/*
- * Blowfish
+ * Blowfish mechanism for udp tunnel
*
+ * mechanisms: blowfish-cbc, blowfish-cbcmac
* arguments: key size in bits (must be multiple of 8)
*
* key values: 8 byte random IV and n byte random key
*
+ * restrictions: plaintext length must be multiple of block size (8 bytes)
* encoding: do CBC encryption overwriting message
* encoding for MAC: do CBC and prepend last ciphertext block
*/
+/*
+ * This file is part of ipif, part of userv-utils
+ *
+ * Copyright 1996-2013 Ian Jackson <ijackson@chiark.greenend.org.uk>
+ * Copyright 1998 David Damerell <damerell@chiark.greenend.org.uk>
+ * Copyright 1999,2003
+ * Chancellor Masters and Scholars of the University of Cambridge
+ * Copyright 2010 Tony Finch <fanf@dotat.at>
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with userv-utils; if not, see http://www.gnu.org/licenses/.
+ */
#include "forwarder.h"
#include "blowfish.h"
struct mechdata {
+ unsigned char iv[BLOWFISH_BLOCKBYTES];
struct blowfish_cbc_state cbc;
};
static void mds_blowfish(struct mechdata **md_r) {
struct mechdata *md;
unsigned long keysize;
- unsigned char iv[BLOWFISH_BLOCKBYTES];
unsigned char key[BLOWFISH_MAXKEYBYTES];
- md= xmalloc(sizeof(md));
+ XMALLOC(md);
keysize= getarg_ulong();
arg_assert(!(keysize & 7));
keysize >>= 3;
arg_assert(keysize > 0 && keysize <= BLOWFISH_MAXKEYBYTES);
- random_key(iv,sizeof(iv));
+ random_key(md->iv,sizeof(md->iv));
random_key(key,keysize);
blowfish_loadkey(&md->cbc.ek, key,keysize);
- blowfish_cbc_setiv(&md->cbc, iv);
-
*md_r= md;
}
#define MSGSIZE_OUT \
msgsize= buf->size; \
- arg_assert(!(msgsize & ~BLOWFISH_BLOCKBYTES));
+ arg_assert(!(msgsize & (BLOWFISH_BLOCKBYTES-1)));
#define MSGSIZE_IN \
msgsize= buf->size; \
- if (msgsize & ~BLOWFISH_BLOCKBYTES) return "not multiple of block size"
+ if (msgsize & (BLOWFISH_BLOCKBYTES-1)) return "not multiple of block size"
#define FOREACH_BLOCK(func,inptr,outptr) \
{ \
unsigned char *ptr; \
- ptr= buf->start; \
- while (ptr < buf->start + msgsize) \
+ blowfish_cbc_setiv(&md->cbc, md->iv); \
+ for (ptr= buf->start; \
+ ptr < buf->start + msgsize; \
+ ptr += BLOWFISH_BLOCKBYTES) { \
func(&md->cbc,inptr,outptr); \
+ } \
}
static void menc_blowfish(struct mechdata *md, struct buffer *buf) {