt_function) (Shishi * handle,
728 Shishi_key * key,
729 int keyusage,
730 const char *iv, size_t ivlen,
731 const char *in, size_t inlen,
732 char **out, size_t * outlen);
733
734 typedef int (*Shishi_checksum_function) (Shishi * handle,
735 Shishi_key * key,
736 int keyusage,
737 int cksumtype,
738 char *in, size_t inlen,
739 char **out, size_t * outlen);
740
741 #include "crypto-null.c"
742 #include "crypto-des.c"
743 #include "crypto-3des.c"
744 #include "crypto-aes.c"
745
746 struct cipherinfo
747 {
748 int32_t type;
749 char *name;
750 int blocksize;
751 int minpadsize;
752 int confoundersize;
753 int keylen;
754 int randomlen;
755 int defaultcksumtype;
756 Shishi_random_to_key_function random2key;
757 Shishi_string_to_key_function string2key;
758 Shishi_encrypt_function encrypt;
759 Shishi_decrypt_function decrypt;
760 };
761 typedef struct cipherinfo cipherinfo;
762
763 static cipherinfo null_info = {
764 0,
765 "NULL",
766 1,
767 0,
768 0,
769 0,
770 0,
771 SHISHI_RSA_MD5,
772 null_random_to_key,
773 null_string_to_key,
774 null_encrypt,
775 null_decrypt
776 };
777
778 static cipherinfo des_cbc_crc_info = {
779 1,
780 "des-cbc-crc",
781 8,
782 4,
783 8,
784 8,
785 8,
786 SHISHI_RSA_MD5_DES,
787 des_random_to_key,
788 des_string_to_key,
789 des_crc_encrypt,
790 des_crc_decrypt
791 };
792
793 static cipherinfo des_cbc_md4_info = {
794 2,
795 "des-cbc-md4",
796 8,
797 0,
798 8,
799 8,
800 8,
801 SHISHI_RSA_MD4_DES,
802 des_random_to_key,
803 des_string_to_key,
804 des_md4_encrypt,
805 des_md4_decrypt
806 };
807
808 static cipherinfo des_cbc_md5_info = {
809 3,
810 "des-cbc-md5",
811 8,
812 0,
813 8,
814 8,
815 8,
816 SHISHI_RSA_MD5_DES,
817 des_random_to_key,
818 des_string_to_key,
819 des_md5_encrypt,
820 des_md5_decrypt
821 };
822
823 static cipherinfo des_cbc_none_info = {
824 4,
825 "des-cbc-none",
826 8,
827 0,
828 8,
829 3 * 8,
830 3 * 8,
831 SHISHI_RSA_MD5_DES,
832 des_random_to_key,
833 des_string_to_key,
834 des_none_encrypt,
835 des_none_decrypt
836 };
837
838 static cipherinfo des3_cbc_sha1_kd_info = {
839 16,
840 "des3-cbc-sha1-kd",
841 8,
842 0,
843 8,
844 3 * 8,
845 3 * 8,
846 SHISHI_HMAC_SHA1_DES3_KD,
847 des3_random_to_key,
848 des3_string_to_key,
849 _des3_encrypt,
850 _des3_decrypt
851 };
852
853 static cipherinfo des3_cbc_none_info = {
854 6,
855 "des3-cbc-none",
856 8,
857 0,
858 8,
859 3 * 8,
860 3 * 8,
861 SHISHI_HMAC_SHA1_DES3_KD,
862 des3_random_to_key,
863 des3_string_to_key,
864 des3none_encrypt,
865 des3none_decrypt
866 };
867
868 static cipherinfo aes128_cts_hmac_sha1_96_info = {
869 17,
870 "aes128-cts-hmac-sha1-96",
871 16,
872 0,
873 16,
874 128 / 8,
875 128 / 8,
876 SHISHI_HMAC_SHA1_96_AES128,
877 aes128_random_to_key,
878 aes128_string_to_key,
879 aes128_encrypt,
880 aes128_decrypt
881 };
882
883 static cipherinfo aes256_cts_hmac_sha1_96_info = {
884 18,
885 "aes256-cts-hmac-sha1-96",
886 16,
887 0,
888 16,
889 256 / 8,
890 256 / 8,
891 SHISHI_HMAC_SHA1_96_AES256,
892 aes256_random_to_key,
893 aes256_string_to_key,
894 aes256_encrypt,
895 aes256_decrypt
896 };
897
898 static cipherinfo *ciphers[] = {
899 &null_info,
900 &des_cbc_crc_info,
901 &des_cbc_md4_info,
902 &des_cbc_md5_info,
903 &des_cbc_none_info,
904 &des3_cbc_none_info,
905 &des3_cbc_sha1_kd_info,
906 &aes128_cts_hmac_sha1_96_info,
907 &aes256_cts_hmac_sha1_96_info
908 };
909
910 /**
911 * shishi_cipher_supported_p:
912 * @type: encryption type, see Shishi_etype.
913 *
914 * Return value: Return 0 iff cipher is unsupported.
915 **/
916 int
917 shishi_cipher_supported_p (int32_t type)
918 {
919 size_t i;
920
921 for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
922 if (type == ciphers[i]->type)
923 return 1;
924
925 return 0;
926 }
927
928 /**
929 * shishi_cipher_name:
930 * @type: encryption type, see Shishi_etype.
931 *
932 * Return value: Return name of encryption type,
933 * e.g. "des3-cbc-sha1-kd", as defined in the standards.
934 **/
935 const char *
936 shishi_cipher_name (int32_t type)
937 {
938 size_t i;
939 char *p;
940
941 for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
942 {
943 if (type == ciphers[i]->type)
944 return ciphers[i]->name;
945 }
946
947 asprintf (&p, "unknown cipher %d", type);
948 return p;
949 }
950
951 /**
952 * shishi_cipher_blocksize:
953 * @type: encryption type, see Shishi_etype.
954 *
955 * Return value: Return block size for encryption type, as defined in
956 * the standards.
957 **/
958 int
959 shishi_cipher_blocksize (int32_t type)
960 {
961 size_t i;
962
963 for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
964 if (type == ciphers[i]->type)
965 return ciphers[i]->blocksize;
966
967 return -1;
968 }
969
970 /**
971 * shishi_cipher_minpadsize:
972 * @type: encryption type, see Shishi_etype.
973 *
974 * Return value: Return the minimum pad size for encryption type, as
975 * defined in the standards.
976 **/
977 int
978 shishi_cipher_minpadsize (int32_t type)
979 {
980 size_t i;
981
982 for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
983 if (type == ciphers[i]->type)
984 return ciphers[i]->minpadsize;
985
986 return -1;
987 }
988
989 /**
990 * shishi_cipher_confoundersize:
991 * @type: encryption type, see Shishi_etype.
992 *
993 * Return value: Returns the size of the confounder (random data) for
994 * encryption type, as defined in the standards.
995 **/
996 int
997 shishi_cipher_confoundersize (int32_t type)
998 {
999 size_t i;
1000
1001 for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
1002 if (type == ciphers[i]->type)
1003 return ciphers[i]->confoundersize;
1004
1005 return -1;
1006 }
1007
1008 /**
1009 * shishi_cipher_keylen:
1010 * @type: encryption type, see Shishi_etype.
1011 *
1012 * Return value: Return length of key used for the encryption type, as
1013 * defined in the standards.
1014 **/
1015 size_t
1016 shishi_cipher_keylen (int32_t type)
1017 {
1018 size_t i;
1019
1020 for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
1021 if (type == ciphers[i]->type)
1022 return ciphers[i]->keylen;
1023
1024 return -1;
1025 }
1026
1027 /**
1028 * shishi_cipher_randomlen:
1029 * @type: encryption type, see Shishi_etype.
1030 *
1031 * Return value: Return length of random used for the encryption type,
1032 * as defined in the standards.
1033 **/
1034 size_t
1035 shishi_cipher_randomlen (int32_t type)
1036 {
1037 size_t i;
1038
1039 for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
1040 if (type == ciphers[i]->type)
1041 return ciphers[i]->randomlen;
1042
1043 return -1;
1044 }
1045
1046 /**
1047 * shishi_cipher_defaultcksumtype:
1048 * @type: encryption type, see Shishi_etype.
1049 *
1050 * Return value: Return associated checksum mechanism for the
1051 * encryption type, as defined in the standards.
1052 **/
1053 int
1054 shishi_cipher_defaultcksumtype (int32_t type)
1055 {
1056 size_t i;
1057
1058 for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
1059 if (type == ciphers[i]->type)
1060 return ciphers[i]->defaultcksumtype;
1061
1062 return -1;
1063 }
1064
1065 /**
1066 * shishi_cipher_parse:
1067 * @cipher: name of encryption type, e.g. "des3-cbc-sha1-kd".
1068 *
1069 * Return value: Return encryption type corresponding to a string.
1070 **/
1071 int
1072 shishi_cipher_parse (const char *cipher)
1073 {
1074 size_t i;
1075 char *endptr;
1076
1077 i = strtol (cipher, &endptr, 0);
1078
1079 if (endptr != cipher)
1080 return i;
1081
1082 for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
1083 if (strcasecmp (cipher, ciphers[i]->name) == 0)
1084 return ciphers[i]->type;
1085
1086 return -1;
1087 }
1088
1089 static Shishi_random_to_key_function
1090 _shishi_cipher_random_to_key (int32_t type)
1091 {
1092 size_t i;
1093
1094 for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
1095 if (type == ciphers[i]->type)
1096 return ciphers[i]->random2key;
1097
1098 return NULL;
1099 }
1100
1101 static Shishi_string_to_key_function
1102 _shishi_cipher_string_to_key (int32_t type)
1103 {
1104 size_t i;
1105
1106 for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
1107 if (type == ciphers[i]->type)
1108 return ciphers[i]->string2key;
1109
1110 return NULL;
1111 }
1112
1113 static Shishi_encrypt_function
1114 _shishi_cipher_encrypt (int32_t type)
1115 {
1116 size_t i;
1117
1118 for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
1119 if (type == ciphers[i]->type)
1120 return ciphers[i]->encrypt;
1121
1122 return NULL;
1123 }
1124
1125 static Shishi_decrypt_function
1126 _shishi_cipher_decrypt (int32_t type)
1127 {
1128 size_t i;
1129
1130 for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
1131 if (type == ciphers[i]->type)
1132 return ciphers[i]->decrypt;
1133
1134 return NULL;
1135 }
1136
1137 struct checksuminfo
1138 {
1139 int32_t type;
1140 char *name;
1141 int cksumlen;
1142 Shishi_checksum_function checksum;
1143 };
1144 typedef struct checksuminfo checksuminfo;
1145
1146 static checksuminfo md4_info = {
1147 SHISHI_RSA_MD4_DES,
1148 "rsa-md4-des",
1149 24,
1150 des_md4_checksum
1151 };
1152
1153 static checksuminfo md5_info = {
1154 SHISHI_RSA_MD5_DES,
1155 "rsa-md5-des",
1156 24,
1157 des_md5_checksum
1158 };
1159
1160 static checksuminfo md5_gss_info = {
1161 SHISHI_RSA_MD5_DES_GSS,
1162 "rsa-md5-des-gss",
1163 8,
1164 gss_des_checksum
1165 };
1166
1167 static checksuminfo hmac_sha1_des3_kd_info = {
1168 SHISHI_HMAC_SHA1_DES3_KD,
1169 "hmac-sha1-des3-kd",
1170 20,
1171 des3_checksum
1172 };
1173
1174 static checksuminfo hmac_sha1_96_aes128_info = {
1175 SHISHI_HMAC_SHA1_96_AES128,
1176 "hmac-sha1-96-aes128",
1177 96 / 8,
1178 aes128_checksum
1179 };
1180
1181 static checksuminfo hmac_sha1_96_aes256_info = {
1182 SHISHI_HMAC_SHA1_96_AES256,
1183 "hmac-sha1-96-aes256",
1184 96 / 8,
1185 aes256_checksum
1186 };
1187
1188 static checksuminfo *checksums[] = {
1189 &md4_info,
1190 &md5_info,
1191 &md5_gss_info,
1192 &hmac_sha1_des3_kd_info,
1193 &hmac_sha1_96_aes128_info,
1194 &hmac_sha1_96_aes256_info
1195 };
1196
1197 /**
1198 * shishi_checksum_supported_p:
1199 * @type: encryption type, see Shishi_etype.
1200 *
1201 * Return value: Return 0 iff checksum is unsupported.
1202 **/
1203 int
1204 shishi_checksum_supported_p (int32_t type)
1205 {
1206 size_t i;
1207
1208 for (i = 0; i < sizeof (checksums) / sizeof (checksums[0]); i++)
1209 if (type == checksums[i]->type)
1210 return 1;
1211
1212 return 0;
1213 }
1214
1215 /**
1216 * shishi_checksum_name:
1217 * @type: encryption type, see Shishi_etype.
1218 *
1219 * Return value: Return name of checksum type,
1220 * e.g. "hmac-sha1-96-aes256", as defined in the standards.
1221 **/
1222 const char *
1223 shishi_checksum_name (int32_t type)
1224 {
1225 size_t i;
1226 char *p;
1227
1228 for (i = 0; i < sizeof (checksums) / sizeof (checksums[0]); i++)
1229 {
1230 if (type == checksums[i]->type)
1231 return checksums[i]->name;
1232 }
1233
1234 asprintf (&p, "unknown checksum %d", type);
1235 return p;
1236 }
1237
1238 /**
1239 * shishi_checksum_cksumlen:
1240 * @type: encryption type, see Shishi_etype.
1241 *
1242 * Return value: Return length of checksum used for the encryption type,
1243 * as defined in the standards.
1244 **/
1245 size_t
1246 shishi_checksum_cksumlen (int32_t type)
1247 {
1248 size_t i;
1249
1250 for (i = 0; i < sizeof (checksums) / sizeof (checksums[0]); i++)
1251 if (type == checksums[i]->type)
1252 return checksums[i]->cksumlen;
1253
1254 return -1;
1255 }
1256
1257 /**
1258 * shishi_checksum_parse:
1259 * @checksum: name of checksum type, e.g. "hmac-sha1-96-aes256".
1260 *
1261 * Return value: Return checksum type corresponding to a string.
1262 **/
1263 int
1264 shishi_checksum_parse (const char *checksum)
1265 {
1266 size_t i;
1267 char *endptr;
1268
1269 i = strtol (checksum, &endptr, 0);
1270
1271 if (endptr != checksum)
1272 return i;
1273
1274 for (i = 0; i < sizeof (checksums) / sizeof (checksums[0]); i++)
1275 if (strcasecmp (checksum, checksums[i]->name) == 0)
1276 return checksums[i]->type;
1277
1278 return -1;
1279 }
1280
1281 static Shishi_checksum_function
1282 _shishi_checksum (int32_t type)
1283 {
1284 size_t i;
1285
1286 for (i = 0; i < sizeof (checksums) / sizeof (checksums[0]); i++)
1287 if (type == checksums[i]->type)
1288 return checksums[i]->checksum;
1289
1290 return NULL;
1291 }
1292
1293 /**
1294 * shishi_string_to_key:
1295 * @handle: shishi handle as allocated by shishi_init().
1296 * @keytype: cryptographic encryption type, see Shishi_etype.
1297 * @password: input array with password.
1298 * @passwordlen: length of input array with password.
1299 * @salt: input array with salt.
1300 * @saltlen: length of input array with salt.
1301 * @parameter: input array with opaque encryption type specific information.
1302 * @outkey: allocated key handle that will contain new key.
1303 *
1304 * Derive key from a string (password) and salt (commonly
1305 * concatenation of realm and principal) for specified key type, and
1306 * set the type and value in the given key to the computed values.
1307 * The parameter value is specific for each keytype, and can be set if
1308 * the parameter information is not available.
1309 *
1310 * Return value: Returns %SHISHI_OK iff successful.
1311 **/
1312 int
1313 shishi_string_to_key (Shishi * handle,
1314 int32_t keytype,
1315 const char *password, size_t passwordlen,
1316 const char *salt, size_t saltlen,
1317 const char *parameter, Shishi_key * outkey)
1318 {
1319 Shishi_string_to_key_function string2key;
1320 int res;
1321
1322 shishi_key_type_set (outkey, keytype);
1323
1324 if (VERBOSECRYPTO (handle))
1325 {
1326 printf ("string_to_key (%s, password, salt)\n",
1327 shishi_key_name (outkey));
1328 printf ("\t ;; password:\n");
1329 escapeprint (password, passwordlen);
1330 hexprint (password, passwordlen);
1331 puts ("");
1332 printf ("\t ;; salt:\n");
1333 escapeprint (salt, saltlen);
1334 hexprint (salt, saltlen);
1335 puts ("");
1336 }
1337
1338 string2key = _shishi_cipher_string_to_key (shishi_key_type (outkey));
1339 if (string2key == NULL)
1340 {
1341 shishi_error_printf (handle, "Unsupported keytype %d",
1342 shishi_key_type (outkey));
1343 return SHISHI_CRYPTO_ERROR;
1344 }
1345
1346 res = (*string2key) (handle, password, passwordlen,
1347 salt, saltlen, parameter, outkey);
1348
1349 if (VERBOSECRYPTO (handle))
1350 {
1351 printf ("\t ;; string_to_key key:\n");
1352 hexprint (shishi_key_value (outkey), shishi_key_length (outkey));
1353 puts ("");
1354 binprint (shishi_key_value (outkey), shishi_key_length (outkey));
1355 puts ("");
1356 }
1357
1358 return res;
1359 }
1360
1361 /**
1362 * shishi_random_to_key:
1363 * @handle: shishi handle as allocated by shishi_init().
1364 * @keytype: cryptographic encryption type, see Shishi_etype.
1365 * @random: input array with random data.
1366 * @randomlen: length of input array with random data.
1367 * @outkey: allocated key handle that will contain new key.
1368 *
1369 * Derive key from random data for specified key type, and set the
1370 * type and value in the given key to the computed values.
1371 *
1372 * Return value: Returns %SHISHI_OK iff successful.
1373 **/
1374 int
1375 shishi_random_to_key (Shishi * handle,
1376 int32_t keytype,
1377 char *random, size_t randomlen, Shishi_key * outkey)
1378 {
1379 Shishi_random_to_key_function random2key;
1380 int res;
1381
1382 shishi_key_type_set (outkey, keytype);
1383
1384 if (VERBOSECRYPTO (handle))
1385 {
1386 printf ("random_to_key (%s, random)\n", shishi_key_name (outkey));
1387 printf ("\t ;; random:\n");
1388 hexprint (random, randomlen);
1389 puts ("");
1390 binprint (random, randomlen);
1391 puts ("");
1392 }
1393
1394 random2key = _shishi_cipher_random_to_key (keytype);
1395 if (random2key == NULL)
1396 {
1397 shishi_error_printf (handle, "Unsupported random_to_key() ekeytype %d",
1398 keytype);
1399 return SHISHI_CRYPTO_ERROR;
1400 }
1401
1402 res = (*random2key) (handle, random, randomlen, outkey);
1403
1404 if (VERBOSECRYPTO (handle))
1405 {
1406 printf ("\t ;; random_to_key key:\n");
1407 hexprint (shishi_key_value (outkey), shishi_key_length (outkey));
1408 puts ("");
1409 binprint (shishi_key_value (outkey), shishi_key_length (outkey));
1410 puts ("");
1411 }
1412
1413 return res;
1414 }
1415
1416 /**
1417 * shishi_checksum:
1418 * @handle: shishi handle as allocated by shishi_init().
1419 * @key: key to encrypt with.
1420 * @keyusage: integer specifying what this key is encrypting.
1421 * @cksumtype: the checksum algorithm to use.
1422 * @in: input array with data to integrity protect.
1423 * @inlen: size of input array with data to integrity protect.
1424 * @out: output array with integrity protected data.
1425 * @outlen: on input, holds maximum size of output array, on output,
1426 * holds actual size of output array.
1427 *
1428 * Integrity protect data using key, possibly altered by supplied key
1429 * usage. If key usage is 0, no key derivation is used.
1430 *
1431 * If OUT is NULL, this functions only set OUTLEN. This usage may be
1432 * used by the caller to allocate the proper buffer size.
1433 *
1434 * Return value: Returns %SHISHI_OK iff successful.
1435 **/
1436 int
1437 shishi_checksum (Shishi * handle,
1438 Shishi_key * key,
1439 int keyusage,
1440 int cksumtype,
1441 char *in, size_t inlen, char **out, size_t * outlen)
1442 {
1443 Shishi_checksum_function checksum;
1444 int res;
1445
1446 if (VERBOSECRYPTO (handle))
1447 {
1448 printf ("checksum (%s, %d, in, out)\n",
1449 shishi_key_name (key), cksumtype);
1450 printf ("\t ;; key (%d):\n", shishi_key_length (key));
1451 hexprint (shishi_key_value (key), shishi_key_length (key));
1452 puts ("");
1453 printf ("\t ;; in:\n");
1454 escapeprint (in, inlen);
1455 hexprint (in, inlen);
1456 puts ("");
1457 }
1458
1459 if (cksumtype == 0)
1460 cksumtype = shishi_cipher_defaultcksumtype (shishi_key_type (key));
1461
1462 checksum = _shishi_checksum (cksumtype);
1463 if (checksum == NULL)
1464 {
1465 shishi_error_printf (handle, "Unsupported checksum type %d", cksumtype);
1466 return SHISHI_CRYPTO_ERROR;
1467 }
1468
1469 res = (*checksum) (handle, key, keyusage, cksumtype, in, inlen, out, outlen);
1470
1471 if (VERBOSECRYPTO (handle))
1472 {
1473 printf ("\t ;; checksum out:\n");
1474 escapeprint (*out, *outlen);
1475 hexprint (*out, *outlen);
1476 puts ("");
1477 }
1478
1479 return res;
1480 }
1481
1482 /**
1483 * shishi_encrypt_iv_etype:
1484 * @handle: shishi handle as allocated by shishi_init().
1485 * @key: key to encrypt with.
1486 * @keyusage: integer specifying what this key is encrypting.
1487 * @etype: integer specifying what decryption method to use.
1488 * @iv: input array with initialization vector.
1489 * @ivlen: size of input array with initialization vector.
1490 * @in: input array with data to encrypt.
1491 * @inlen: size of input array with data to encrypt.
1492 * @out: output array with encrypted data.
1493 * @outlen: on input, holds maximum size of output array, on output,
1494 * holds actual size of output array.
1495 *
1496 * Encrypts data using key, possibly altered by supplied key usage.
1497 * If key usage is 0, no key derivation is used.
1498 *
1499 * If OUT is NULL, this functions only set OUTLEN. This usage may be
1500 * used by the caller to allocate the proper buffer size.
1501 *
1502 * Return value: Returns %SHISHI_OK iff successful.
1503 **/
1504 int
1505 shishi_encrypt_iv_etype (Shishi * handle,
1506 Shishi_key * key,
1507 int keyusage,
1508 int32_t etype,
1509 char *iv, size_t ivlen,
1510 char *in, size_t inlen, char **out, size_t * outlen)
1511 {
1512 Shishi_encrypt_function encrypt;
1513 int res;
1514
1515 if (VERBOSECRYPTO (handle))
1516 {
1517 printf ("encrypt (type=%s, usage=%d, key, in)\n",
1518 shishi_key_name (key), keyusage);
1519 printf ("\t ;; key (%d):\n", shishi_key_length (key));
1520 hexprint (shishi_key_value (key), shishi_key_length (key));
1521 puts ("");
1522 printf ("\t ;; in (%d):\n", inlen);
1523 escapeprint (in, inlen);
1524 hexprint (in, inlen);
1525 puts ("");
1526 }
1527
1528 encrypt = _shishi_cipher_encrypt (etype);
1529 if (encrypt == NULL)
1530 {
1531 shishi_error_printf (handle, "Unsupported keytype %d",
1532 shishi_key_type (key));
1533 return SHISHI_CRYPTO_ERROR;
1534 }
1535
1536 res = (*encrypt) (handle, key, keyusage, iv, ivlen, in, inlen, out, outlen);
1537
1538 if (VERBOSECRYPTO (handle))
1539 {
1540 printf ("\t ;; encrypt out:\n");
1541 escapeprint (*out, *outlen);
1542 hexprint (*out, *outlen);
1543 puts ("");
1544 }
1545
1546 return res;
1547 }
1548
1549 /**
1550 * shishi_encrypt:
1551 * @handle: shishi handle as allocated by shishi_init().
1552 * @key: key to encrypt with.
1553 * @keyusage: integer specifying what this key is encrypting.
1554 * @in: input array with data to encrypt.
1555 * @inlen: size of input array with data to encrypt.
1556 * @out: output array with encrypted data.
1557 * @outlen: on input, holds maximum size of output array, on output,
1558 * holds actual size of output array.
1559 *
1560 * Encrypts data using key, possibly altered by supplied key usage.
1561 * If key usage is 0, no key derivation is used.
1562 *
1563 * If OUT is NULL, this functions only set OUTLEN. This usage may be
1564 * used by the caller to allocate the proper buffer size.
1565 *
1566 * Return value: Returns %SHISHI_OK iff successful.
1567 **/
1568 int
1569 shishi_encrypt_iv (Shishi * handle,
1570 Shishi_key * key,
1571 int keyusage,
1572 char *iv, size_t ivlen,
1573 char *in, size_t inlen, char **out, size_t * outlen)
1574 {
1575 return shishi_encrypt_iv_etype (handle, key, keyusage,
1576 shishi_key_type (key), NULL, 0, in, inlen,
1577 out, outlen);
1578 }
1579
1580 /**
1581 * shishi_encrypt:
1582 * @handle: shishi handle as allocated by shishi_init().
1583 * @key: key to encrypt with.
1584 * @keyusage: integer specifying what this key is encrypting.
1585 * @in: input array with data to encrypt.
1586 * @inlen: size of input array with data to encrypt.
1587 * @out: output array with encrypted data.
1588 * @outlen: on input, holds maximum size of output array, on output,
1589 * holds actual size of output array.
1590 *
1591 * Encrypts data using key, possibly altered by supplied key usage.
1592 * If key usage is 0, no key derivation is used.
1593 *
1594 * If OUT is NULL, this functions only set OUTLEN. This usage may be
1595 * used by the caller to allocate the proper buffer size.
1596 *
1597 * Return value: Returns %SHISHI_OK iff successful.
1598 **/
1599 int
1600 shishi_encrypt (Shishi * handle,
1601 Shishi_key * key,
1602 int keyusage,
1603 char *in, size_t inlen, char **out, size_t * outlen)
1604 {
1605 return shishi_encrypt_iv (handle, key, keyusage, NULL, 0,
1606 in, inlen, out, outlen);
1607 }
1608
1609 /**
1610 * shishi_decrypt_iv_etype:
1611 * @handle: shishi handle as allocated by shishi_init().
1612 * @key: key to decrypt with.
1613 * @keyusage: integer specifying what this key is decrypting.
1614 * @etype: integer specifying what decryption method to use.
1615 * @iv: input array with initialization vector.
1616 * @ivlen: size of input array with initialization vector.
1617 * @in: input array with data to decrypt.
1618 * @inlen: size of input array with data to decrypt.
1619 * @out: output array with decrypted data.
1620 * @outlen: on input, holds maximum size of output array, on output,
1621 * holds actual size of output array.
1622 *
1623 * Decrypts data using key, possibly altered by supplied key usage.
1624 * If key usage is 0, no key derivation is used.
1625 *
1626 * If OUT is NULL, this functions only set OUTLEN. This usage may be
1627 * used by the caller to allocate the proper buffer size.
1628 *
1629 * Return value: Returns %SHISHI_OK iff successful.
1630 **/
1631 int
1632 shishi_decrypt_iv_etype (Shishi * handle,
1633 Shishi_key * key,
1634 int keyusage,
1635 int32_t etype,
1636 char *iv, size_t ivlen,
1637 char *in, size_t inlen, char **out, size_t * outlen)
1638 {
1639 Shishi_decrypt_function decrypt;
1640 int res;
1641
1642 if (VERBOSECRYPTO (handle))
1643 {
1644 printf ("decrypt (type=%s, usage=%d, key, in, out)\n",
1645 shishi_key_name (key), keyusage);
1646 printf ("\t ;; key (%d):\n", shishi_key_length (key));
1647 hexprint (shishi_key_value (key), shishi_key_length (key));
1648 puts ("");
1649 printf ("\t ;; in (%d):\n", inlen);
1650 escapeprint (in, inlen);
1651 hexprint (in, inlen);
1652 puts ("");
1653 }
1654
1655 decrypt = _shishi_cipher_decrypt (etype);
1656 if (decrypt == NULL)
1657 {
1658 shishi_error_printf (handle, "Unsupported keytype %d",
1659 shishi_key_type (key));
1660 return SHISHI_CRYPTO_ERROR;
1661 }
1662
1663 res = (*decrypt) (handle, key, keyusage, iv, ivlen, in, inlen, out, outlen);
1664
1665 if (VERBOSECRYPTO (handle))
1666 {
1667 printf ("\t ;; decrypt out:\n");
1668 escapeprint (*out, *outlen);
1669 hexprint (*out, *outlen);
1670 puts ("");
1671 }
1672
1673 return res;
1674 }
1675
1676 /**
1677 * shishi_decrypt_iv:
1678 * @handle: shishi handle as allocated by shishi_init().
1679 * @key: key to decrypt with.
1680 * @keyusage: integer specifying what this key is decrypting.
1681 * @iv: input array with initialization vector.
1682 * @ivlen: size of input array with initialization vector.
1683 * @in: input array with data to decrypt.
1684 * @inlen: size of input array with data to decrypt.
1685 * @out: output array with decrypted data.
1686 * @outlen: on input, holds maximum size of output array, on output,
1687 * holds actual size of output array.
1688 *
1689 * Decrypts data using key, possibly altered by supplied key usage.
1690 * If key usage is 0, no key derivation is used.
1691 *
1692 * If OUT is NULL, this functions only set OUTLEN. This usage may be
1693 * used by the caller to allocate the proper buffer size.
1694 *
1695 * Return value: Returns %SHISHI_OK iff successful.
1696 **/
1697 int
1698 shishi_decrypt_iv (Shishi * handle,
1699 Shishi_key * key,
1700 int keyusage,
1701 char *iv, size_t ivlen,
1702 char *in, size_t inlen, char **out, size_t * outlen)
1703 {
1704 return shishi_decrypt_iv_etype (handle, key, keyusage,
1705 shishi_key_type (key),
1706 iv, ivlen, in, inlen, out, outlen);
1707 }
1708
1709 /**
1710 * shishi_decrypt:
1711 * @handle: shishi handle as allocated by shishi_init().
1712 * @key: key to decrypt with.
1713 * @keyusage: integer specifying what this key is decrypting.
1714 * @in: input array with data to decrypt.
1715 * @inlen: size of input array with data to decrypt.
1716 * @out: output array with decrypted data.
1717 * @outlen: on input, holds maximum size of output array, on output,
1718 * holds actual size of output array.
1719 *
1720 * Decrypts data using key, possibly altered by supplied key usage.
1721 * If key usage is 0, no key derivation is used.
1722 *
1723 * If OUT is NULL, this functions only set OUTLEN. This usage may be
1724 * used by the caller to allocate the proper buffer size.
1725 *
1726 * Return value: Returns %SHISHI_OK iff successful.
1727 **/
1728 int
1729 shishi_decrypt (Shishi * handle,
1730 Shishi_key * key,
1731 int keyusage,
1732 char *in, size_t inlen, char **out, size_t * outlen)
1733 {
1734 return shishi_decrypt_iv (handle, key, keyusage, NULL, 0,
1735 in, inlen, out, outlen);
1736 }
1737
1738 /**
1739 * shishi_randomize:
1740 * @handle: shishi handle as allocated by shishi_init().
1741 * @data: output array to be filled with random data.
1742 * @datalen: size of output array.
1743 *
1744 * Store cryptographically strong random data of given size in the
1745 * provided buffer.
1746 *
1747 * Return value: Returns %SHISHI_OK iff successful.
1748 **/
1749 int
1750 shishi_randomize (Shishi * handle, char *data, size_t datalen)
1751 {
1752 #ifdef USE_GCRYPT
1753 gcry_randomize (data, datalen, GCRY_STRONG_RANDOM);
1754 #else
1755 int fd;
1756 char *device;
1757
1758 device = "/dev/urandom";
1759
1760 fd = open (device, O_RDONLY);
1761 if (fd < 0)
1762 {
1763 shishi_error_printf(handle, "Could not open random device: %s\n",
1764 strerror (errno));
1765 return SHISHI_FOPEN_ERROR;
1766 }
1767 else
1768 {
1769 read (fd, data, datalen);
1770 close (fd);
1771 }
1772 #endif
1773
1774 return SHISHI_OK;
1775 }
1776
1777 /**
1778 * shishi_n_fold:
1779 * @handle: shishi handle as allocated by shishi_init().
1780 * @in: input array with data to decrypt.
1781 * @inlen: size of input array with data to decrypt ("M").
1782 * @out: output array with decrypted data.
1783 * @outlen: size of output array ("N").
1784 *
1785 * Fold data into a fixed length output array, with the intent to give
1786 * each input bit approximately equal weight in determining the value
1787 * of each output bit.
1788 *
1789 * The algorithm is from "A Better Key Schedule For DES-like Ciphers"
1790 * by Uri Blumenthal and Steven M. Bellovin,
1791 * <URL:http://www.research.att.com/~smb/papers/ides.pdf>, although
1792 * the sample vectors provided by the paper are incorrect.
1793 *
1794 * Return value: Returns %SHISHI_OK iff successful.
1795 **/
1796 int
1797 shishi_n_fold (Shishi * handle,
1798 char *in, size_t inlen, char *out, size_t outlen)
1799 {
1800 int m = inlen;
1801 int n = outlen;
1802 char *buf = NULL;
1803 char *a = NULL;
1804 int lcmmn = 0;
1805 int i = 0;
1806
1807 /*
1808 To n-fold a number X, replicate the input value to a length that is
1809 the least common multiple of n and the length of X. Before each
1810 repetition, the input is rotated to the right by 13 bit
1811 positions. The successive n-bit chunks are added together using
1812 1's-complement addition (that is, addition with end-around carry)
1813 to yield a n-bit result denoted <X>_n.
1814 */
1815
1816 a = (char *) malloc (m);
1817 if (a == NULL)
1818 return SHISHI_MALLOC_ERROR;
1819 memcpy (a, in, m);
1820
1821 lcmmn = lcm (m, n);
1822
1823 if (VERBOSECRYPTO (handle))
1824 {
1825 printf ("%d-fold (string)\n", n * 8);
1826 printf ("\t ;; string length %d bytes %d bits\n", m, m * 8);
1827 escapeprint (a, m);
1828 hexprint (a, m);
1829 puts ("");
1830 printf ("\t ;; lcm(%d, %d) = lcm(%d, %d) = %d\n",
1831 8 * m, 8 * n, m, n, lcmmn);
1832 puts ("");
1833 }
1834
1835 buf = (char *) malloc (lcmmn);
1836 if (buf == NULL)
1837 return SHISHI_MALLOC_ERROR;
1838
1839 /* Replicate the input th the LCMMN length */
1840 for (i = 0; i < (lcmmn / m); i++)
1841 {
1842 if (VERBOSECRYPTO (handle))
1843 {
1844 printf ("\t ;; %d-th replication\n", i + 1);
1845 printf ("string = rot13(string)\n");
1846 }
1847
1848 memcpy ((char *) &buf[i * m], a, m);
1849 rot13 (handle, a, a, m);
1850
1851 if (VERBOSECRYPTO (handle))
1852 puts ("");
1853 }
1854
1855 memset (out, 0, n); /* just in case */
1856
1857 if (VERBOSECRYPTO (handle))
1858 {
1859 printf ("\t ;; replicated string (length %d):\n", lcmmn);
1860 hexprint (buf, lcmmn);
1861 puts ("");
1862 binprint (buf, lcmmn);
1863 puts ("");
1864 printf ("sum = 0\n");
1865 }
1866
1867 /* Now we view the buf as set of n-byte strings
1868 Add the n-byte long chunks together, using
1869 one's complement addition, storing the
1870 result in the output string. */
1871
1872 for (i = 0; i < (lcmmn / n); i++)
1873 {
1874 if (VERBOSECRYPTO (handle))
1875 {
1876 printf ("\t ;; %d-th one's complement addition sum\n", i + 1);
1877 printf ("\t ;; sum:\n");
1878 hexprint (out, n);
1879 puts ("");
1880 binprint (out, n);
1881 puts ("");
1882 printf ("\t ;; A (offset %d):\n", i * n);
1883 hexprint (&buf[i * n], n);
1884 puts ("");
1885 binprint (&buf[i * n], n);
1886 puts ("");
1887 printf ("sum = ocadd(sum, A);\n");
1888 }
1889
1890 ocadd (out, (char *) &buf[i * n], out, n);
1891
1892 if (VERBOSECRYPTO (handle))
1893 {
1894 printf ("\t ;; sum:\n");
1895 hexprint (out, n);
1896 puts ("");
1897 binprint (out, n);
1898 puts ("");
1899 puts ("");
1900 }
1901 }
1902
1903 if (VERBOSECRYPTO (handle))
1904 {
1905 printf ("\t ;; nfold\n");
1906 hexprint (out, n);
1907 puts ("");
1908 binprint (out, n);
1909 puts ("");
1910 puts ("");
1911 }
1912
1913 free (buf);
1914 free (a);
1915
1916 return SHISHI_OK;
1917 }
1918
1919 #define MAX_DR_CONSTANT 1024
1920
1921 /**
1922 * shishi_dr:
1923 * @handle: shishi handle as allocated by shishi_init().
1924 * @etype: cryptographic encryption type, see Shishi_etype.
1925 * @key: input array with cryptographic key to use.
1926 * @keylen: size of input array with cryptographic key.
1927 * @constant: input array with the constant string.
1928 * @constantlen: size of input array with the constant string.
1929 * @derivedrandom: output array with derived random data.
1930 * @derivedrandomlen: size of output array with derived random data.
1931 *
1932 * Derive "random" data from a key and a constant thusly:
1933 * DR(KEY, CONSTANT) = TRUNCATE(DERIVEDRANDOMLEN,
1934 * SHISHI_ENCRYPT(KEY, CONSTANT)).
1935 *
1936 * Return value: Returns %SHISHI_OK iff successful.
1937 **/
1938 int
1939 shishi_dr (Shishi * handle,
1940 Shishi_key * key,
1941 char *constant, size_t constantlen,
1942 char *derivedrandom, size_t derivedrandomlen)
1943 {
1944 char *cipher;
1945 char plaintext[MAX_DR_CONSTANT];
1946 char nfoldconstant[MAX_DR_CONSTANT];
1947 int blocksize = shishi_cipher_blocksize (shishi_key_type (key));
1948 size_t totlen, cipherlen;
1949 int res;
1950
1951 if (VERBOSECRYPTO (handle))
1952 {
1953 printf ("dr (%s, key, constant, %d)\n",
1954 shishi_cipher_name (shishi_key_type (key)), derivedrandomlen);
1955 printf ("\t ;; key (length %d):\n", shishi_key_type (key));
1956 hexprint (shishi_key_value (key), shishi_key_type (key));
1957 puts ("");
1958 binprint (shishi_key_value (key), shishi_key_type (key));
1959 puts ("");
1960 printf ("\t ;; constant %s':\n", constant);
1961 escapeprint (constant, constantlen);
1962 hexprint (constant, constantlen);
1963 puts ("");
1964 binprint (constant, constantlen);
1965 puts ("");
1966 puts ("");
1967 }
1968
1969 if (constantlen > MAX_DR_CONSTANT)
1970 return SHISHI_TOO_SMALL_BUFFER;
1971
1972 if (constantlen == blocksize)
1973 {
1974 memcpy (nfoldconstant, constant, constantlen);
1975 }
1976 else
1977 {
1978 res = shishi_n_fold (handle, constant, constantlen, nfoldconstant,
1979 blocksize);
1980 if (res != SHISHI_OK)
1981 return res;
1982 }
1983
1984 if (VERBOSECRYPTO (handle))
1985 {
1986 printf ("\t ;; possibly nfolded constant (length %d):\n", blocksize);
1987 escapeprint (nfoldconstant, blocksize);
1988 hexprint (nfoldconstant, blocksize);
1989 puts ("");
1990 binprint (nfoldconstant, blocksize);
1991 puts ("");
1992 }
1993
1994 memcpy (plaintext, nfoldconstant, blocksize);
1995
1996 totlen = 0;
1997 do
1998 {
1999 res = shishi_encrypt (handle, key, 0, plaintext, blocksize,
2000 &cipher, &cipherlen);
2001 if (res != SHISHI_OK)
2002 return res;
2003 if (cipherlen != blocksize)
2004 return SHISHI_CRYPTO_ERROR;
2005 memcpy (derivedrandom + totlen, cipher, cipherlen);
2006 memcpy (plaintext, cipher, cipherlen);
2007 free (cipher);
2008 totlen += cipherlen;
2009 }
2010 while (totlen < derivedrandomlen);
2011
2012 if (VERBOSECRYPTO (handle))
2013 {
2014 printf ("\t ;; derived random (length %d):\n", derivedrandomlen);
2015 hexprint (derivedrandom, derivedrandomlen);
2016 puts ("");
2017 binprint (derivedrandom, derivedrandomlen);
2018 puts ("");
2019 }
2020
2021 return SHISHI_OK;
2022 }
2023
2024 /**
2025 * shishi_dk:
2026 * @handle: shishi handle as allocated by shishi_init().
2027 * @etype: cryptographic encryption type, see Shishi_etype.
2028 * @key: input array with cryptographic key to use.
2029 * @keylen: size of input array with cryptographic key.
2030 * @constant: input array with the constant string.
2031 * @constantlen: size of input array with the constant string.
2032 * @derivedkey: output array with derived key.
2033 * @derivedkeylen: size of output array with derived key.
2034 *
2035 * Derive a key from a key and a constant thusly:
2036 * DK(KEY, CONSTANT) = SHISHI_RANDOM-TO-KEY(SHISHI_DR(KEY, CONSTANT)).
2037 *
2038 * Return value: Returns %SHISHI_OK iff successful.
2039 **/
2040 int
2041 shishi_dk (Shishi * handle,
2042 Shishi_key * key,
2043 char *constant, int constantlen, Shishi_key * derivedkey)
2044 {
2045 char random[MAX_RANDOM_LEN];
2046 int res;
2047
2048 if (VERBOSECRYPTO (handle))
2049 {
2050 printf ("dk (%s, key, constant)\n", shishi_key_name (key));
2051 printf ("\t ;; key (length %d):\n", shishi_key_length (key));
2052 hexprint (shishi_key_value (key), shishi_key_length (key));
2053 puts ("");
2054 binprint (shishi_key_value (key), shishi_key_length (key));
2055 puts ("");
2056 printf ("\t ;; constant:\n");
2057 escapeprint (constant, constantlen);
2058 hexprint (constant, constantlen);
2059 puts ("");
2060 binprint (constant, constantlen);
2061 puts ("");
2062 puts ("");
2063 }
2064
2065 shishi_key_type_set (derivedkey, shishi_key_type (key));
2066
2067 res = shishi_dr (handle, key, constant, constantlen, random,
2068 shishi_key_length (derivedkey));
2069 if (res != SHISHI_OK)
2070 return res;
2071
2072 res = shishi_random_to_key (handle, shishi_key_type (derivedkey),
2073 random, shishi_key_length (derivedkey),
2074 derivedkey);
2075 if (res != SHISHI_OK)
2076 return res;
2077
2078 return SHISHI_OK;
2079 }
Free Kerberos V5 implementation