2 * Blowfish mechanism for udp tunnel
4 * mechanisms: blowfish-cbc, blowfish-cbcmac
5 * arguments: key size in bits (must be multiple of 8)
7 * key values: 8 byte random IV and n byte random key
9 * restrictions: plaintext length must be multiple of block size (8 bytes)
10 * encoding: do CBC encryption overwriting message
11 * encoding for MAC: do CBC and prepend last ciphertext block
14 * This file is part of ipif, part of userv-utils
16 * Copyright 1996-2013 Ian Jackson <ijackson@chiark.greenend.org.uk>
17 * Copyright 1998 David Damerell <damerell@chiark.greenend.org.uk>
19 * Chancellor Masters and Scholars of the University of Cambridge
20 * Copyright 2010 Tony Finch <fanf@dotat.at>
22 * This is free software; you can redistribute it and/or modify it
23 * under the terms of the GNU General Public License as published by
24 * the Free Software Foundation; either version 3 of the License, or
25 * (at your option) any later version.
27 * This program is distributed in the hope that it will be useful, but
28 * WITHOUT ANY WARRANTY; without even the implied warranty of
29 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
30 * General Public License for more details.
32 * You should have received a copy of the GNU General Public License
33 * along with userv-utils; if not, see http://www.gnu.org/licenses/.
36 #include "forwarder.h"
40 unsigned char iv[BLOWFISH_BLOCKBYTES];
41 struct blowfish_cbc_state cbc;
44 static void mds_blowfish(struct mechdata **md_r) {
46 unsigned long keysize;
47 unsigned char key[BLOWFISH_MAXKEYBYTES];
51 keysize= getarg_ulong();
52 arg_assert(!(keysize & 7));
54 arg_assert(keysize > 0 && keysize <= BLOWFISH_MAXKEYBYTES);
56 random_key(md->iv,sizeof(md->iv));
57 random_key(key,keysize);
59 blowfish_loadkey(&md->cbc.ek, key,keysize);
63 static void mes_blowfish(struct mechdata **md_r, int *maxprefix_io, int *maxsuffix_io) {
67 static void mds_bfmac(struct mechdata **md_r) {
71 static void mes_bfmac(struct mechdata **md_r, int *maxprefix_io, int *maxsuffix_io) {
73 *maxprefix_io += BLOWFISH_BLOCKBYTES;
78 arg_assert(!(msgsize & (BLOWFISH_BLOCKBYTES-1)));
82 if (msgsize & (BLOWFISH_BLOCKBYTES-1)) return "not multiple of block size"
84 #define FOREACH_BLOCK(func,inptr,outptr) \
87 blowfish_cbc_setiv(&md->cbc, md->iv); \
88 for (ptr= buf->start; \
89 ptr < buf->start + msgsize; \
90 ptr += BLOWFISH_BLOCKBYTES) { \
91 func(&md->cbc,inptr,outptr); \
95 static void menc_blowfish(struct mechdata *md, struct buffer *buf) {
96 unsigned long msgsize;
98 FOREACH_BLOCK(blowfish_cbc_encrypt,ptr,ptr);
101 static const char *mdec_blowfish(struct mechdata *md, struct buffer *buf) {
102 unsigned long msgsize;
104 FOREACH_BLOCK(blowfish_cbc_decrypt,ptr,ptr);
108 static void menc_bfmac(struct mechdata *md, struct buffer *buf) {
109 unsigned long msgsize;
110 unsigned char outblock[BLOWFISH_BLOCKBYTES];
113 FOREACH_BLOCK(blowfish_cbc_encrypt,ptr,outblock);
114 memcpy(buf_prepend(buf,BLOWFISH_BLOCKBYTES), outblock, BLOWFISH_BLOCKBYTES);
117 static const char *mdec_bfmac(struct mechdata *md, struct buffer *buf) {
118 unsigned long msgsize;
119 unsigned char outblock[BLOWFISH_BLOCKBYTES];
120 unsigned char *checkblock;
122 BUF_UNPREPEND(checkblock,buf,BLOWFISH_BLOCKBYTES);
124 FOREACH_BLOCK(blowfish_cbc_encrypt,ptr,outblock);
125 if (memcmp(checkblock,outblock,BLOWFISH_BLOCKBYTES)) return "verify failed";
129 const struct mechanism mechlist_blowfish[]= {
130 STANDARD_MECHANISM("blowfish-cbcmac", bfmac)
131 STANDARD_MECHANISM("blowfish-cbc", blowfish)