[chiark-tcl.git] / crypto / crypto.c

/*
 */

#include <endian.h>

#include "hbytes.h"
#include "tables.h"
#include "serpent.h"

void memxor(Byte *dest, const Byte *src, int l) {
  while (l--) *dest++ ^= *src++;
}

const PadMethod padmethods[]= {
  { "un", 0, 0 },
  { "ua", 0, 1 },
  { "pn", 1, 0 },
  { "pa", 1, 1 },
  { 0 }
};

int do_hbytes_pkcs5(ClientData cd, Tcl_Interp *ip,
                    const PadMethod *meth, HBytes_Var v, Tcl_Obj *block,
                    int *ok) {
  int rc, blocksize, padlen, old_len, i;
  Byte *padding;
  const Byte *unpad;
  
  if (meth->use_algname) {
    const BlockCipherAlgInfo *alg;
    alg= enum_lookup_cached(ip,block,blockcipheralginfos,"cipher alg for pad");
    if (!alg) return TCL_ERROR;
    blocksize= alg->blocksize;
  } else {
    rc= Tcl_GetIntFromObj(ip, block, &blocksize);  if (rc) return rc;
    if (blocksize < 1 || blocksize > 255)
      return staticerr(ip, "block size out of pkcs#5 range 1..255");
  }

  if (meth->pad) {
    padlen= blocksize - (hbytes_len(v.hb) % blocksize);
    padding= hbytes_append(v.hb, padlen);
    memset(padding, padlen, padlen);
  } else {
    old_len= hbytes_len(v.hb);  if (old_len % blocksize) goto bad;
    unpad= hbytes_unappend(v.hb, 1);  if (!unpad) goto bad;
    padlen= *unpad;
    if (padlen < 1 || padlen > blocksize) goto bad;
    unpad= hbytes_unappend(v.hb, padlen-1);  if (!unpad) goto bad;
    for (i=0; i<padlen-1; i++, unpad++) if (*unpad != padlen) goto bad;
  }

  *ok= 1;
  return TCL_OK;

 bad:
  *ok= 0;
  return TCL_OK;
}

#define OBJ_CIPHKEY(o) ((CiphKeyValue*)(o)->internalRep.otherValuePtr)

typedef struct {
  int valuelen, bufferslen;
  Byte *value, *buffers;
  const BlockCipherAlgInfo *alg;
  void *encrypt, *decrypt; /* key schedules; each may be 0 */
} CiphKeyValue;

static void freealg(CiphKeyValue *key) {
  TFREE(key->encrypt);
  TFREE(key->decrypt);
}

static void key_t_free(Tcl_Obj *obj) {
  CiphKeyValue *key= OBJ_CIPHKEY(obj);
  freealg(key);
  TFREE(key->value);
  TFREE(key->buffers);
}

static void noalg(CiphKeyValue *key) {
  key->alg= 0;
  key->encrypt= key->decrypt= 0;
}

static void key_t_dup(Tcl_Obj *src_obj, Tcl_Obj *dup_obj) {
  CiphKeyValue *src= OBJ_CIPHKEY(src_obj);
  CiphKeyValue *dup= TALLOC(sizeof(*dup));
  dup->valuelen= src->valuelen;
  dup->value= src->valuelen ? TALLOC(src->valuelen) : 0;
  dup->buffers= 0; dup->bufferslen= 0;
  memcpy(dup->value, src->value, src->valuelen);
  noalg(dup);
  dup_obj->internalRep.otherValuePtr= dup;
}

static void key_t_ustr(Tcl_Obj *o) {
  obj_updatestr_array(o, OBJ_CIPHKEY(o)->value, OBJ_CIPHKEY(o)->valuelen);
}

static int key_t_sfa(Tcl_Interp *ip, Tcl_Obj *o) {
  int rc, l;
  CiphKeyValue *val;

  rc= Tcl_ConvertToType(ip,o,&hbytes_type);  if (rc) return rc;
  val= TALLOC(sizeof(*val));
  val->valuelen= l= hbytes_len(OBJ_HBYTES(o));
  val->value= TALLOC(l);
  val->buffers= 0;
  val->bufferslen= 0;
  memcpy(val->value, hbytes_data(OBJ_HBYTES(o)), l);
  noalg(val);

  objfreeir(o);
  o->internalRep.otherValuePtr= val;
  o->typePtr= &blockcipherkey_type;

  return TCL_OK;
}
  
Tcl_ObjType blockcipherkey_type = {
  "blockcipher-key",
  key_t_free, key_t_dup, key_t_ustr, key_t_sfa
};

int do_hbytes_blockciph(ClientData cd, Tcl_Interp *ip, int encrypt,
                        HBytes_Var v, const BlockCipherAlgInfo *alg,
                        Tcl_Obj *key_obj, const BlockCipherModeInfo *mode,
                        HBytes_Value iv, HBytes_Value *result) {
  int rc, want_bufferslen, data_len, iv_want;
  CiphKeyValue *key;
  const char *failure;
  void *sched, **schedp;

  rc= Tcl_ConvertToType(ip,key_obj,&blockcipherkey_type);  if (rc) return rc;
  key= OBJ_CIPHKEY(key_obj);

  if (key->alg != alg) {
    freealg(key);
    noalg(key);

    if (key->valuelen < alg->key_min) return staticerr(ip, "key too short");
    if (key->valuelen > alg->key_max) return staticerr(ip, "key too long");
    key->alg= alg;
  }

  schedp= (alg->decrypt.make_schedule!=alg->encrypt.make_schedule
           && !encrypt) ? &key->decrypt : &key->encrypt;
  sched= *schedp;
  if (!sched) {
    sched= TALLOC(alg->schedule_size);
    (encrypt ? &alg->encrypt : &alg->decrypt)->make_schedule
      (sched, key->value, key->valuelen);
    *schedp= sched;
  }
  
  want_bufferslen= alg->blocksize * (mode->buf_blocks + mode->iv_blocks);
  if (key->bufferslen < want_bufferslen) {
    TFREE(key->buffers);
    key->buffers= TALLOC(want_bufferslen);
    key->bufferslen= want_bufferslen;
  }

  iv_want= alg->blocksize * mode->iv_blocks;
  if (hbytes_issentinel(&iv)) {
    if (!encrypt) return staticerr(ip,"must supply iv when decrypting");
    rc= get_urandom(ip, key->buffers, iv_want);
    if (rc) return rc;
  } else {
    int iv_supplied= hbytes_len(&iv);
    if (iv_supplied > iv_want)
      return staticerr(ip, "iv too large for algorithm and mode");
    memcpy(key->buffers, hbytes_data(&iv), iv_supplied);
    memset(key->buffers + iv_supplied, 0, iv_want - iv_supplied);
  }

  data_len= hbytes_len(v.hb);
  if (data_len % alg->blocksize)
    return staticerr(ip, "block cipher input not whole number of blocks");

  failure=
    (encrypt ? mode->encrypt : mode->decrypt)
    (hbytes_data(v.hb), data_len / alg->blocksize,
     key->buffers, key->buffers + iv_want,
     alg, encrypt,
     alg->blocksize, sched);

  if (failure)
    return staticerr(ip, failure);

  hbytes_array(result, key->buffers, iv_want);

  return TCL_OK;
}