/* Transform module - bulk data transformation */
+/*
+ * This file is part of secnet.
+ * See README for full list of copyright holders.
+ *
+ * secnet is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * secnet is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 3 along with secnet; if not, see
+ * https://www.gnu.org/licenses/gpl.html.
+ */
+
/* For now it's hard-coded to do sequence
number/pkcs5/serpent-cbcmac/serpent with a 256 bit key for each
instance of serpent. We also require key material for the IVs for
/* Required key length in bytes */
#define REQUIRED_KEYLEN ((512+64+32)/8)
+#include "transform-common.h"
+
+struct transform_params {
+ SEQNUM_PARAMS_FIELDS;
+};
+
struct transform {
closure_t cl;
struct transform_if ops;
- uint32_t max_seq_skew;
+ struct transform_params p;
};
struct transform_inst {
struct transform_inst_if ops;
+ struct transform_params p;
struct keyInstance cryptkey;
struct keyInstance mackey;
uint32_t cryptiv;
uint32_t maciv;
- uint32_t sendseq;
- uint32_t lastrecvseq;
- uint32_t max_skew;
- bool_t keyed;
+ SEQNUM_KEYED_FIELDS;
};
-#include "transform-common.h"
-
#define PKCS5_MASK 15
-static bool_t transform_setkey(void *sst, uint8_t *key, int32_t keylen)
+static bool_t transform_setkey(void *sst, uint8_t *key, int32_t keylen,
+ bool_t direction)
{
struct transform_inst *ti=sst;
serpentbe_makekey(&ti->mackey,256,key+32);
ti->cryptiv=get_uint32(key+64);
ti->maciv=get_uint32(key+68);
- ti->sendseq=get_uint32(key+72);
- ti->lastrecvseq=ti->sendseq;
- ti->keyed=True;
+ uint32_t firstseq=get_uint32(key+72);
+ SEQNUM_KEYED_INIT(firstseq,firstseq);
return True;
}
ti->keyed=False;
}
-static uint32_t transform_forward(void *sst, struct buffer_if *buf,
- const char **errmsg)
+static transform_apply_return transform_forward(void *sst,
+ struct buffer_if *buf, const char **errmsg)
{
struct transform_inst *ti=sst;
uint8_t *padp;
bother sending the IV - it's the same each time. (If we wanted to send
it we've have to add 16 bytes to each message, not 4, so that the
message stays a multiple of 16 bytes long.) */
- memset(iv,0,16);
+ FILLZERO(iv);
put_uint32(iv, ti->maciv);
serpentbe_encrypt(&ti->mackey,iv,macacc);
serpentbe_encrypt(&ti->mackey,macplain,macacc);
}
serpentbe_encrypt(&ti->mackey,macacc,macacc);
- memcpy(buf_append(buf,16),macacc,16);
+ BUF_ADD_BYTES(append,buf,macacc,16);
/* Serpent-CBC. We expand the ID as for CBCMAC, do the encryption,
and prepend the IV before increasing it. */
- memset(iv,0,16);
+ FILLZERO(iv);
put_uint32(iv, ti->cryptiv);
serpentbe_encrypt(&ti->cryptkey,iv,iv);
return 0;
}
-static uint32_t transform_reverse(void *sst, struct buffer_if *buf,
- const char **errmsg)
+static transform_apply_return transform_reverse(void *sst,
+ struct buffer_if *buf, const char **errmsg)
{
struct transform_inst *ti=sst;
uint8_t *padp;
if (buf->size < 4 + 16 + 16) {
*errmsg="msg too short";
- return 1;
+ return transform_apply_err;
}
/* CBC */
- memset(iv,0,16);
+ FILLZERO(iv);
{
uint32_t ivword = buf_unprepend_uint32(buf);
put_uint32(iv, ivword);
/* Assert bufsize is multiple of blocksize */
if (buf->size&0xf) {
*errmsg="msg not multiple of cipher blocksize";
- return 1;
+ return transform_apply_err;
}
serpentbe_encrypt(&ti->cryptkey,iv,iv);
for (n=buf->start; n<buf->start+buf->size; n+=16)
serpentbe_decrypt(&ti->cryptkey,n,n);
for (i = 0; i < 16; i++)
n[i] ^= iv[i];
- memcpy(iv, pct, 16);
+ COPY_OBJ(iv, pct);
}
/* CBCMAC */
macexpected=buf_unappend(buf,16);
- memset(iv,0,16);
+ FILLZERO(iv);
put_uint32(iv, ti->maciv);
serpentbe_encrypt(&ti->mackey,iv,macacc);
serpentbe_encrypt(&ti->mackey,macplain,macacc);
}
serpentbe_encrypt(&ti->mackey,macacc,macacc);
- if (!consttime_memeq(macexpected,macacc,16)!=0) {
+ if (!consttime_memeq(macexpected,macacc,16)) {
*errmsg="invalid MAC";
- return 1;
+ return transform_apply_err;
}
/* PKCS5, stolen from IWJ */
padlen=*padp;
if (!padlen || (padlen > PKCS5_MASK+1)) {
*errmsg="pkcs5: invalid length";
- return 1;
+ return transform_apply_err;
}
buf_unappend(buf,padlen-1);
/* Sequence number must be within max_skew of lastrecvseq; lastrecvseq
is only allowed to increase. */
seqnum=buf_unprepend_uint32(buf);
- SEQNUM_CHECK(seqnum, ti->max_skew);
+ SEQNUM_CHECK(seqnum, &ti->p);
return 0;
}
TRANSFORM_CREATE_CORE;
- ti->max_skew=st->max_seq_skew;
+ ti->p=st->p;
return &ti->ops;
}
item_t *item;
dict_t *dict;
- st=safe_malloc(sizeof(*st),"serpent");
+ NEW(st);
st->cl.description="serpent-cbc256";
st->cl.type=CL_TRANSFORM;
st->cl.apply=NULL;
st->cl.interface=&st->ops;
st->ops.st=st;
- st->ops.max_start_pad=28; /* 4byte seqnum, 16byte pad, 4byte MACIV,
- 4byte IV */
- st->ops.max_end_pad=16; /* 16byte CBCMAC */
+ update_max_start_pad(&transform_max_start_pad, 28);
+ /* 4byte seqnum, 16byte pad, 4byte MACIV, 4byte IV */
/* We need 256*2 bits for serpent keys, 32 bits for CBC-IV and 32 bits
for CBCMAC-IV, and 32 bits for init sequence number */
/* First parameter must be a dict */
item=list_elem(args,0);
if (!item || item->type!=t_dict)
- cfgfatal(loc,"userv-ipif","parameter must be a dictionary\n");
+ cfgfatal(loc,"serpent256-cbc","parameter must be a dictionary\n");
dict=item->data.dict;
- st->max_seq_skew=dict_read_number(dict, "max-sequence-skew",
- False, "serpent-cbc256", loc, 10);
+
+ SEQNUM_PARAMS_INIT(dict,&st->p,"serpent-cbc256",loc);
+
+ SET_CAPAB_BIT(CAPAB_BIT_SERPENT256CBC);
return new_closure(&st->cl);
}
const char *errmsg;
int i;
- tr = malloc(sizeof(struct transform));
+ NEW(tr);
tr->max_seq_skew = 20;
ti = transform_create(tr);
buf.base = malloc(4096);
buffer_init(&buf, 2048);
- memcpy(buf_append(&buf, sizeof(text)), text, sizeof(text));
+ BUF_ADD_OBJ(append, buf, text, sizeof(text));
if (transform_forward(ti, &buf, &errmsg)) {
fatal("transform_forward test: %s", errmsg);
}