X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=secnet.git;a=blobdiff_plain;f=transform-cbcmac.c;h=5e59e212c71857a922459df8e55878299401be40;hp=69201654da6f9e7c6e80f297f2b92e501f038c15;hb=HEAD;hpb=45a1170652384baf744a5e61d576af534c7b8b14 diff --git a/transform-cbcmac.c b/transform-cbcmac.c index 6920165..b481346 100644 --- a/transform-cbcmac.c +++ b/transform-cbcmac.c @@ -1,5 +1,24 @@ /* Transform module - bulk data transformation */ +/* + * This file is part of secnet. + * See README for full list of copyright holders. + * + * secnet is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * secnet is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 3 along with secnet; if not, see + * https://www.gnu.org/licenses/gpl.html. + */ + /* For now it's hard-coded to do sequence number/pkcs5/serpent-cbcmac/serpent with a 256 bit key for each instance of serpent. We also require key material for the IVs for @@ -18,26 +37,28 @@ /* Required key length in bytes */ #define REQUIRED_KEYLEN ((512+64+32)/8) +#include "transform-common.h" + +struct transform_params { + SEQNUM_PARAMS_FIELDS; +}; + struct transform { closure_t cl; struct transform_if ops; - uint32_t max_seq_skew; + struct transform_params p; }; struct transform_inst { struct transform_inst_if ops; + struct transform_params p; struct keyInstance cryptkey; struct keyInstance mackey; uint32_t cryptiv; uint32_t maciv; - uint32_t sendseq; - uint32_t lastrecvseq; - uint32_t max_skew; - bool_t keyed; + SEQNUM_KEYED_FIELDS; }; -#include "transform-common.h" - #define PKCS5_MASK 15 static bool_t transform_setkey(void *sst, uint8_t *key, int32_t keylen, @@ -63,9 +84,8 @@ static bool_t transform_setkey(void *sst, uint8_t *key, int32_t keylen, serpentbe_makekey(&ti->mackey,256,key+32); ti->cryptiv=get_uint32(key+64); ti->maciv=get_uint32(key+68); - ti->sendseq=get_uint32(key+72); - ti->lastrecvseq=ti->sendseq; - ti->keyed=True; + uint32_t firstseq=get_uint32(key+72); + SEQNUM_KEYED_INIT(firstseq,firstseq); return True; } @@ -81,8 +101,8 @@ static void transform_delkey(void *sst) ti->keyed=False; } -static uint32_t transform_forward(void *sst, struct buffer_if *buf, - const char **errmsg) +static transform_apply_return transform_forward(void *sst, + struct buffer_if *buf, const char **errmsg) { struct transform_inst *ti=sst; uint8_t *padp; @@ -114,7 +134,7 @@ static uint32_t transform_forward(void *sst, struct buffer_if *buf, bother sending the IV - it's the same each time. (If we wanted to send it we've have to add 16 bytes to each message, not 4, so that the message stays a multiple of 16 bytes long.) */ - memset(iv,0,16); + FILLZERO(iv); put_uint32(iv, ti->maciv); serpentbe_encrypt(&ti->mackey,iv,macacc); @@ -127,11 +147,11 @@ static uint32_t transform_forward(void *sst, struct buffer_if *buf, serpentbe_encrypt(&ti->mackey,macplain,macacc); } serpentbe_encrypt(&ti->mackey,macacc,macacc); - memcpy(buf_append(buf,16),macacc,16); + BUF_ADD_BYTES(append,buf,macacc,16); /* Serpent-CBC. We expand the ID as for CBCMAC, do the encryption, and prepend the IV before increasing it. */ - memset(iv,0,16); + FILLZERO(iv); put_uint32(iv, ti->cryptiv); serpentbe_encrypt(&ti->cryptkey,iv,iv); @@ -152,8 +172,8 @@ static uint32_t transform_forward(void *sst, struct buffer_if *buf, return 0; } -static uint32_t transform_reverse(void *sst, struct buffer_if *buf, - const char **errmsg) +static transform_apply_return transform_reverse(void *sst, + struct buffer_if *buf, const char **errmsg) { struct transform_inst *ti=sst; uint8_t *padp; @@ -171,11 +191,11 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf, if (buf->size < 4 + 16 + 16) { *errmsg="msg too short"; - return 1; + return transform_apply_err; } /* CBC */ - memset(iv,0,16); + FILLZERO(iv); { uint32_t ivword = buf_unprepend_uint32(buf); put_uint32(iv, ivword); @@ -183,7 +203,7 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf, /* Assert bufsize is multiple of blocksize */ if (buf->size&0xf) { *errmsg="msg not multiple of cipher blocksize"; - return 1; + return transform_apply_err; } serpentbe_encrypt(&ti->cryptkey,iv,iv); for (n=buf->start; nstart+buf->size; n+=16) @@ -193,12 +213,12 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf, serpentbe_decrypt(&ti->cryptkey,n,n); for (i = 0; i < 16; i++) n[i] ^= iv[i]; - memcpy(iv, pct, 16); + COPY_OBJ(iv, pct); } /* CBCMAC */ macexpected=buf_unappend(buf,16); - memset(iv,0,16); + FILLZERO(iv); put_uint32(iv, ti->maciv); serpentbe_encrypt(&ti->mackey,iv,macacc); @@ -211,9 +231,9 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf, serpentbe_encrypt(&ti->mackey,macplain,macacc); } serpentbe_encrypt(&ti->mackey,macacc,macacc); - if (!consttime_memeq(macexpected,macacc,16)!=0) { + if (!consttime_memeq(macexpected,macacc,16)) { *errmsg="invalid MAC"; - return 1; + return transform_apply_err; } /* PKCS5, stolen from IWJ */ @@ -222,7 +242,7 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf, padlen=*padp; if (!padlen || (padlen > PKCS5_MASK+1)) { *errmsg="pkcs5: invalid length"; - return 1; + return transform_apply_err; } buf_unappend(buf,padlen-1); @@ -230,7 +250,7 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf, /* Sequence number must be within max_skew of lastrecvseq; lastrecvseq is only allowed to increase. */ seqnum=buf_unprepend_uint32(buf); - SEQNUM_CHECK(seqnum, ti->max_skew); + SEQNUM_CHECK(seqnum, &ti->p); return 0; } @@ -243,7 +263,7 @@ static struct transform_inst_if *transform_create(void *sst) TRANSFORM_CREATE_CORE; - ti->max_skew=st->max_seq_skew; + ti->p=st->p; return &ti->ops; } @@ -255,14 +275,14 @@ static list_t *transform_apply(closure_t *self, struct cloc loc, item_t *item; dict_t *dict; - st=safe_malloc(sizeof(*st),"serpent"); + NEW(st); st->cl.description="serpent-cbc256"; st->cl.type=CL_TRANSFORM; st->cl.apply=NULL; st->cl.interface=&st->ops; st->ops.st=st; - st->ops.max_start_pad=28; /* 4byte seqnum, 16byte pad, 4byte MACIV, - 4byte IV */ + update_max_start_pad(&transform_max_start_pad, 28); + /* 4byte seqnum, 16byte pad, 4byte MACIV, 4byte IV */ /* We need 256*2 bits for serpent keys, 32 bits for CBC-IV and 32 bits for CBCMAC-IV, and 32 bits for init sequence number */ @@ -272,11 +292,13 @@ static list_t *transform_apply(closure_t *self, struct cloc loc, /* First parameter must be a dict */ item=list_elem(args,0); if (!item || item->type!=t_dict) - cfgfatal(loc,"userv-ipif","parameter must be a dictionary\n"); + cfgfatal(loc,"serpent256-cbc","parameter must be a dictionary\n"); dict=item->data.dict; - st->max_seq_skew=dict_read_number(dict, "max-sequence-skew", - False, "serpent-cbc256", loc, 10); + + SEQNUM_PARAMS_INIT(dict,&st->p,"serpent-cbc256",loc); + + SET_CAPAB_BIT(CAPAB_BIT_SERPENT256CBC); return new_closure(&st->cl); } @@ -334,7 +356,7 @@ void transform_cbcmac_module(dict_t *dict) const char *errmsg; int i; - tr = malloc(sizeof(struct transform)); + NEW(tr); tr->max_seq_skew = 20; ti = transform_create(tr); @@ -342,7 +364,7 @@ void transform_cbcmac_module(dict_t *dict) buf.base = malloc(4096); buffer_init(&buf, 2048); - memcpy(buf_append(&buf, sizeof(text)), text, sizeof(text)); + BUF_ADD_OBJ(append, buf, text, sizeof(text)); if (transform_forward(ti, &buf, &errmsg)) { fatal("transform_forward test: %s", errmsg); }