[userv-utils] / ipif / mech-blowfish.c

/*
 * Blowfish mechanism for udp tunnel
 *
 * arguments: key size in bits (must be multiple of 8)
 *
 * key values: 8 byte random IV and n byte random key
 *
 * encoding:         do CBC encryption overwriting message
 * encoding for MAC: do CBC and prepend last ciphertext block
 */
/*
 * Copyright (C) 2000 Ian Jackson
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with userv-utils; if not, write to the Free Software
 * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

#include "forwarder.h"
#include "blowfish.h"

struct mechdata {
  unsigned char iv[BLOWFISH_BLOCKBYTES];
  struct blowfish_cbc_state cbc;
};

static void mds_blowfish(struct mechdata **md_r) {
  struct mechdata *md;
  unsigned long keysize;
  unsigned char key[BLOWFISH_MAXKEYBYTES];

  XMALLOC(md);

  keysize= getarg_ulong();
  arg_assert(!(keysize & 7));
  keysize >>= 3;
  arg_assert(keysize > 0 && keysize <= BLOWFISH_MAXKEYBYTES);

  random_key(md->iv,sizeof(md->iv));
  random_key(key,keysize);

  blowfish_loadkey(&md->cbc.ek, key,keysize);
  *md_r= md;
}

static void mes_blowfish(struct mechdata **md_r, int *maxprefix_io, int *maxsuffix_io) {
  mds_blowfish(md_r);
}

static void mds_bfmac(struct mechdata **md_r) {
  mds_blowfish(md_r);
}

static void mes_bfmac(struct mechdata **md_r, int *maxprefix_io, int *maxsuffix_io) {
  mds_blowfish(md_r);
  *maxprefix_io += BLOWFISH_BLOCKBYTES;
}

#define MSGSIZE_OUT 						      \
  msgsize= buf->size;					              \
  arg_assert(!(msgsize & (BLOWFISH_BLOCKBYTES-1)));

#define MSGSIZE_IN 						      \
  msgsize= buf->size;			   		              \
  if (msgsize & (BLOWFISH_BLOCKBYTES-1)) return "not multiple of block size"

#define FOREACH_BLOCK(func,inptr,outptr)			      \
 {                                                                    \
   unsigned char *ptr;						      \
   blowfish_cbc_setiv(&md->cbc, md->iv);                              \
   for (ptr= buf->start;					      \
        ptr < buf->start + msgsize;				      \
	ptr += BLOWFISH_BLOCKBYTES) {                                 \
     func(&md->cbc,inptr,outptr);				      \
   }                                                                  \
 }

static void menc_blowfish(struct mechdata *md, struct buffer *buf) {
  unsigned long msgsize;
  MSGSIZE_OUT;
  FOREACH_BLOCK(blowfish_cbc_encrypt,ptr,ptr);
}

static const char *mdec_blowfish(struct mechdata *md, struct buffer *buf) {
  unsigned long msgsize;
  MSGSIZE_IN;
  FOREACH_BLOCK(blowfish_cbc_decrypt,ptr,ptr);
  return 0;
}

static void menc_bfmac(struct mechdata *md, struct buffer *buf) {
  unsigned long msgsize;
  unsigned char outblock[BLOWFISH_BLOCKBYTES];
  
  MSGSIZE_OUT;
  FOREACH_BLOCK(blowfish_cbc_encrypt,ptr,outblock);
  memcpy(buf_prepend(buf,BLOWFISH_BLOCKBYTES), outblock, BLOWFISH_BLOCKBYTES);
}

static const char *mdec_bfmac(struct mechdata *md, struct buffer *buf) {
  unsigned long msgsize;
  unsigned char outblock[BLOWFISH_BLOCKBYTES];
  unsigned char *checkblock;

  BUF_UNPREPEND(checkblock,buf,BLOWFISH_BLOCKBYTES);
  MSGSIZE_IN;
  FOREACH_BLOCK(blowfish_cbc_encrypt,ptr,outblock);
  if (memcmp(checkblock,outblock,BLOWFISH_BLOCKBYTES)) return "verify failed";
  return 0;
}

const struct mechanism mechlist_blowfish[]= {
  STANDARD_MECHANISM("blowfish-cbcmac", bfmac)
  STANDARD_MECHANISM("blowfish-cbc",    blowfish)
  { 0 }
};
Commit	Line	Data
84f87e82	1	/*
935da5a4	2	* Blowfish mechanism for udp tunnel
84f87e82	3	*
	4	* arguments: key size in bits (must be multiple of 8)
	5	*
	6	* key values: 8 byte random IV and n byte random key
	7	*
	8	* encoding: do CBC encryption overwriting message
	9	* encoding for MAC: do CBC and prepend last ciphertext block
	10	*/
935da5a4	11	/*
	12	* Copyright (C) 2000 Ian Jackson
	13	*
	14	* This is free software; you can redistribute it and/or modify it
	15	* under the terms of the GNU General Public License as published by
	16	* the Free Software Foundation; either version 2 of the License, or
	17	* (at your option) any later version.
	18	*
	19	* This program is distributed in the hope that it will be useful, but
	20	* WITHOUT ANY WARRANTY; without even the implied warranty of
	21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	22	* General Public License for more details.
	23	*
	24	* You should have received a copy of the GNU General Public License
	25	* along with userv-utils; if not, write to the Free Software
	26	* Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	27	*/
84f87e82	28
aaa9ab3a	29	#include "forwarder.h"
84f87e82	30	#include "blowfish.h"
	31
	32	struct mechdata {
8bb9d875	33	unsigned char iv[BLOWFISH_BLOCKBYTES];
84f87e82	34	struct blowfish_cbc_state cbc;
	35	};
	36
	37	static void mds_blowfish(struct mechdata **md_r) {
	38	struct mechdata *md;
	39	unsigned long keysize;
84f87e82	40	unsigned char key[BLOWFISH_MAXKEYBYTES];
84f87e82	41
244a0e99	42	XMALLOC(md);
84f87e82	43
	44	keysize= getarg_ulong();
	45	arg_assert(!(keysize & 7));
	46	keysize >>= 3;
	47	arg_assert(keysize > 0 && keysize <= BLOWFISH_MAXKEYBYTES);
	48
8bb9d875	49	random_key(md->iv,sizeof(md->iv));
84f87e82	50	random_key(key,keysize);
	51
	52	blowfish_loadkey(&md->cbc.ek, key,keysize);
84f87e82	53	*md_r= md;
	54	}
	55
	56	static void mes_blowfish(struct mechdata *md_r, int maxprefix_io, int *maxsuffix_io) {
	57	mds_blowfish(md_r);
	58	}
	59
	60	static void mds_bfmac(struct mechdata **md_r) {
	61	mds_blowfish(md_r);
	62	}
	63
	64	static void mes_bfmac(struct mechdata *md_r, int maxprefix_io, int *maxsuffix_io) {
	65	mds_blowfish(md_r);
	66	*maxprefix_io += BLOWFISH_BLOCKBYTES;
	67	}
	68
	69	#define MSGSIZE_OUT \
	70	msgsize= buf->size; \
244a0e99	71	arg_assert(!(msgsize & (BLOWFISH_BLOCKBYTES-1)));
84f87e82	72
	73	#define MSGSIZE_IN \
	74	msgsize= buf->size; \
244a0e99	75	if (msgsize & (BLOWFISH_BLOCKBYTES-1)) return "not multiple of block size"
84f87e82	76
	77	#define FOREACH_BLOCK(func,inptr,outptr) \
	78	{ \
	79	unsigned char *ptr; \
8bb9d875	80	blowfish_cbc_setiv(&md->cbc, md->iv); \
244a0e99	81	for (ptr= buf->start; \
	82	ptr < buf->start + msgsize; \
	83	ptr += BLOWFISH_BLOCKBYTES) { \
84f87e82	84	func(&md->cbc,inptr,outptr); \
244a0e99	85	} \
84f87e82	86	}
	87
	88	static void menc_blowfish(struct mechdata md, struct buffer buf) {
	89	unsigned long msgsize;
	90	MSGSIZE_OUT;
	91	FOREACH_BLOCK(blowfish_cbc_encrypt,ptr,ptr);
	92	}
	93
	94	static const char mdec_blowfish(struct mechdata md, struct buffer *buf) {
	95	unsigned long msgsize;
	96	MSGSIZE_IN;
	97	FOREACH_BLOCK(blowfish_cbc_decrypt,ptr,ptr);
	98	return 0;
	99	}
	100
	101	static void menc_bfmac(struct mechdata md, struct buffer buf) {
	102	unsigned long msgsize;
	103	unsigned char outblock[BLOWFISH_BLOCKBYTES];
	104
	105	MSGSIZE_OUT;
	106	FOREACH_BLOCK(blowfish_cbc_encrypt,ptr,outblock);
	107	memcpy(buf_prepend(buf,BLOWFISH_BLOCKBYTES), outblock, BLOWFISH_BLOCKBYTES);
	108	}
	109
	110	static const char mdec_bfmac(struct mechdata md, struct buffer *buf) {
	111	unsigned long msgsize;
	112	unsigned char outblock[BLOWFISH_BLOCKBYTES];
	113	unsigned char *checkblock;
	114
	115	BUF_UNPREPEND(checkblock,buf,BLOWFISH_BLOCKBYTES);
	116	MSGSIZE_IN;
	117	FOREACH_BLOCK(blowfish_cbc_encrypt,ptr,outblock);
	118	if (memcmp(checkblock,outblock,BLOWFISH_BLOCKBYTES)) return "verify failed";
	119	return 0;
	120	}
	121
	122	const struct mechanism mechlist_blowfish[]= {
	123	STANDARD_MECHANISM("blowfish-cbcmac", bfmac)
	124	STANDARD_MECHANISM("blowfish-cbc", blowfish)
	125	{ 0 }
	126	};