Branch data Line data Source code
1 : : /* crypto.c --- Crypto functions.
2 : : * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Simon Josefsson
3 : : *
4 : : * This file is part of Shishi.
5 : : *
6 : : * Shishi is free software; you can redistribute it and/or modify it
7 : : * under the terms of the GNU General Public License as published by
8 : : * the Free Software Foundation; either version 3 of the License, or
9 : : * (at your option) any later version.
10 : : *
11 : : * Shishi is distributed in the hope that it will be useful, but
12 : : * WITHOUT ANY WARRANTY; without even the implied warranty of
13 : : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : : * GNU General Public License for more details.
15 : : *
16 : : * You should have received a copy of the GNU General Public License
17 : : * along with Shishi; if not, see http://www.gnu.org/licenses or write
18 : : * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
19 : : * Floor, Boston, MA 02110-1301, USA
20 : : *
21 : : */
22 : :
23 : : #include "internal.h"
24 : :
25 : : /* Get prototypes. */
26 : : #include "crypto.h"
27 : :
28 : : /* Get _shishi_escapeprint, etc. */
29 : : #include "utils.h"
30 : :
31 : : static int
32 : 2770 : gcd (int a, int b)
33 : : {
34 [ + + ]: 2770 : if (b == 0)
35 : 664 : return a;
36 : : else
37 : 2770 : return gcd (b, a % b);
38 : : }
39 : :
40 : : static int
41 : 664 : lcm (int a, int b)
42 : : {
43 : 664 : return a * b / gcd (a, b);
44 : : }
45 : :
46 : : static void
47 : 9889 : rot13 (Shishi * handle, char *in, char *out, int len)
48 : : {
49 [ - + ]: 9889 : if (VERBOSECRYPTONOISE (handle))
50 : : {
51 : 0 : printf ("\t ;; rot 13 in:\n");
52 : 0 : _shishi_escapeprint (in, len);
53 : 0 : _shishi_hexprint (in, len);
54 : 0 : _shishi_binprint (in, len);
55 : : }
56 : :
57 [ + + ]: 9889 : if (len == 1)
58 : : {
59 : 45 : out[0] =
60 : 45 : ((in[0] >> 5) & 0x01) |
61 : : ((in[0] >> 5) & 0x02) |
62 : : ((in[0] >> 5) & 0x04) |
63 : 45 : ((in[0] << 3) & 0x08) |
64 : 45 : ((in[0] << 3) & 0x10) |
65 : 135 : ((in[0] << 3) & 0x20) | ((in[0] << 3) & 0x40) | ((in[0] << 3) & 0x80);
66 : : }
67 [ + - ]: 9844 : else if (len > 1)
68 : : {
69 : : char nexttolast, last;
70 : : int i;
71 : :
72 : 9844 : nexttolast = in[len - 2];
73 : 9844 : last = in[len - 1];
74 : :
75 [ + + ]: 299664 : for (i = len * 8 - 1; i >= 13; i--)
76 : : {
77 : 289820 : int pos = i / 8;
78 : 289820 : char mask = ~(1 << (7 - i % 8));
79 : 289820 : int pos2 = (i - 13) / 8;
80 : 289820 : char mask2 = (1 << (7 - (i - 13) % 8));
81 : :
82 [ + + ]: 289820 : out[pos] = (out[pos] & mask) |
83 : 289820 : (((in[pos2] & mask2) ? 0xFF : 0x00) & ~mask);
84 : : }
85 : 9844 : out[0] = ((nexttolast & 0xFF) << 3) | ((last & 0xFF) >> 5);
86 : 9844 : out[1] = (in[1] & ~(0xFF & (0xFF << 3))) | (0xFF & (last << 3));
87 : : }
88 : :
89 [ - + ]: 9889 : if (VERBOSECRYPTONOISE (handle))
90 : : {
91 : 0 : printf ("\t ;; rot13 out:\n");
92 : 0 : _shishi_escapeprint (out, len);
93 : 0 : _shishi_hexprint (out, len);
94 : 0 : _shishi_binprint (out, len);
95 : : }
96 : 9889 : }
97 : :
98 : : static void
99 : 3389 : ocadd (char *add1, char *add2, char *sum, int len)
100 : : {
101 : : int i;
102 : 3389 : int carry = 0;
103 : :
104 [ + + ]: 55658 : for (i = len - 1; i >= 0; i--)
105 : : {
106 : 52269 : int tmpsum = (unsigned char) add1[i] + (unsigned char) add2[i];
107 : :
108 : 52269 : sum[i] = (tmpsum + carry) & 0xFF;
109 [ + + ]: 52269 : if (tmpsum + carry > 0xFF)
110 : 4460 : carry = 1;
111 : : else
112 : 47809 : carry = 0;
113 : : }
114 : :
115 [ + + ]: 3389 : if (carry)
116 : : {
117 : 89 : int done = 0;
118 : :
119 [ + - ]: 89 : for (i = len - 1; i >= 0; i--)
120 [ + - ]: 89 : if ((unsigned char) sum[i] != 0xFF)
121 : : {
122 : 89 : sum[i]++;
123 : 89 : done = 1;
124 : 89 : break;
125 : : }
126 : :
127 [ - + ]: 89 : if (!done)
128 : 0 : memset (sum, 0, len);
129 : : }
130 : 3389 : }
131 : :
132 : : static int
133 : 300 : simplified_hmac (Shishi * handle,
134 : : Shishi_key * key,
135 : : const char *in, size_t inlen,
136 : : char **outhash, size_t * outhashlen)
137 : : {
138 : 300 : *outhashlen = shishi_checksum_cksumlen
139 : : (shishi_cipher_defaultcksumtype (shishi_key_type (key)));
140 : 300 : return shishi_hmac_sha1 (handle, shishi_key_value (key),
141 : : shishi_key_length (key), in, inlen, outhash);
142 : : }
143 : :
144 : : static int
145 : 150 : simplified_hmac_verify (Shishi * handle, Shishi_key * key,
146 : : const char *in, size_t inlen,
147 : : const char *hmac, size_t hmaclen)
148 : : {
149 : : char *hash;
150 : : size_t hlen;
151 : : int same;
152 : : int res;
153 : :
154 : 150 : res = simplified_hmac (handle, key, in, inlen, &hash, &hlen);
155 [ + - - + ]: 150 : if (res != SHISHI_OK || hash == NULL)
156 : 0 : return res;
157 : :
158 [ - + ]: 150 : if (VERBOSECRYPTO (handle))
159 : : {
160 : 0 : printf ("\t ;; HMAC verify:\n");
161 : 0 : _shishi_escapeprint (hash, hlen);
162 : 0 : _shishi_hexprint (hash, hlen);
163 : 0 : _shishi_binprint (hash, hlen);
164 : 0 : _shishi_escapeprint (hmac, hmaclen);
165 : 0 : _shishi_hexprint (hmac, hmaclen);
166 : 0 : _shishi_binprint (hmac, hmaclen);
167 : : }
168 : :
169 [ + - ][ + - ]: 150 : same = (hlen == hmaclen) && memcmp (hash, hmac, hmaclen) == 0;
170 : :
171 : 150 : free (hash);
172 : :
173 [ - + ]: 150 : if (!same)
174 : : {
175 : 0 : shishi_error_printf (handle, "HMAC verify failed");
176 : 0 : return SHISHI_CRYPTO_ERROR;
177 : : }
178 : :
179 : 150 : return SHISHI_OK;
180 : : }
181 : :
182 : : int
183 : 616 : _shishi_simplified_derivekey (Shishi * handle,
184 : : Shishi_key * key,
185 : : int keyusage,
186 : : int derivekeymode, Shishi_key ** outkey)
187 : : {
188 : : char prfconstant[5];
189 : 616 : int res = SHISHI_OK;
190 : : Shishi_key *derivedkey;
191 : :
192 [ - + ]: 616 : if (VERBOSECRYPTO (handle))
193 : : {
194 : 0 : printf ("simplified_derivekey\n");
195 [ # # # # ]: 0 : printf ("\t ;; mode %d (%s)\n", derivekeymode,
[ # # ]
196 : : derivekeymode == SHISHI_DERIVEKEYMODE_CHECKSUM ? "checksum" :
197 : : derivekeymode == SHISHI_DERIVEKEYMODE_INTEGRITY ? "integrity" :
198 : : derivekeymode == SHISHI_DERIVEKEYMODE_PRIVACY ? "privacy" :
199 : : "base-key");
200 : 0 : _shishi_hexprint (shishi_key_value (key), shishi_key_length (key));
201 : : }
202 : :
203 : :
204 : 616 : res = shishi_key_from_value (handle, shishi_key_type (key),
205 : : NULL, &derivedkey);
206 [ - + ]: 616 : if (res != SHISHI_OK)
207 : 0 : return res;
208 : :
209 : 616 : *outkey = derivedkey;
210 : :
211 [ + - ]: 616 : if (keyusage)
212 : : {
213 : 616 : uint32_t tmp = htonl (keyusage);
214 : 616 : memcpy (prfconstant, &tmp, 4);
215 [ - + ]: 616 : if (derivekeymode == SHISHI_DERIVEKEYMODE_CHECKSUM)
216 : 0 : prfconstant[4] = '\x99';
217 [ + + ]: 616 : else if (derivekeymode == SHISHI_DERIVEKEYMODE_INTEGRITY)
218 : 300 : prfconstant[4] = '\x55';
219 : : else /* if (derivekeymode == SHISHI_DERIVEKEYMODE_PRIVACY) */
220 : 316 : prfconstant[4] = '\xAA';
221 : :
222 : 616 : res = shishi_dk (handle, key, prfconstant, 5, derivedkey);
223 : : }
224 : : else
225 : : {
226 : 0 : shishi_key_copy (derivedkey, key);
227 : : }
228 : :
229 [ - + ]: 616 : if (VERBOSECRYPTO (handle))
230 : : {
231 : 0 : printf ("\t ;; simplified_derivekey out (%d):\n",
232 : : shishi_key_length (derivedkey));
233 : 0 : _shishi_hexprint (shishi_key_value (derivedkey),
234 : 0 : shishi_key_length (derivedkey));
235 : : }
236 : :
237 : 616 : return res;
238 : : }
239 : :
240 : : int
241 : 1470 : _shishi_simplified_dencrypt (Shishi * handle,
242 : : Shishi_key * key,
243 : : const char *iv, size_t ivlen,
244 : : char **ivout, size_t * ivoutlen,
245 : : const char *in, size_t inlen,
246 : : char **out, size_t * outlen, int decryptp)
247 : : {
248 : : int rc;
249 : : char *pt;
250 : : size_t ptlen;
251 : 1470 : size_t padzerolen = 0;
252 : :
253 [ + + ]: 1470 : if ((inlen % 8) != 0)
254 [ + + ]: 1260 : while (((inlen + padzerolen) % 8) != 0)
255 : 1008 : padzerolen++;
256 : :
257 : 1470 : ptlen = inlen + padzerolen;
258 : :
259 [ + + ]: 1470 : if (padzerolen)
260 : : {
261 : 252 : pt = xmalloc (ptlen);
262 : 252 : memcpy (pt, in, inlen);
263 : 252 : memset (pt + inlen, 0, padzerolen);
264 : : }
265 : : else
266 : 1218 : pt = (char *) in;
267 : :
268 [ + + + - ]: 1470 : switch (shishi_key_type (key))
269 : : {
270 : : case SHISHI_DES_CBC_CRC:
271 : : case SHISHI_DES_CBC_MD4:
272 : : case SHISHI_DES_CBC_MD5:
273 : : case SHISHI_DES_CBC_NONE:
274 : 68 : rc = shishi_des (handle, decryptp, shishi_key_value (key),
275 : : iv, ivout, pt, ptlen, out);
276 [ + - ]: 68 : if (ivoutlen)
277 : 68 : *ivoutlen = 8;
278 [ + - ]: 68 : if (outlen)
279 : 68 : *outlen = ptlen;
280 : 68 : break;
281 : :
282 : : case SHISHI_DES3_CBC_HMAC_SHA1_KD:
283 : : case SHISHI_DES3_CBC_NONE:
284 : 245 : rc = shishi_3des (handle, decryptp, shishi_key_value (key),
285 : : iv, ivout, pt, inlen + padzerolen, out);
286 [ + + ]: 245 : if (ivoutlen)
287 : 32 : *ivoutlen = 8;
288 [ + - ]: 245 : if (outlen)
289 : 245 : *outlen = ptlen;
290 : 245 : break;
291 : :
292 : : case SHISHI_AES128_CTS_HMAC_SHA1_96:
293 : : case SHISHI_AES256_CTS_HMAC_SHA1_96:
294 : 1157 : rc = shishi_aes_cts (handle, decryptp,
295 : : shishi_key_value (key), shishi_key_length (key),
296 : : iv, ivout, in, inlen, out);
297 [ + + ]: 1157 : if (ivoutlen)
298 : 284 : *ivoutlen = 16;
299 [ + - ]: 1157 : if (outlen)
300 : 1157 : *outlen = inlen;
301 : 1157 : break;
302 : :
303 : : default:
304 : 0 : rc = SHISHI_CRYPTO_ERROR;
305 : : }
306 : :
307 [ + + ]: 1470 : if (padzerolen)
308 : 252 : free (pt);
309 : :
310 : 1470 : return rc;
311 : : }
312 : :
313 : : int
314 : 1222 : _shishi_simplified_encrypt (Shishi * handle,
315 : : Shishi_key * key,
316 : : int keyusage,
317 : : const char *iv, size_t ivlen,
318 : : char **ivout, size_t * ivoutlen,
319 : : const char *in, size_t inlen,
320 : : char **out, size_t * outlen)
321 : : {
322 : : int res;
323 : 1222 : int padzerolen = 0;
324 : :
325 [ + + + + + : 4344 : if ((shishi_key_type (key) == SHISHI_DES3_CBC_HMAC_SHA1_KD ||
+ + + ]
[ - + ]
326 : 1049 : shishi_key_type (key) == SHISHI_DES_CBC_CRC ||
327 : 1041 : shishi_key_type (key) == SHISHI_DES_CBC_MD4 ||
328 : 1032 : shishi_key_type (key) == SHISHI_DES_CBC_MD5) && (inlen % 8) != 0)
329 [ # # ]: 0 : while (((inlen + padzerolen) % 8) != 0)
330 : 0 : padzerolen++;
331 : :
332 [ + + ]: 1222 : if (keyusage != 0)
333 : : {
334 : 150 : char *pt = NULL, *ct = NULL, *hmac = NULL;
335 : 150 : int blen = shishi_cipher_blocksize (shishi_key_type (key));
336 : : size_t ctlen, ptlen, hmaclen;
337 : 150 : Shishi_key *privacykey = NULL, *integritykey = NULL;
338 : :
339 : 150 : ptlen = inlen + blen + padzerolen;
340 : 150 : pt = xmalloc (ptlen);
341 : :
342 : 150 : res = shishi_randomize (handle, 0, pt, blen);
343 [ - + ]: 150 : if (res != SHISHI_OK)
344 : 0 : goto done;
345 : :
346 : 150 : memcpy (pt + blen, in, inlen);
347 : 150 : memset (pt + blen + inlen, 0, padzerolen);
348 : :
349 : 150 : res = _shishi_simplified_derivekey (handle, key, keyusage,
350 : : SHISHI_DERIVEKEYMODE_PRIVACY,
351 : : &privacykey);
352 [ - + ]: 150 : if (res != SHISHI_OK)
353 : 0 : goto done;
354 : :
355 : 150 : res = _shishi_simplified_dencrypt (handle, privacykey,
356 : : iv, ivlen, ivout,
357 : : ivoutlen, pt, ptlen, &ct, &ctlen, 0);
358 [ - + ]: 150 : if (res != SHISHI_OK)
359 : 0 : goto done;
360 : :
361 : :
362 : 150 : res = _shishi_simplified_derivekey (handle, key, keyusage,
363 : : SHISHI_DERIVEKEYMODE_INTEGRITY,
364 : : &integritykey);
365 [ - + ]: 150 : if (res != SHISHI_OK)
366 : 0 : goto done;
367 : :
368 : 150 : res = simplified_hmac (handle, integritykey, pt, ptlen,
369 : : &hmac, &hmaclen);
370 [ - + ]: 150 : if (res != SHISHI_OK)
371 : 0 : goto done;
372 : :
373 : 150 : *outlen = ctlen + hmaclen;
374 : 150 : *out = xmalloc (*outlen);
375 : 150 : memcpy (*out, ct, ctlen);
376 : 150 : memcpy (*out + ctlen, hmac, hmaclen);
377 : :
378 : : done:
379 [ + - ]: 150 : if (privacykey)
380 : 150 : shishi_key_done (privacykey);
381 [ + - ]: 150 : if (integritykey)
382 : 150 : shishi_key_done (integritykey);
383 : 150 : free (hmac);
384 : 150 : free (ct);
385 : 150 : free (pt);
386 : : }
387 : : else
388 : : {
389 : 1072 : res = _shishi_simplified_dencrypt (handle, key, iv, ivlen,
390 : : ivout, ivoutlen,
391 : : in, inlen, out, outlen, 0);
392 : : }
393 : :
394 : 1222 : return res;
395 : : }
396 : :
397 : : int
398 : 184 : _shishi_simplified_decrypt (Shishi * handle,
399 : : Shishi_key * key,
400 : : int keyusage,
401 : : const char *iv, size_t ivlen,
402 : : char **ivout, size_t * ivoutlen,
403 : : const char *in, size_t inlen,
404 : : char **out, size_t * outlen)
405 : : {
406 : : int res;
407 : :
408 [ + + ]: 184 : if (keyusage)
409 : : {
410 : 150 : Shishi_key *privacykey = NULL, *integritykey = NULL;
411 : 150 : int blen = shishi_cipher_blocksize (shishi_key_type (key));
412 : 150 : size_t hlen = shishi_checksum_cksumlen
413 : 150 : (shishi_cipher_defaultcksumtype (shishi_key_type (key)));
414 : :
415 : 150 : res = _shishi_simplified_derivekey (handle, key, keyusage,
416 : : SHISHI_DERIVEKEYMODE_PRIVACY,
417 : : &privacykey);
418 [ - + ]: 150 : if (res != SHISHI_OK)
419 : 0 : goto done;
420 : :
421 : 150 : res = _shishi_simplified_dencrypt (handle, privacykey,
422 : : iv, ivlen, ivout, ivoutlen,
423 : : in, inlen - hlen, out, outlen, 1);
424 [ - + ]: 150 : if (res != SHISHI_OK)
425 : 0 : goto done;
426 : :
427 : 150 : res = _shishi_simplified_derivekey (handle, key, keyusage,
428 : : SHISHI_DERIVEKEYMODE_INTEGRITY,
429 : : &integritykey);
430 [ - + ]: 150 : if (res != SHISHI_OK)
431 : 0 : goto done;
432 : :
433 : 150 : res = simplified_hmac_verify (handle, integritykey, *out, *outlen,
434 : : in + inlen - hlen, hlen);
435 : :
436 [ - + ]: 150 : if (res != SHISHI_OK)
437 : 0 : goto done;
438 : :
439 : 150 : memmove (*out, *out + blen, *outlen - blen);
440 : 150 : *outlen = *outlen - blen;
441 : 150 : *out = xrealloc (*out, *outlen);
442 : :
443 : : done:
444 [ + - ]: 150 : if (privacykey)
445 : 150 : shishi_key_done (privacykey);
446 [ + - ]: 150 : if (integritykey)
447 : 150 : shishi_key_done (integritykey);
448 : : }
449 : : else
450 : : {
451 : 34 : res = _shishi_simplified_dencrypt (handle, key, iv, ivlen,
452 : : ivout, ivoutlen,
453 : : in, inlen, out, outlen, 1);
454 : : }
455 : :
456 : 184 : return res;
457 : : }
458 : :
459 : : int
460 : 0 : _shishi_simplified_checksum (Shishi * handle,
461 : : Shishi_key * key,
462 : : int keyusage,
463 : : int cksumtype,
464 : : const char *in, size_t inlen,
465 : : char **out, size_t * outlen)
466 : : {
467 : : Shishi_key *checksumkey;
468 : 0 : int cksumlen = shishi_checksum_cksumlen (cksumtype);
469 : : int res;
470 : :
471 : 0 : res = _shishi_simplified_derivekey (handle, key, keyusage,
472 : : SHISHI_DERIVEKEYMODE_CHECKSUM,
473 : : &checksumkey);
474 [ # # ]: 0 : if (res != SHISHI_OK)
475 : 0 : return res;
476 : :
477 : 0 : res = simplified_hmac (handle, checksumkey, in, inlen, out, outlen);
478 : :
479 : 0 : shishi_key_done (checksumkey);
480 : :
481 [ # # ]: 0 : if (res != SHISHI_OK)
482 : 0 : return res;
483 : :
484 : 0 : *outlen = cksumlen;
485 : :
486 : 0 : return SHISHI_OK;
487 : : }
488 : :
489 : : static cipherinfo *ciphers[] = {
490 : : #if WITH_NULL
491 : : &null_info,
492 : : #endif
493 : : #if WITH_DES
494 : : &des_cbc_crc_info,
495 : : &des_cbc_md4_info,
496 : : &des_cbc_md5_info,
497 : : &des_cbc_none_info,
498 : : #endif
499 : : #if WITH_3DES
500 : : &des3_cbc_none_info,
501 : : &des3_cbc_sha1_kd_info,
502 : : #endif
503 : : #if WITH_AES
504 : : &aes128_cts_hmac_sha1_96_info,
505 : : &aes256_cts_hmac_sha1_96_info,
506 : : #endif
507 : : #if WITH_ARCFOUR
508 : : &arcfour_hmac_info,
509 : : &arcfour_hmac_exp_info
510 : : #endif
511 : : };
512 : :
513 : : /**
514 : : * shishi_cipher_supported_p:
515 : : * @type: encryption type, see Shishi_etype.
516 : : *
517 : : * Find out if cipher is supported.
518 : : *
519 : : * Return value: Return 0 iff cipher is unsupported.
520 : : **/
521 : : int
522 : 0 : shishi_cipher_supported_p (int32_t type)
523 : : {
524 : : size_t i;
525 : :
526 [ # # ]: 0 : for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
527 [ # # ]: 0 : if (type == ciphers[i]->type)
528 : 0 : return 1;
529 : :
530 : 0 : return 0;
531 : : }
532 : :
533 : : /**
534 : : * shishi_cipher_name:
535 : : * @type: encryption type, see Shishi_etype.
536 : : *
537 : : * Read humanly readable string for cipher.
538 : : *
539 : : * Return value: Return name of encryption type,
540 : : * e.g. "des3-cbc-sha1-kd", as defined in the standards.
541 : : **/
542 : : const char *
543 : 32 : shishi_cipher_name (int32_t type)
544 : : {
545 : : size_t i;
546 : : char *p;
547 : :
548 [ + - ]: 212 : for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
549 : : {
550 [ + + ]: 212 : if (type == ciphers[i]->type)
551 : 32 : return ciphers[i]->name;
552 : : }
553 : :
554 : 0 : asprintf (&p, "unknown cipher %d", type);
555 : 32 : return p;
556 : : }
557 : :
558 : : /**
559 : : * shishi_cipher_blocksize:
560 : : * @type: encryption type, see Shishi_etype.
561 : : *
562 : : * Get block size for cipher.
563 : : *
564 : : * Return value: Return block size for encryption type, as defined in
565 : : * the standards.
566 : : **/
567 : : int
568 : 963 : shishi_cipher_blocksize (int32_t type)
569 : : {
570 : : size_t i;
571 : :
572 [ + - ]: 8019 : for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
573 [ + + ]: 8019 : if (type == ciphers[i]->type)
574 : 963 : return ciphers[i]->blocksize;
575 : :
576 : 963 : return -1;
577 : : }
578 : :
579 : : /**
580 : : * shishi_cipher_confoundersize:
581 : : * @type: encryption type, see Shishi_etype.
582 : : *
583 : : * Get length of confounder for cipher.
584 : : *
585 : : * Return value: Returns the size of the confounder (random data) for
586 : : * encryption type, as defined in the standards, or (size_t)-1 on
587 : : * error (e.g., unsupported encryption type).
588 : : **/
589 : : int
590 : 0 : shishi_cipher_confoundersize (int32_t type)
591 : : {
592 : : size_t i;
593 : :
594 [ # # ]: 0 : for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
595 [ # # ]: 0 : if (type == ciphers[i]->type)
596 : 0 : return ciphers[i]->confoundersize;
597 : :
598 : 0 : return -1;
599 : : }
600 : :
601 : : /**
602 : : * shishi_cipher_keylen:
603 : : * @type: encryption type, see Shishi_etype.
604 : : *
605 : : * Get key length for cipher.
606 : : *
607 : : * Return value: Return length of key used for the encryption type, as
608 : : * defined in the standards.
609 : : **/
610 : : size_t
611 : 5882 : shishi_cipher_keylen (int32_t type)
612 : : {
613 : : size_t i;
614 : :
615 [ + - ]: 49469 : for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
616 [ + + ]: 49469 : if (type == ciphers[i]->type)
617 : 5882 : return ciphers[i]->keylen;
618 : :
619 : 5882 : return -1;
620 : : }
621 : :
622 : : /**
623 : : * shishi_cipher_randomlen:
624 : : * @type: encryption type, see Shishi_etype.
625 : : *
626 : : * Get length of random data for cipher.
627 : : *
628 : : * Return value: Return length of random used for the encryption type,
629 : : * as defined in the standards, or (size_t)-1 on error (e.g.,
630 : : * unsupported encryption type).
631 : : **/
632 : : size_t
633 : 10 : shishi_cipher_randomlen (int32_t type)
634 : : {
635 : : size_t i;
636 : :
637 [ + - ]: 65 : for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
638 [ + + ]: 65 : if (type == ciphers[i]->type)
639 : 10 : return ciphers[i]->randomlen;
640 : :
641 : 10 : return -1;
642 : : }
643 : :
644 : : /**
645 : : * shishi_cipher_defaultcksumtype:
646 : : * @type: encryption type, see Shishi_etype.
647 : : *
648 : : * Get the default checksum associated with cipher.
649 : : *
650 : : * Return value: Return associated checksum mechanism for the
651 : : * encryption type, as defined in the standards.
652 : : **/
653 : : int
654 : 450 : shishi_cipher_defaultcksumtype (int32_t type)
655 : : {
656 : : size_t i;
657 : :
658 [ + - ]: 3789 : for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
659 [ + + ]: 3789 : if (type == ciphers[i]->type)
660 : 450 : return ciphers[i]->defaultcksumtype;
661 : :
662 : 450 : return -1;
663 : : }
664 : :
665 : : struct Cipher_aliases
666 : : {
667 : : const char *name;
668 : : int type;
669 : : };
670 : :
671 : : static struct Cipher_aliases cipher_aliases[] = {
672 : : {"des-crc", SHISHI_DES_CBC_CRC},
673 : : {"des-md4", SHISHI_DES_CBC_MD4},
674 : : {"des-md5", SHISHI_DES_CBC_MD5},
675 : : {"des", SHISHI_DES_CBC_MD5},
676 : : {"des3", SHISHI_DES3_CBC_HMAC_SHA1_KD},
677 : : {"3des", SHISHI_DES3_CBC_HMAC_SHA1_KD},
678 : : {"aes128", SHISHI_AES128_CTS_HMAC_SHA1_96},
679 : : {"aes256", SHISHI_AES256_CTS_HMAC_SHA1_96},
680 : : {"aes", SHISHI_AES256_CTS_HMAC_SHA1_96},
681 : : {"arcfour", SHISHI_ARCFOUR_HMAC}
682 : : };
683 : :
684 : : /**
685 : : * shishi_cipher_parse:
686 : : * @cipher: name of encryption type, e.g. "des3-cbc-sha1-kd".
687 : : *
688 : : * Get cipher number by parsing string.
689 : : *
690 : : * Return value: Return encryption type corresponding to a string.
691 : : **/
692 : : int
693 : 1 : shishi_cipher_parse (const char *cipher)
694 : : {
695 : : size_t i;
696 : : char *endptr;
697 : :
698 : 1 : i = strtol (cipher, &endptr, 0);
699 : :
700 [ + - - + ]: 1 : if (*cipher && *endptr == '\0')
701 : 0 : return i;
702 : :
703 [ + + ]: 12 : for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
704 [ - + ]: 11 : if (strcasecmp (cipher, ciphers[i]->name) == 0)
705 : 0 : return ciphers[i]->type;
706 : :
707 [ + - ]: 6 : for (i = 0; i < sizeof (cipher_aliases) / sizeof (cipher_aliases[0]); i++)
708 [ + + ]: 6 : if (strcasecmp (cipher, cipher_aliases[i].name) == 0)
709 : 1 : return cipher_aliases[i].type;
710 : :
711 : 1 : return -1;
712 : : }
713 : :
714 : : static Shishi_random_to_key_function
715 : 654 : _shishi_cipher_random_to_key (int32_t type)
716 : : {
717 : : size_t i;
718 : :
719 [ + - ]: 5430 : for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
720 [ + + ]: 5430 : if (type == ciphers[i]->type)
721 : 654 : return ciphers[i]->random2key;
722 : :
723 : 654 : return NULL;
724 : : }
725 : :
726 : : static Shishi_string_to_key_function
727 : 26 : _shishi_cipher_string_to_key (int32_t type)
728 : : {
729 : : size_t i;
730 : :
731 [ + - ]: 188 : for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
732 [ + + ]: 188 : if (type == ciphers[i]->type)
733 : 26 : return ciphers[i]->string2key;
734 : :
735 : 26 : return NULL;
736 : : }
737 : :
738 : : static Shishi_encrypt_function
739 : 1422 : _shishi_cipher_encrypt (int32_t type)
740 : : {
741 : : size_t i;
742 : :
743 [ + - ]: 11951 : for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
744 [ + + ]: 11951 : if (type == ciphers[i]->type)
745 : 1422 : return ciphers[i]->encrypt;
746 : :
747 : 1422 : return NULL;
748 : : }
749 : :
750 : : static Shishi_decrypt_function
751 : 336 : _shishi_cipher_decrypt (int32_t type)
752 : : {
753 : : size_t i;
754 : :
755 [ + - ]: 2942 : for (i = 0; i < sizeof (ciphers) / sizeof (ciphers[0]); i++)
756 [ + + ]: 2942 : if (type == ciphers[i]->type)
757 : 336 : return ciphers[i]->decrypt;
758 : :
759 : 336 : return NULL;
760 : : }
761 : :
762 : : static checksuminfo *checksums[] = {
763 : : #if WITH_DES
764 : : &crc32_info,
765 : : #endif
766 : : #if WITH_MD
767 : : &md4_info,
768 : : #endif
769 : : #if WITH_DES
770 : : &md4_des_info,
771 : : #endif
772 : : #if WITH_MD
773 : : &md5_info,
774 : : #endif
775 : : #if WITH_DES
776 : : &md5_des_info,
777 : : &md5_gss_info,
778 : : #endif
779 : : #if WITH_3DES
780 : : &hmac_sha1_des3_kd_info,
781 : : #endif
782 : : #if WITH_AES
783 : : &hmac_sha1_96_aes128_info,
784 : : &hmac_sha1_96_aes256_info,
785 : : #endif
786 : : #if WITH_ARCFOUR
787 : : &arcfour_hmac_md5_info
788 : : #endif
789 : : };
790 : :
791 : : /**
792 : : * shishi_checksum_supported_p:
793 : : * @type: checksum type, see Shishi_cksumtype.
794 : : *
795 : : * Find out whether checksum is supported.
796 : : *
797 : : * Return value: Return 0 iff checksum is unsupported.
798 : : **/
799 : : int
800 : 0 : shishi_checksum_supported_p (int32_t type)
801 : : {
802 : : size_t i;
803 : :
804 [ # # ]: 0 : for (i = 0; i < sizeof (checksums) / sizeof (checksums[0]); i++)
805 [ # # ]: 0 : if (type == checksums[i]->type)
806 : 0 : return 1;
807 : :
808 : 0 : return 0;
809 : : }
810 : :
811 : : /**
812 : : * shishi_checksum_name:
813 : : * @type: checksum type, see Shishi_cksumtype.
814 : : *
815 : : * Get name of checksum.
816 : : *
817 : : * Return value: Return name of checksum type,
818 : : * e.g. "hmac-sha1-96-aes256", as defined in the standards.
819 : : **/
820 : : const char *
821 : 0 : shishi_checksum_name (int32_t type)
822 : : {
823 : : size_t i;
824 : : char *p;
825 : :
826 [ # # ]: 0 : for (i = 0; i < sizeof (checksums) / sizeof (checksums[0]); i++)
827 : : {
828 [ # # ]: 0 : if (type == checksums[i]->type)
829 : 0 : return checksums[i]->name;
830 : : }
831 : :
832 : 0 : asprintf (&p, "unknown checksum %d", type);
833 : 0 : return p;
834 : : }
835 : :
836 : : /**
837 : : * shishi_checksum_cksumlen:
838 : : * @type: checksum type, see Shishi_cksumtype.
839 : : *
840 : : * Get length of checksum output.
841 : : *
842 : : * Return value: Return length of checksum used for the checksum type,
843 : : * as defined in the standards.
844 : : **/
845 : : size_t
846 : 450 : shishi_checksum_cksumlen (int32_t type)
847 : : {
848 : : size_t i;
849 : :
850 [ + - ]: 3789 : for (i = 0; i < sizeof (checksums) / sizeof (checksums[0]); i++)
851 [ + + ]: 3789 : if (type == checksums[i]->type)
852 : 450 : return checksums[i]->cksumlen;
853 : :
854 : 450 : return -1;
855 : : }
856 : :
857 : : /**
858 : : * shishi_checksum_parse:
859 : : * @checksum: name of checksum type, e.g. "hmac-sha1-96-aes256".
860 : : *
861 : : * Get checksum number by parsing a string.
862 : : *
863 : : * Return value: Return checksum type, see Shishi_cksumtype,
864 : : * corresponding to a string.
865 : : **/
866 : : int
867 : 0 : shishi_checksum_parse (const char *checksum)
868 : : {
869 : : size_t i;
870 : : char *endptr;
871 : :
872 : 0 : i = strtol (checksum, &endptr, 0);
873 : :
874 [ # # ]: 0 : if (endptr != checksum)
875 : 0 : return i;
876 : :
877 [ # # ]: 0 : for (i = 0; i < sizeof (checksums) / sizeof (checksums[0]); i++)
878 [ # # ]: 0 : if (strcasecmp (checksum, checksums[i]->name) == 0)
879 : 0 : return checksums[i]->type;
880 : :
881 : 0 : return -1;
882 : : }
883 : :
884 : : static Shishi_checksum_function
885 : 0 : _shishi_checksum (int32_t type)
886 : : {
887 : : size_t i;
888 : :
889 [ # # ]: 0 : for (i = 0; i < sizeof (checksums) / sizeof (checksums[0]); i++)
890 [ # # ]: 0 : if (type == checksums[i]->type)
891 : 0 : return checksums[i]->checksum;
892 : :
893 : 0 : return NULL;
894 : : }
895 : :
896 : : static Shishi_verify_function
897 : 2 : _shishi_verify (int32_t type)
898 : : {
899 : : size_t i;
900 : :
901 [ + + ]: 16 : for (i = 0; i < sizeof (checksums) / sizeof (checksums[0]); i++)
902 [ + + ]: 15 : if (type == checksums[i]->type)
903 : 1 : return checksums[i]->verify;
904 : :
905 : 2 : return NULL;
906 : : }
907 : :
908 : : /**
909 : : * shishi_string_to_key:
910 : : * @handle: shishi handle as allocated by shishi_init().
911 : : * @keytype: cryptographic encryption type, see Shishi_etype.
912 : : * @password: input array with password.
913 : : * @passwordlen: length of input array with password.
914 : : * @salt: input array with salt.
915 : : * @saltlen: length of input array with salt.
916 : : * @parameter: input array with opaque encryption type specific information.
917 : : * @outkey: allocated key handle that will contain new key.
918 : : *
919 : : * Derive key from a string (password) and salt (commonly
920 : : * concatenation of realm and principal) for specified key type, and
921 : : * set the type and value in the given key to the computed values.
922 : : * The parameter value is specific for each keytype, and can be set if
923 : : * the parameter information is not available.
924 : : *
925 : : * Return value: Returns %SHISHI_OK iff successful.
926 : : **/
927 : : int
928 : 26 : shishi_string_to_key (Shishi * handle,
929 : : int32_t keytype,
930 : : const char *password, size_t passwordlen,
931 : : const char *salt, size_t saltlen,
932 : : const char *parameter, Shishi_key * outkey)
933 : : {
934 : : Shishi_string_to_key_function string2key;
935 : : int res;
936 : :
937 : 26 : shishi_key_type_set (outkey, keytype);
938 : :
939 [ - + ]: 26 : if (VERBOSECRYPTO (handle))
940 : : {
941 : 0 : printf ("string_to_key (%s, password, salt)\n",
942 : : shishi_key_name (outkey));
943 : 0 : printf ("\t ;; password:\n");
944 : 0 : _shishi_escapeprint (password, passwordlen);
945 : 0 : _shishi_hexprint (password, passwordlen);
946 : 0 : printf ("\t ;; salt:\n");
947 : 0 : _shishi_escapeprint (salt, saltlen);
948 : 0 : _shishi_hexprint (salt, saltlen);
949 : : }
950 : :
951 : 26 : string2key = _shishi_cipher_string_to_key (shishi_key_type (outkey));
952 [ - + ]: 26 : if (string2key == NULL)
953 : : {
954 : 0 : shishi_error_printf (handle, "Unsupported keytype %d",
955 : : shishi_key_type (outkey));
956 : 0 : return SHISHI_CRYPTO_ERROR;
957 : : }
958 : :
959 : 26 : res = (*string2key) (handle, password, passwordlen,
960 : : salt, saltlen, parameter, outkey);
961 : :
962 [ - + ]: 26 : if (VERBOSECRYPTO (handle))
963 : : {
964 : 0 : printf ("\t ;; string_to_key key:\n");
965 : 0 : _shishi_hexprint (shishi_key_value (outkey),
966 : 0 : shishi_key_length (outkey));
967 : 0 : _shishi_binprint (shishi_key_value (outkey),
968 : 0 : shishi_key_length (outkey));
969 : : }
970 : :
971 : 26 : return res;
972 : : }
973 : :
974 : : /**
975 : : * shishi_random_to_key:
976 : : * @handle: shishi handle as allocated by shishi_init().
977 : : * @keytype: cryptographic encryption type, see Shishi_etype.
978 : : * @rnd: input array with random data.
979 : : * @rndlen: length of input array with random data.
980 : : * @outkey: allocated key handle that will contain new key.
981 : : *
982 : : * Derive key from random data for specified key type, and set the
983 : : * type and value in the given key to the computed values.
984 : : *
985 : : * Return value: Returns %SHISHI_OK iff successful.
986 : : **/
987 : : int
988 : 654 : shishi_random_to_key (Shishi * handle,
989 : : int32_t keytype,
990 : : const char *rnd, size_t rndlen, Shishi_key * outkey)
991 : : {
992 : : Shishi_random_to_key_function random2key;
993 : : int res;
994 : :
995 : 654 : shishi_key_type_set (outkey, keytype);
996 : :
997 [ - + ]: 654 : if (VERBOSECRYPTO (handle))
998 : : {
999 : 0 : printf ("random_to_key (%s, random)\n", shishi_key_name (outkey));
1000 : 0 : printf ("\t ;; random:\n");
1001 : 0 : _shishi_hexprint (rnd, rndlen);
1002 : 0 : _shishi_binprint (rnd, rndlen);
1003 : : }
1004 : :
1005 : 654 : random2key = _shishi_cipher_random_to_key (keytype);
1006 [ - + ]: 654 : if (random2key == NULL)
1007 : : {
1008 : 0 : shishi_error_printf (handle, "Unsupported random_to_key() ekeytype %d",
1009 : : keytype);
1010 : 0 : return SHISHI_CRYPTO_ERROR;
1011 : : }
1012 : :
1013 : 654 : res = (*random2key) (handle, rnd, rndlen, outkey);
1014 : :
1015 [ - + ]: 654 : if (VERBOSECRYPTO (handle))
1016 : : {
1017 : 0 : printf ("\t ;; random_to_key key:\n");
1018 : 0 : _shishi_hexprint (shishi_key_value (outkey),
1019 : 0 : shishi_key_length (outkey));
1020 : 0 : _shishi_binprint (shishi_key_value (outkey),
1021 : 0 : shishi_key_length (outkey));
1022 : : }
1023 : :
1024 : 654 : return res;
1025 : : }
1026 : :
1027 : : /**
1028 : : * shishi_checksum:
1029 : : * @handle: shishi handle as allocated by shishi_init().
1030 : : * @key: key to compute checksum with.
1031 : : * @keyusage: integer specifying what this key is used for.
1032 : : * @cksumtype: the checksum algorithm to use.
1033 : : * @in: input array with data to integrity protect.
1034 : : * @inlen: size of input array with data to integrity protect.
1035 : : * @out: output array with newly allocated integrity protected data.
1036 : : * @outlen: output variable with length of output array with checksum.
1037 : : *
1038 : : * Integrity protect data using key, possibly altered by supplied key
1039 : : * usage. If key usage is 0, no key derivation is used. The OUT
1040 : : * buffer must be deallocated by the caller.
1041 : : *
1042 : : * Return value: Returns %SHISHI_OK iff successful.
1043 : : **/
1044 : : int
1045 : 0 : shishi_checksum (Shishi * handle,
1046 : : Shishi_key * key,
1047 : : int keyusage,
1048 : : int cksumtype,
1049 : : const char *in, size_t inlen, char **out, size_t * outlen)
1050 : : {
1051 : : Shishi_checksum_function checksum;
1052 : : int res;
1053 : :
1054 [ # # ]: 0 : if (VERBOSECRYPTO (handle))
1055 : : {
1056 : 0 : printf ("checksum (%s, %d, in, out)\n",
1057 : : shishi_key_name (key), cksumtype);
1058 : 0 : printf ("\t ;; key (%d):\n", shishi_key_length (key));
1059 : 0 : _shishi_hexprint (shishi_key_value (key), shishi_key_length (key));
1060 : 0 : printf ("\t ;; in:\n");
1061 : 0 : _shishi_escapeprint (in, inlen);
1062 : 0 : _shishi_hexprint (in, inlen);
1063 : : }
1064 : :
1065 [ # # ]: 0 : if (cksumtype == 0)
1066 : 0 : cksumtype = shishi_cipher_defaultcksumtype (shishi_key_type (key));
1067 : :
1068 : 0 : checksum = _shishi_checksum (cksumtype);
1069 [ # # ]: 0 : if (checksum == NULL)
1070 : : {
1071 : 0 : shishi_error_printf (handle, "Unsupported checksum type %d", cksumtype);
1072 : 0 : return SHISHI_CRYPTO_ERROR;
1073 : : }
1074 : :
1075 : : /* XXX? check if etype and cksumtype are compatible? */
1076 : :
1077 : 0 : res = (*checksum) (handle, key, keyusage, cksumtype,
1078 : : in, inlen, out, outlen);
1079 : :
1080 [ # # ]: 0 : if (VERBOSECRYPTO (handle))
1081 : : {
1082 : 0 : printf ("\t ;; checksum out:\n");
1083 : 0 : _shishi_escapeprint (*out, *outlen);
1084 : 0 : _shishi_hexprint (*out, *outlen);
1085 : : }
1086 : :
1087 : 0 : return res;
1088 : : }
1089 : :
1090 : : /**
1091 : : * shishi_verify:
1092 : : * @handle: shishi handle as allocated by shishi_init().
1093 : : * @key: key to verify checksum with.
1094 : : * @keyusage: integer specifying what this key is used for.
1095 : : * @cksumtype: the checksum algorithm to use.
1096 : : * @in: input array with data that was integrity protected.
1097 : : * @inlen: size of input array with data that was integrity protected.
1098 : : * @cksum: input array with alleged checksum of data.
1099 : : * @cksumlen: size of input array with alleged checksum of data.
1100 : : *
1101 : : * Verify checksum of data using key, possibly altered by supplied key
1102 : : * usage. If key usage is 0, no key derivation is used.
1103 : : *
1104 : : * Return value: Returns %SHISHI_OK iff successful.
1105 : : **/
1106 : : int
1107 : 2 : shishi_verify (Shishi * handle,
1108 : : Shishi_key * key,
1109 : : int keyusage,
1110 : : int cksumtype,
1111 : : const char *in, size_t inlen,
1112 : : const char *cksum, size_t cksumlen)
1113 : : {
1114 : : Shishi_verify_function verify;
1115 : : int res;
1116 : :
1117 [ - + ]: 2 : if (VERBOSECRYPTO (handle))
1118 : : {
1119 : 0 : printf ("verify (%s, %d, in, out)\n", shishi_key_name (key), cksumtype);
1120 : 0 : printf ("\t ;; key (%d):\n", shishi_key_length (key));
1121 : 0 : _shishi_hexprint (shishi_key_value (key), shishi_key_length (key));
1122 : 0 : printf ("\t ;; data:\n");
1123 : 0 : _shishi_escapeprint (in, inlen);
1124 : 0 : _shishi_hexprint (in, inlen);
1125 : 0 : printf ("\t ;; mic:\n");
1126 : 0 : _shishi_escapeprint (cksum, cksumlen);
1127 : 0 : _shishi_hexprint (cksum, cksumlen);
1128 : : }
1129 : :
1130 [ - + ]: 2 : if (cksumtype == 0)
1131 : 0 : cksumtype = shishi_cipher_defaultcksumtype (shishi_key_type (key));
1132 : :
1133 : 2 : verify = _shishi_verify (cksumtype);
1134 [ + + ]: 2 : if (verify == NULL)
1135 : : {
1136 : 1 : shishi_error_printf (handle, "Unsupported checksum type %d", cksumtype);
1137 : 1 : return SHISHI_CRYPTO_ERROR;
1138 : : }
1139 : :
1140 : : /* XXX? check if etype and cksumtype are compatible? */
1141 : :
1142 : 1 : res = (*verify) (handle, key, keyusage, cksumtype,
1143 : : in, inlen, cksum, cksumlen);
1144 : :
1145 [ - + ]: 1 : if (VERBOSECRYPTO (handle))
1146 : 0 : printf ("\t ;; verify return: %d\n", res);
1147 : :
1148 : 2 : return res;
1149 : : }
1150 : :
1151 : : /**
1152 : : * shishi_encrypt_ivupdate_etype:
1153 : : * @handle: shishi handle as allocated by shishi_init().
1154 : : * @key: key to encrypt with.
1155 : : * @keyusage: integer specifying what this key is encrypting.
1156 : : * @etype: integer specifying what cipher to use.
1157 : : * @iv: input array with initialization vector
1158 : : * @ivlen: size of input array with initialization vector.
1159 : : * @ivout: output array with newly allocated updated initialization vector.
1160 : : * @ivoutlen: size of output array with updated initialization vector.
1161 : : * @in: input array with data to encrypt.
1162 : : * @inlen: size of input array with data to encrypt.
1163 : : * @out: output array with newly allocated encrypted data.
1164 : : * @outlen: output variable with size of newly allocated output array.
1165 : : *
1166 : : * Encrypts data as per encryption method using specified
1167 : : * initialization vector and key. The key actually used is derived
1168 : : * using the key usage. If key usage is 0, no key derivation is used.
1169 : : * The OUT buffer must be deallocated by the caller. If IVOUT or
1170 : : * IVOUTLEN is NULL, the updated IV is not saved anywhere.
1171 : : *
1172 : : * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1173 : : * exactly. Some encryption types add pad to make the data fit into
1174 : : * the block size of the encryption algorithm. Furthermore, the pad
1175 : : * is not guaranteed to look in any special way, although existing
1176 : : * implementations often pad with the zero byte. This means that you
1177 : : * may have to "frame" data, so it is possible to infer the original
1178 : : * length after decryption. Compare ASN.1 DER which contains such
1179 : : * information.
1180 : : *
1181 : : * Return value: Returns %SHISHI_OK iff successful.
1182 : : **/
1183 : : int
1184 : 1422 : shishi_encrypt_ivupdate_etype (Shishi * handle,
1185 : : Shishi_key * key,
1186 : : int keyusage,
1187 : : int32_t etype,
1188 : : const char *iv, size_t ivlen,
1189 : : char **ivout, size_t * ivoutlen,
1190 : : const char *in, size_t inlen,
1191 : : char **out, size_t * outlen)
1192 : : {
1193 : : Shishi_encrypt_function enc;
1194 : : int res;
1195 : :
1196 [ - + ]: 1422 : if (VERBOSECRYPTO (handle))
1197 : : {
1198 : 0 : printf ("encrypt (type=%s, usage=%d, key, in)\n",
1199 : : shishi_key_name (key), keyusage);
1200 : 0 : printf ("\t ;; key (%d):\n", shishi_key_length (key));
1201 : 0 : _shishi_hexprint (shishi_key_value (key), shishi_key_length (key));
1202 : 0 : printf ("\t ;; in (%d):\n", inlen);
1203 : 0 : _shishi_escapeprint (in, inlen);
1204 : 0 : _shishi_hexprint (in, inlen);
1205 [ # # ]: 0 : if (iv)
1206 : : {
1207 : 0 : printf ("\t ;; iv (%d):\n", ivlen);
1208 : 0 : _shishi_escapeprint (iv, ivlen);
1209 : 0 : _shishi_hexprint (iv, ivlen);
1210 : : }
1211 : : }
1212 : :
1213 : 1422 : enc = _shishi_cipher_encrypt (etype);
1214 [ - + ]: 1422 : if (enc == NULL)
1215 : : {
1216 : 0 : shishi_error_printf (handle, "Unsupported keytype %d",
1217 : : shishi_key_type (key));
1218 : 0 : return SHISHI_CRYPTO_ERROR;
1219 : : }
1220 : :
1221 : 1422 : res = (*enc) (handle, key, keyusage, iv, ivlen, ivout, ivoutlen,
1222 : : in, inlen, out, outlen);
1223 : :
1224 [ - + ]: 1422 : if (VERBOSECRYPTO (handle))
1225 : : {
1226 [ # # ]: 0 : if (res == SHISHI_OK)
1227 : : {
1228 : 0 : printf ("\t ;; encrypt out:\n");
1229 : 0 : _shishi_escapeprint (*out, *outlen);
1230 : 0 : _shishi_hexprint (*out, *outlen);
1231 [ # # # # ]: 0 : if (ivout && ivoutlen)
1232 : : {
1233 : 0 : printf ("\t ;; iv out:\n");
1234 : 0 : _shishi_escapeprint (*ivout, *ivoutlen);
1235 : 0 : _shishi_hexprint (*ivout, *ivoutlen);
1236 : : }
1237 : : }
1238 : : else
1239 : : {
1240 : 0 : printf ("\t ;; encrypt out failed %d\n", res);
1241 : : }
1242 : : }
1243 : :
1244 : 1422 : return res;
1245 : : }
1246 : :
1247 : : /**
1248 : : * shishi_encrypt_iv_etype:
1249 : : * @handle: shishi handle as allocated by shishi_init().
1250 : : * @key: key to encrypt with.
1251 : : * @keyusage: integer specifying what this key is encrypting.
1252 : : * @etype: integer specifying what cipher to use.
1253 : : * @iv: input array with initialization vector
1254 : : * @ivlen: size of input array with initialization vector.
1255 : : * @in: input array with data to encrypt.
1256 : : * @inlen: size of input array with data to encrypt.
1257 : : * @out: output array with newly allocated encrypted data.
1258 : : * @outlen: output variable with size of newly allocated output array.
1259 : : *
1260 : : * Encrypts data as per encryption method using specified
1261 : : * initialization vector and key. The key actually used is derived
1262 : : * using the key usage. If key usage is 0, no key derivation is used.
1263 : : * The OUT buffer must be deallocated by the caller. The next IV is
1264 : : * lost, see shishi_encrypt_ivupdate_etype if you need it.
1265 : : *
1266 : : * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1267 : : * exactly. Some encryption types add pad to make the data fit into
1268 : : * the block size of the encryption algorithm. Furthermore, the pad
1269 : : * is not guaranteed to look in any special way, although existing
1270 : : * implementations often pad with the zero byte. This means that you
1271 : : * may have to "frame" data, so it is possible to infer the original
1272 : : * length after decryption. Compare ASN.1 DER which contains such
1273 : : * information.
1274 : : *
1275 : : * Return value: Returns %SHISHI_OK iff successful.
1276 : : **/
1277 : : int
1278 : 0 : shishi_encrypt_iv_etype (Shishi * handle,
1279 : : Shishi_key * key,
1280 : : int keyusage,
1281 : : int32_t etype,
1282 : : const char *iv, size_t ivlen,
1283 : : const char *in, size_t inlen,
1284 : : char **out, size_t * outlen)
1285 : : {
1286 : 0 : return shishi_encrypt_ivupdate_etype (handle, key, keyusage, etype,
1287 : : iv, ivlen, NULL, NULL,
1288 : : in, inlen, out, outlen);
1289 : : }
1290 : :
1291 : : /**
1292 : : * shishi_encrypt_etype:
1293 : : * @handle: shishi handle as allocated by shishi_init().
1294 : : * @key: key to encrypt with.
1295 : : * @keyusage: integer specifying what this key is encrypting.
1296 : : * @etype: integer specifying what cipher to use.
1297 : : * @in: input array with data to encrypt.
1298 : : * @inlen: size of input array with data to encrypt.
1299 : : * @out: output array with newly allocated encrypted data.
1300 : : * @outlen: output variable with size of newly allocated output array.
1301 : : *
1302 : : * Encrypts data as per encryption method using specified
1303 : : * initialization vector and key. The key actually used is derived
1304 : : * using the key usage. If key usage is 0, no key derivation is used.
1305 : : * The OUT buffer must be deallocated by the caller. The default IV
1306 : : * is used, see shishi_encrypt_iv_etype if you need to alter it. The
1307 : : * next IV is lost, see shishi_encrypt_ivupdate_etype if you need it.
1308 : : *
1309 : : * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1310 : : * exactly. Some encryption types add pad to make the data fit into
1311 : : * the block size of the encryption algorithm. Furthermore, the pad
1312 : : * is not guaranteed to look in any special way, although existing
1313 : : * implementations often pad with the zero byte. This means that you
1314 : : * may have to "frame" data, so it is possible to infer the original
1315 : : * length after decryption. Compare ASN.1 DER which contains such
1316 : : * information.
1317 : : *
1318 : : * Return value: Returns %SHISHI_OK iff successful.
1319 : : **/
1320 : : int
1321 : 0 : shishi_encrypt_etype (Shishi * handle,
1322 : : Shishi_key * key,
1323 : : int keyusage,
1324 : : int32_t etype,
1325 : : const char *in, size_t inlen,
1326 : : char **out, size_t * outlen)
1327 : : {
1328 : 0 : return shishi_encrypt_ivupdate_etype (handle, key, keyusage,
1329 : : shishi_key_type (key),
1330 : : NULL, 0, NULL, NULL,
1331 : : in, inlen, out, outlen);
1332 : : }
1333 : :
1334 : : /**
1335 : : * shishi_encrypt_ivupdate:
1336 : : * @handle: shishi handle as allocated by shishi_init().
1337 : : * @key: key to encrypt with.
1338 : : * @keyusage: integer specifying what this key is encrypting.
1339 : : * @iv: input array with initialization vector
1340 : : * @ivlen: size of input array with initialization vector.
1341 : : * @ivout: output array with newly allocated updated initialization vector.
1342 : : * @ivoutlen: size of output array with updated initialization vector.
1343 : : * @in: input array with data to encrypt.
1344 : : * @inlen: size of input array with data to encrypt.
1345 : : * @out: output array with newly allocated encrypted data.
1346 : : * @outlen: output variable with size of newly allocated output array.
1347 : : *
1348 : : * Encrypts data using specified initialization vector and key. The
1349 : : * key actually used is derived using the key usage. If key usage is
1350 : : * 0, no key derivation is used. The OUT buffer must be deallocated
1351 : : * by the caller. If IVOUT or IVOUTLEN is NULL, the updated IV is not
1352 : : * saved anywhere.
1353 : : *
1354 : : * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1355 : : * exactly. Some encryption types add pad to make the data fit into
1356 : : * the block size of the encryption algorithm. Furthermore, the pad
1357 : : * is not guaranteed to look in any special way, although existing
1358 : : * implementations often pad with the zero byte. This means that you
1359 : : * may have to "frame" data, so it is possible to infer the original
1360 : : * length after decryption. Compare ASN.1 DER which contains such
1361 : : * information.
1362 : : *
1363 : : * Return value: Returns %SHISHI_OK iff successful.
1364 : : **/
1365 : : int
1366 : 0 : shishi_encrypt_ivupdate (Shishi * handle,
1367 : : Shishi_key * key,
1368 : : int keyusage,
1369 : : const char *iv, size_t ivlen,
1370 : : char **ivout, size_t * ivoutlen,
1371 : : const char *in, size_t inlen,
1372 : : char **out, size_t * outlen)
1373 : : {
1374 : 0 : return shishi_encrypt_ivupdate_etype (handle, key, keyusage,
1375 : : shishi_key_type (key),
1376 : : iv, ivlen, ivout, ivoutlen,
1377 : : in, inlen, out, outlen);
1378 : : }
1379 : :
1380 : : /**
1381 : : * shishi_encrypt_iv:
1382 : : * @handle: shishi handle as allocated by shishi_init().
1383 : : * @key: key to encrypt with.
1384 : : * @keyusage: integer specifying what this key is encrypting.
1385 : : * @iv: input array with initialization vector
1386 : : * @ivlen: size of input array with initialization vector.
1387 : : * @in: input array with data to encrypt.
1388 : : * @inlen: size of input array with data to encrypt.
1389 : : * @out: output array with newly allocated encrypted data.
1390 : : * @outlen: output variable with size of newly allocated output array.
1391 : : *
1392 : : * Encrypts data using specified initialization vector and key. The
1393 : : * key actually used is derived using the key usage. If key usage is
1394 : : * 0, no key derivation is used. The OUT buffer must be deallocated
1395 : : * by the caller. The next IV is lost, see shishi_encrypt_ivupdate if
1396 : : * you need it.
1397 : : *
1398 : : * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1399 : : * exactly. Some encryption types add pad to make the data fit into
1400 : : * the block size of the encryption algorithm. Furthermore, the pad
1401 : : * is not guaranteed to look in any special way, although existing
1402 : : * implementations often pad with the zero byte. This means that you
1403 : : * may have to "frame" data, so it is possible to infer the original
1404 : : * length after decryption. Compare ASN.1 DER which contains such
1405 : : * information.
1406 : : *
1407 : : * Return value: Returns %SHISHI_OK iff successful.
1408 : : **/
1409 : : int
1410 : 0 : shishi_encrypt_iv (Shishi * handle,
1411 : : Shishi_key * key,
1412 : : int keyusage,
1413 : : const char *iv, size_t ivlen,
1414 : : const char *in, size_t inlen, char **out, size_t * outlen)
1415 : : {
1416 : 0 : return shishi_encrypt_ivupdate_etype (handle, key, keyusage,
1417 : : shishi_key_type (key),
1418 : : iv, ivlen, NULL, NULL,
1419 : : in, inlen, out, outlen);
1420 : : }
1421 : :
1422 : : /**
1423 : : * shishi_encrypt:
1424 : : * @handle: shishi handle as allocated by shishi_init().
1425 : : * @key: key to encrypt with.
1426 : : * @keyusage: integer specifying what this key is encrypting.
1427 : : * @in: input array with data to encrypt.
1428 : : * @inlen: size of input array with data to encrypt.
1429 : : * @out: output array with newly allocated encrypted data.
1430 : : * @outlen: output variable with size of newly allocated output array.
1431 : : *
1432 : : * Encrypts data using specified key. The key actually used is
1433 : : * derived using the key usage. If key usage is 0, no key derivation
1434 : : * is used. The OUT buffer must be deallocated by the caller. The
1435 : : * default IV is used, see shishi_encrypt_iv if you need to alter it.
1436 : : * The next IV is lost, see shishi_encrypt_ivupdate if you need it.
1437 : : *
1438 : : * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1439 : : * exactly. Some encryption types add pad to make the data fit into
1440 : : * the block size of the encryption algorithm. Furthermore, the pad
1441 : : * is not guaranteed to look in any special way, although existing
1442 : : * implementations often pad with the zero byte. This means that you
1443 : : * may have to "frame" data, so it is possible to infer the original
1444 : : * length after decryption. Compare ASN.1 DER which contains such
1445 : : * information.
1446 : : *
1447 : : * Return value: Returns %SHISHI_OK iff successful.
1448 : : **/
1449 : : int
1450 : 1086 : shishi_encrypt (Shishi * handle,
1451 : : Shishi_key * key,
1452 : : int keyusage,
1453 : : char *in, size_t inlen, char **out, size_t * outlen)
1454 : : {
1455 : 1086 : return shishi_encrypt_ivupdate_etype (handle, key, keyusage,
1456 : : shishi_key_type (key),
1457 : : NULL, 0, NULL, NULL,
1458 : : in, inlen, out, outlen);
1459 : : }
1460 : :
1461 : : /**
1462 : : * shishi_decrypt_ivupdate_etype:
1463 : : * @handle: shishi handle as allocated by shishi_init().
1464 : : * @key: key to decrypt with.
1465 : : * @keyusage: integer specifying what this key is decrypting.
1466 : : * @etype: integer specifying what cipher to use.
1467 : : * @iv: input array with initialization vector
1468 : : * @ivlen: size of input array with initialization vector.
1469 : : * @ivout: output array with newly allocated updated initialization vector.
1470 : : * @ivoutlen: size of output array with updated initialization vector.
1471 : : * @in: input array with data to decrypt.
1472 : : * @inlen: size of input array with data to decrypt.
1473 : : * @out: output array with newly allocated decrypted data.
1474 : : * @outlen: output variable with size of newly allocated output array.
1475 : : *
1476 : : * Decrypts data as per encryption method using specified
1477 : : * initialization vector and key. The key actually used is derived
1478 : : * using the key usage. If key usage is 0, no key derivation is used.
1479 : : * The OUT buffer must be deallocated by the caller. If IVOUT or
1480 : : * IVOUTLEN is NULL, the updated IV is not saved anywhere.
1481 : : *
1482 : : * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1483 : : * exactly. Some encryption types add pad to make the data fit into
1484 : : * the block size of the encryption algorithm. Furthermore, the pad
1485 : : * is not guaranteed to look in any special way, although existing
1486 : : * implementations often pad with the zero byte. This means that you
1487 : : * may have to "frame" data, so it is possible to infer the original
1488 : : * length after decryption. Compare ASN.1 DER which contains such
1489 : : * information.
1490 : : *
1491 : : * Return value: Returns %SHISHI_OK iff successful.
1492 : : **/
1493 : : int
1494 : 336 : shishi_decrypt_ivupdate_etype (Shishi * handle,
1495 : : Shishi_key * key,
1496 : : int keyusage,
1497 : : int32_t etype,
1498 : : const char *iv, size_t ivlen,
1499 : : char **ivout, size_t * ivoutlen,
1500 : : const char *in, size_t inlen,
1501 : : char **out, size_t * outlen)
1502 : : {
1503 : : Shishi_decrypt_function decrypt;
1504 : : int res;
1505 : :
1506 [ - + ]: 336 : if (VERBOSECRYPTO (handle))
1507 : : {
1508 : 0 : printf ("decrypt (type=%s, usage=%d, key, in, out)\n",
1509 : : shishi_key_name (key), keyusage);
1510 : 0 : printf ("\t ;; key (%d):\n", shishi_key_length (key));
1511 : 0 : _shishi_hexprint (shishi_key_value (key), shishi_key_length (key));
1512 : 0 : printf ("\t ;; in (%d):\n", inlen);
1513 : 0 : _shishi_escapeprint (in, inlen);
1514 : 0 : _shishi_hexprint (in, inlen);
1515 [ # # ]: 0 : if (iv)
1516 : : {
1517 : 0 : printf ("\t ;; iv (%d):\n", ivlen);
1518 : 0 : _shishi_escapeprint (iv, ivlen);
1519 : 0 : _shishi_hexprint (iv, ivlen);
1520 : : }
1521 : : }
1522 : :
1523 : 336 : decrypt = _shishi_cipher_decrypt (etype);
1524 [ - + ]: 336 : if (decrypt == NULL)
1525 : : {
1526 : 0 : shishi_error_printf (handle, "Unsupported keytype %d",
1527 : : shishi_key_type (key));
1528 : 0 : return SHISHI_CRYPTO_ERROR;
1529 : : }
1530 : :
1531 : 336 : res = (*decrypt) (handle, key, keyusage,
1532 : : iv, ivlen, ivout, ivoutlen, in, inlen, out, outlen);
1533 : :
1534 [ - + ]: 336 : if (VERBOSECRYPTO (handle))
1535 : : {
1536 [ # # ]: 0 : if (res == SHISHI_OK)
1537 : : {
1538 : 0 : printf ("\t ;; decrypt out:\n");
1539 : 0 : _shishi_escapeprint (*out, *outlen);
1540 : 0 : _shishi_hexprint (*out, *outlen);
1541 : : }
1542 : : else
1543 : : {
1544 : 0 : printf ("\t ;; decrypt out failed %d\n", res);
1545 : : }
1546 : : }
1547 : :
1548 : 336 : return res;
1549 : : }
1550 : :
1551 : : /**
1552 : : * shishi_decrypt_iv_etype:
1553 : : * @handle: shishi handle as allocated by shishi_init().
1554 : : * @key: key to decrypt with.
1555 : : * @keyusage: integer specifying what this key is decrypting.
1556 : : * @etype: integer specifying what cipher to use.
1557 : : * @iv: input array with initialization vector
1558 : : * @ivlen: size of input array with initialization vector.
1559 : : * @in: input array with data to decrypt.
1560 : : * @inlen: size of input array with data to decrypt.
1561 : : * @out: output array with newly allocated decrypted data.
1562 : : * @outlen: output variable with size of newly allocated output array.
1563 : : *
1564 : : * Decrypts data as per encryption method using specified
1565 : : * initialization vector and key. The key actually used is derived
1566 : : * using the key usage. If key usage is 0, no key derivation is used.
1567 : : * The OUT buffer must be deallocated by the caller. The next IV is
1568 : : * lost, see shishi_decrypt_ivupdate_etype if you need it.
1569 : : *
1570 : : * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1571 : : * exactly. Some encryption types add pad to make the data fit into
1572 : : * the block size of the encryption algorithm. Furthermore, the pad
1573 : : * is not guaranteed to look in any special way, although existing
1574 : : * implementations often pad with the zero byte. This means that you
1575 : : * may have to "frame" data, so it is possible to infer the original
1576 : : * length after decryption. Compare ASN.1 DER which contains such
1577 : : * information.
1578 : : *
1579 : : * Return value: Returns %SHISHI_OK iff successful.
1580 : : **/
1581 : : int
1582 : 0 : shishi_decrypt_iv_etype (Shishi * handle,
1583 : : Shishi_key * key,
1584 : : int keyusage,
1585 : : int32_t etype,
1586 : : const char *iv, size_t ivlen,
1587 : : const char *in, size_t inlen,
1588 : : char **out, size_t * outlen)
1589 : : {
1590 : 0 : return shishi_decrypt_ivupdate_etype (handle, key, keyusage, etype,
1591 : : iv, ivlen, NULL, NULL,
1592 : : in, inlen, out, outlen);
1593 : : }
1594 : :
1595 : : /**
1596 : : * shishi_decrypt_etype:
1597 : : * @handle: shishi handle as allocated by shishi_init().
1598 : : * @key: key to decrypt with.
1599 : : * @keyusage: integer specifying what this key is decrypting.
1600 : : * @etype: integer specifying what cipher to use.
1601 : : * @in: input array with data to decrypt.
1602 : : * @inlen: size of input array with data to decrypt.
1603 : : * @out: output array with newly allocated decrypted data.
1604 : : * @outlen: output variable with size of newly allocated output array.
1605 : : *
1606 : : * Decrypts data as per encryption method using specified key. The
1607 : : * key actually used is derived using the key usage. If key usage is
1608 : : * 0, no key derivation is used. The OUT buffer must be deallocated
1609 : : * by the caller. The default IV is used, see shishi_decrypt_iv_etype
1610 : : * if you need to alter it. The next IV is lost, see
1611 : : * shishi_decrypt_ivupdate_etype if you need it.
1612 : : *
1613 : : * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1614 : : * exactly. Some encryption types add pad to make the data fit into
1615 : : * the block size of the encryption algorithm. Furthermore, the pad
1616 : : * is not guaranteed to look in any special way, although existing
1617 : : * implementations often pad with the zero byte. This means that you
1618 : : * may have to "frame" data, so it is possible to infer the original
1619 : : * length after decryption. Compare ASN.1 DER which contains such
1620 : : * information.
1621 : : *
1622 : : * Return value: Returns %SHISHI_OK iff successful.
1623 : : **/
1624 : : int
1625 : 0 : shishi_decrypt_etype (Shishi * handle,
1626 : : Shishi_key * key,
1627 : : int keyusage,
1628 : : int32_t etype,
1629 : : const char *in, size_t inlen,
1630 : : char **out, size_t * outlen)
1631 : : {
1632 : 0 : return shishi_decrypt_ivupdate_etype (handle, key, keyusage, etype,
1633 : : NULL, 0, NULL, NULL,
1634 : : in, inlen, out, outlen);
1635 : : }
1636 : :
1637 : : /**
1638 : : * shishi_decrypt_ivupdate:
1639 : : * @handle: shishi handle as allocated by shishi_init().
1640 : : * @key: key to decrypt with.
1641 : : * @keyusage: integer specifying what this key is decrypting.
1642 : : * @iv: input array with initialization vector
1643 : : * @ivlen: size of input array with initialization vector.
1644 : : * @ivout: output array with newly allocated updated initialization vector.
1645 : : * @ivoutlen: size of output array with updated initialization vector.
1646 : : * @in: input array with data to decrypt.
1647 : : * @inlen: size of input array with data to decrypt.
1648 : : * @out: output array with newly allocated decrypted data.
1649 : : * @outlen: output variable with size of newly allocated output array.
1650 : : *
1651 : : * Decrypts data using specified initialization vector and key. The
1652 : : * key actually used is derived using the key usage. If key usage is
1653 : : * 0, no key derivation is used. The OUT buffer must be deallocated
1654 : : * by the caller. If IVOUT or IVOUTLEN is NULL, the updated IV is not
1655 : : * saved anywhere.
1656 : : *
1657 : : * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1658 : : * exactly. Some encryption types add pad to make the data fit into
1659 : : * the block size of the encryption algorithm. Furthermore, the pad
1660 : : * is not guaranteed to look in any special way, although existing
1661 : : * implementations often pad with the zero byte. This means that you
1662 : : * may have to "frame" data, so it is possible to infer the original
1663 : : * length after decryption. Compare ASN.1 DER which contains such
1664 : : * information.
1665 : : *
1666 : : * Return value: Returns %SHISHI_OK iff successful.
1667 : : **/
1668 : : int
1669 : 0 : shishi_decrypt_ivupdate (Shishi * handle,
1670 : : Shishi_key * key,
1671 : : int keyusage,
1672 : : const char *iv, size_t ivlen,
1673 : : char **ivout, size_t * ivoutlen,
1674 : : const char *in, size_t inlen,
1675 : : char **out, size_t * outlen)
1676 : : {
1677 : 0 : return shishi_decrypt_ivupdate_etype (handle, key, keyusage,
1678 : : shishi_key_type (key),
1679 : : iv, ivlen, ivout, ivoutlen,
1680 : : in, inlen, out, outlen);
1681 : : }
1682 : :
1683 : : /**
1684 : : * shishi_decrypt_iv:
1685 : : * @handle: shishi handle as allocated by shishi_init().
1686 : : * @key: key to decrypt with.
1687 : : * @keyusage: integer specifying what this key is decrypting.
1688 : : * @iv: input array with initialization vector
1689 : : * @ivlen: size of input array with initialization vector.
1690 : : * @in: input array with data to decrypt.
1691 : : * @inlen: size of input array with data to decrypt.
1692 : : * @out: output array with newly allocated decrypted data.
1693 : : * @outlen: output variable with size of newly allocated output array.
1694 : : *
1695 : : * Decrypts data using specified initialization vector and key. The
1696 : : * key actually used is derived using the key usage. If key usage is
1697 : : * 0, no key derivation is used. The OUT buffer must be deallocated
1698 : : * by the caller. The next IV is lost, see
1699 : : * shishi_decrypt_ivupdate_etype if you need it.
1700 : : *
1701 : : * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1702 : : * exactly. Some encryption types add pad to make the data fit into
1703 : : * the block size of the encryption algorithm. Furthermore, the pad
1704 : : * is not guaranteed to look in any special way, although existing
1705 : : * implementations often pad with the zero byte. This means that you
1706 : : * may have to "frame" data, so it is possible to infer the original
1707 : : * length after decryption. Compare ASN.1 DER which contains such
1708 : : * information.
1709 : : *
1710 : : * Return value: Returns %SHISHI_OK iff successful.
1711 : : **/
1712 : : int
1713 : 0 : shishi_decrypt_iv (Shishi * handle,
1714 : : Shishi_key * key,
1715 : : int keyusage,
1716 : : const char *iv, size_t ivlen,
1717 : : const char *in, size_t inlen, char **out, size_t * outlen)
1718 : : {
1719 : 0 : return shishi_decrypt_ivupdate_etype (handle, key, keyusage,
1720 : : shishi_key_type (key),
1721 : : iv, ivlen, NULL, NULL,
1722 : : in, inlen, out, outlen);
1723 : : }
1724 : :
1725 : : /**
1726 : : * shishi_decrypt:
1727 : : * @handle: shishi handle as allocated by shishi_init().
1728 : : * @key: key to decrypt with.
1729 : : * @keyusage: integer specifying what this key is decrypting.
1730 : : * @in: input array with data to decrypt.
1731 : : * @inlen: size of input array with data to decrypt.
1732 : : * @out: output array with newly allocated decrypted data.
1733 : : * @outlen: output variable with size of newly allocated output array.
1734 : : *
1735 : : * Decrypts data specified key. The key actually used is derived
1736 : : * using the key usage. If key usage is 0, no key derivation is used.
1737 : : * The OUT buffer must be deallocated by the caller. The default IV
1738 : : * is used, see shishi_decrypt_iv if you need to alter it. The next
1739 : : * IV is lost, see shishi_decrypt_ivupdate if you need it.
1740 : : *
1741 : : * Note that DECRYPT(ENCRYPT(data)) does not necessarily yield data
1742 : : * exactly. Some encryption types add pad to make the data fit into
1743 : : * the block size of the encryption algorithm. Furthermore, the pad
1744 : : * is not guaranteed to look in any special way, although existing
1745 : : * implementations often pad with the zero byte. This means that you
1746 : : * may have to "frame" data, so it is possible to infer the original
1747 : : * length after decryption. Compare ASN.1 DER which contains such
1748 : : * information.
1749 : : *
1750 : : * Return value: Returns %SHISHI_OK iff successful.
1751 : : **/
1752 : : int
1753 : 0 : shishi_decrypt (Shishi * handle,
1754 : : Shishi_key * key,
1755 : : int keyusage,
1756 : : const char *in, size_t inlen, char **out, size_t * outlen)
1757 : : {
1758 : 0 : return shishi_decrypt_ivupdate_etype (handle, key, keyusage,
1759 : : shishi_key_type (key),
1760 : : NULL, 0, NULL, NULL,
1761 : : in, inlen, out, outlen);
1762 : : }
1763 : :
1764 : : /**
1765 : : * shishi_n_fold:
1766 : : * @handle: shishi handle as allocated by shishi_init().
1767 : : * @in: input array with data to decrypt.
1768 : : * @inlen: size of input array with data to decrypt ("M").
1769 : : * @out: output array with decrypted data.
1770 : : * @outlen: size of output array ("N").
1771 : : *
1772 : : * Fold data into a fixed length output array, with the intent to give
1773 : : * each input bit approximately equal weight in determining the value
1774 : : * of each output bit.
1775 : : *
1776 : : * The algorithm is from "A Better Key Schedule For DES-like Ciphers"
1777 : : * by Uri Blumenthal and Steven M. Bellovin,
1778 : : * http://www.research.att.com/~smb/papers/ides.pdf, although the
1779 : : * sample vectors provided by the paper are incorrect.
1780 : : *
1781 : : * Return value: Returns %SHISHI_OK iff successful.
1782 : : **/
1783 : : int
1784 : 664 : shishi_n_fold (Shishi * handle,
1785 : : const char *in, size_t inlen, char *out, size_t outlen)
1786 : : {
1787 : 664 : int m = inlen;
1788 : 664 : int n = outlen;
1789 : 664 : char *buf = NULL;
1790 : 664 : char *a = NULL;
1791 : 664 : int lcmmn = 0;
1792 : 664 : int i = 0;
1793 : :
1794 : : /*
1795 : : To n-fold a number X, replicate the input value to a length that is
1796 : : the least common multiple of n and the length of X. Before each
1797 : : repetition, the input is rotated to the right by 13 bit
1798 : : positions. The successive n-bit chunks are added together using
1799 : : 1's-complement addition (that is, addition with end-around carry)
1800 : : to yield a n-bit result denoted <X>_n.
1801 : : */
1802 : :
1803 : 664 : a = xmemdup (in, m);
1804 : :
1805 : 664 : lcmmn = lcm (m, n);
1806 : :
1807 [ - + ]: 664 : if (VERBOSECRYPTONOISE (handle))
1808 : : {
1809 : 0 : printf ("%d-fold (string)\n", n * 8);
1810 : 0 : printf ("\t ;; string length %d bytes %d bits\n", m, m * 8);
1811 : 0 : _shishi_escapeprint (a, m);
1812 : 0 : _shishi_hexprint (a, m);
1813 : 0 : printf ("\t ;; lcm(%d, %d) = lcm(%d, %d) = %d\n",
1814 : : 8 * m, 8 * n, m, n, lcmmn);
1815 : : }
1816 : :
1817 : 664 : buf = xmalloc (lcmmn);
1818 : :
1819 : : /* Replicate the input th the LCMMN length */
1820 [ + + ]: 10553 : for (i = 0; i < (lcmmn / m); i++)
1821 : : {
1822 [ - + ]: 9889 : if (VERBOSECRYPTONOISE (handle))
1823 : : {
1824 : 0 : printf ("\t ;; %d-th replication\n", i + 1);
1825 : 0 : printf ("string = rot13(string)\n");
1826 : : }
1827 : :
1828 : 9889 : memcpy ((char *) &buf[i * m], a, m);
1829 : 9889 : rot13 (handle, a, a, m);
1830 : : }
1831 : :
1832 : 664 : memset (out, 0, n); /* just in case */
1833 : :
1834 [ - + ]: 664 : if (VERBOSECRYPTONOISE (handle))
1835 : : {
1836 : 0 : printf ("\t ;; replicated string (length %d):\n", lcmmn);
1837 : 0 : _shishi_hexprint (buf, lcmmn);
1838 : 0 : _shishi_binprint (buf, lcmmn);
1839 : 0 : printf ("sum = 0\n");
1840 : : }
1841 : :
1842 : : /* Now we view the buf as set of n-byte strings
1843 : : Add the n-byte long chunks together, using
1844 : : one's complement addition, storing the
1845 : : result in the output string. */
1846 : :
1847 [ + + ]: 4053 : for (i = 0; i < (lcmmn / n); i++)
1848 : : {
1849 [ - + ]: 3389 : if (VERBOSECRYPTONOISE (handle))
1850 : : {
1851 : 0 : printf ("\t ;; %d-th one's complement addition sum\n", i + 1);
1852 : 0 : printf ("\t ;; sum:\n");
1853 : 0 : _shishi_hexprint (out, n);
1854 : 0 : _shishi_binprint (out, n);
1855 : 0 : printf ("\t ;; A (offset %d):\n", i * n);
1856 : 0 : _shishi_hexprint (&buf[i * n], n);
1857 : 0 : _shishi_binprint (&buf[i * n], n);
1858 : 0 : printf ("sum = ocadd(sum, A);\n");
1859 : : }
1860 : :
1861 : 3389 : ocadd (out, (char *) &buf[i * n], out, n);
1862 : :
1863 [ - + ]: 3389 : if (VERBOSECRYPTONOISE (handle))
1864 : : {
1865 : 0 : printf ("\t ;; sum:\n");
1866 : 0 : _shishi_hexprint (out, n);
1867 : 0 : _shishi_binprint (out, n);
1868 : : }
1869 : : }
1870 : :
1871 [ - + ]: 664 : if (VERBOSECRYPTONOISE (handle))
1872 : : {
1873 : 0 : printf ("\t ;; nfold\n");
1874 : 0 : _shishi_hexprint (out, n);
1875 : 0 : _shishi_binprint (out, n);
1876 : : }
1877 : :
1878 : 664 : free (buf);
1879 : 664 : free (a);
1880 : :
1881 : 664 : return SHISHI_OK;
1882 : : }
1883 : :
1884 : : #define MAX_DR_PRFCONSTANT 1024
1885 : :
1886 : : /**
1887 : : * shishi_dr:
1888 : : * @handle: shishi handle as allocated by shishi_init().
1889 : : * @key: input array with cryptographic key to use.
1890 : : * @prfconstant: input array with the constant string.
1891 : : * @prfconstantlen: size of input array with the constant string.
1892 : : * @derivedrandom: output array with derived random data.
1893 : : * @derivedrandomlen: size of output array with derived random data.
1894 : : *
1895 : : * Derive "random" data from a key and a constant thusly:
1896 : : * DR(KEY, PRFCONSTANT) = TRUNCATE(DERIVEDRANDOMLEN,
1897 : : * SHISHI_ENCRYPT(KEY, PRFCONSTANT)).
1898 : : *
1899 : : * Return value: Returns %SHISHI_OK iff successful.
1900 : : **/
1901 : : int
1902 : 653 : shishi_dr (Shishi * handle,
1903 : : Shishi_key * key,
1904 : : const char *prfconstant, size_t prfconstantlen,
1905 : : char *derivedrandom, size_t derivedrandomlen)
1906 : : {
1907 : : char *cipher;
1908 : : char plaintext[MAX_DR_PRFCONSTANT];
1909 : : char nfoldprfconstant[MAX_DR_PRFCONSTANT];
1910 : 653 : size_t blocksize = shishi_cipher_blocksize (shishi_key_type (key));
1911 : : size_t totlen, cipherlen;
1912 : : int res;
1913 : :
1914 [ - + ]: 653 : if (VERBOSECRYPTO (handle))
1915 : : {
1916 : 0 : printf ("dr (%s, key, prfconstant, %d)\n",
1917 : : shishi_cipher_name (shishi_key_type (key)), derivedrandomlen);
1918 : 0 : printf ("\t ;; key (length %d):\n", shishi_key_length (key));
1919 : 0 : _shishi_hexprint (shishi_key_value (key), shishi_key_length (key));
1920 : 0 : _shishi_binprint (shishi_key_value (key), shishi_key_length (key));
1921 : 0 : printf ("\t ;; prfconstant %s':\n", prfconstant);
1922 : 0 : _shishi_escapeprint (prfconstant, prfconstantlen);
1923 : 0 : _shishi_hexprint (prfconstant, prfconstantlen);
1924 : 0 : _shishi_binprint (prfconstant, prfconstantlen);
1925 : : }
1926 : :
1927 [ - + ]: 653 : if (prfconstantlen > MAX_DR_PRFCONSTANT)
1928 : 0 : return SHISHI_TOO_SMALL_BUFFER;
1929 : :
1930 [ + + ]: 653 : if (prfconstantlen == blocksize)
1931 : 7 : memcpy (nfoldprfconstant, prfconstant, prfconstantlen);
1932 : : else
1933 : : {
1934 : 646 : res = shishi_n_fold (handle, prfconstant, prfconstantlen,
1935 : : nfoldprfconstant, blocksize);
1936 [ - + ]: 646 : if (res != SHISHI_OK)
1937 : 0 : return res;
1938 : : }
1939 : :
1940 [ - + ]: 653 : if (VERBOSECRYPTO (handle))
1941 : : {
1942 : 0 : printf ("\t ;; possibly nfolded prfconstant (length %d):\n", blocksize);
1943 : 0 : _shishi_escapeprint (nfoldprfconstant, blocksize);
1944 : 0 : _shishi_hexprint (nfoldprfconstant, blocksize);
1945 : 0 : _shishi_binprint (nfoldprfconstant, blocksize);
1946 : : }
1947 : :
1948 : 653 : memcpy (plaintext, nfoldprfconstant, blocksize);
1949 : :
1950 : 653 : totlen = 0;
1951 : : do
1952 : : {
1953 : 1086 : res = shishi_encrypt (handle, key, 0, plaintext, blocksize,
1954 : : &cipher, &cipherlen);
1955 [ - + ]: 1086 : if (res != SHISHI_OK)
1956 : 0 : return res;
1957 [ - + ]: 1086 : if (cipherlen != blocksize)
1958 : 0 : return SHISHI_CRYPTO_ERROR;
1959 : 1086 : memcpy (derivedrandom + totlen, cipher, cipherlen);
1960 : 1086 : memcpy (plaintext, cipher, cipherlen);
1961 : 1086 : free (cipher);
1962 : 1086 : totlen += cipherlen;
1963 : : }
1964 [ + + ]: 1086 : while (totlen < derivedrandomlen);
1965 : :
1966 [ - + ]: 653 : if (VERBOSECRYPTO (handle))
1967 : : {
1968 : 0 : printf ("\t ;; derived random (length %d):\n", derivedrandomlen);
1969 : 0 : _shishi_hexprint (derivedrandom, derivedrandomlen);
1970 : 0 : _shishi_binprint (derivedrandom, derivedrandomlen);
1971 : : }
1972 : :
1973 : 653 : return SHISHI_OK;
1974 : : }
1975 : :
1976 : : /**
1977 : : * shishi_dk:
1978 : : * @handle: shishi handle as allocated by shishi_init().
1979 : : * @key: input cryptographic key to use.
1980 : : * @prfconstant: input array with the constant string.
1981 : : * @prfconstantlen: size of input array with the constant string.
1982 : : * @derivedkey: pointer to derived key (allocated by caller).
1983 : : *
1984 : : * Derive a key from a key and a constant thusly:
1985 : : * DK(KEY, PRFCONSTANT) = SHISHI_RANDOM-TO-KEY(SHISHI_DR(KEY, PRFCONSTANT)).
1986 : : *
1987 : : * Return value: Returns %SHISHI_OK iff successful.
1988 : : **/
1989 : : int
1990 : 644 : shishi_dk (Shishi * handle,
1991 : : Shishi_key * key,
1992 : : const char *prfconstant, size_t prfconstantlen,
1993 : : Shishi_key * derivedkey)
1994 : : {
1995 : : char rnd[MAX_RANDOM_LEN];
1996 : : int res;
1997 : :
1998 [ - + ]: 644 : if (VERBOSECRYPTO (handle))
1999 : : {
2000 : 0 : printf ("dk (%s, key, prfconstant)\n", shishi_key_name (key));
2001 : 0 : printf ("\t ;; key (length %d):\n", shishi_key_length (key));
2002 : 0 : _shishi_hexprint (shishi_key_value (key), shishi_key_length (key));
2003 : 0 : _shishi_binprint (shishi_key_value (key), shishi_key_length (key));
2004 : 0 : printf ("\t ;; prfconstant:\n");
2005 : 0 : _shishi_escapeprint (prfconstant, prfconstantlen);
2006 : 0 : _shishi_hexprint (prfconstant, prfconstantlen);
2007 : 0 : _shishi_binprint (prfconstant, prfconstantlen);
2008 : : }
2009 : :
2010 : 644 : shishi_key_type_set (derivedkey, shishi_key_type (key));
2011 : :
2012 : 644 : res = shishi_dr (handle, key, prfconstant, prfconstantlen, rnd,
2013 : : shishi_key_length (derivedkey));
2014 [ - + ]: 644 : if (res != SHISHI_OK)
2015 : 0 : return res;
2016 : :
2017 : 644 : res = shishi_random_to_key (handle, shishi_key_type (derivedkey),
2018 : : rnd, shishi_key_length (derivedkey),
2019 : : derivedkey);
2020 [ - + ]: 644 : if (res != SHISHI_OK)
2021 : 0 : return res;
2022 : :
2023 : 644 : return SHISHI_OK;
2024 : : }
|
