1fb3cba0 |
1 | /* |
f0e54a99 |
2 | * Blowfish mechanism for udp tunnel |
1fb3cba0 |
3 | * |
5124214b |
4 | * mechanisms: blowfish-cbc, blowfish-cbcmac |
1fb3cba0 |
5 | * arguments: key size in bits (must be multiple of 8) |
6 | * |
7 | * key values: 8 byte random IV and n byte random key |
8 | * |
5124214b |
9 | * restrictions: plaintext length must be multiple of block size (8 bytes) |
1fb3cba0 |
10 | * encoding: do CBC encryption overwriting message |
11 | * encoding for MAC: do CBC and prepend last ciphertext block |
12 | */ |
f0e54a99 |
13 | /* |
c07be359 |
14 | * Copyright (C) 2000,2003 Ian Jackson |
15 | * This file is part of ipif, part of userv-utils |
f0e54a99 |
16 | * |
17 | * This is free software; you can redistribute it and/or modify it |
18 | * under the terms of the GNU General Public License as published by |
19 | * the Free Software Foundation; either version 2 of the License, or |
20 | * (at your option) any later version. |
21 | * |
22 | * This program is distributed in the hope that it will be useful, but |
23 | * WITHOUT ANY WARRANTY; without even the implied warranty of |
24 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
25 | * General Public License for more details. |
26 | * |
27 | * You should have received a copy of the GNU General Public License |
28 | * along with userv-utils; if not, write to the Free Software |
29 | * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
30 | */ |
1fb3cba0 |
31 | |
f9e59051 |
32 | #include "forwarder.h" |
1fb3cba0 |
33 | #include "blowfish.h" |
34 | |
35 | struct mechdata { |
ed509ebd |
36 | unsigned char iv[BLOWFISH_BLOCKBYTES]; |
1fb3cba0 |
37 | struct blowfish_cbc_state cbc; |
38 | }; |
39 | |
40 | static void mds_blowfish(struct mechdata **md_r) { |
41 | struct mechdata *md; |
42 | unsigned long keysize; |
1fb3cba0 |
43 | unsigned char key[BLOWFISH_MAXKEYBYTES]; |
44 | |
0f4b558c |
45 | XMALLOC(md); |
1fb3cba0 |
46 | |
47 | keysize= getarg_ulong(); |
48 | arg_assert(!(keysize & 7)); |
49 | keysize >>= 3; |
50 | arg_assert(keysize > 0 && keysize <= BLOWFISH_MAXKEYBYTES); |
51 | |
ed509ebd |
52 | random_key(md->iv,sizeof(md->iv)); |
1fb3cba0 |
53 | random_key(key,keysize); |
54 | |
55 | blowfish_loadkey(&md->cbc.ek, key,keysize); |
1fb3cba0 |
56 | *md_r= md; |
57 | } |
58 | |
59 | static void mes_blowfish(struct mechdata **md_r, int *maxprefix_io, int *maxsuffix_io) { |
60 | mds_blowfish(md_r); |
61 | } |
62 | |
63 | static void mds_bfmac(struct mechdata **md_r) { |
64 | mds_blowfish(md_r); |
65 | } |
66 | |
67 | static void mes_bfmac(struct mechdata **md_r, int *maxprefix_io, int *maxsuffix_io) { |
68 | mds_blowfish(md_r); |
69 | *maxprefix_io += BLOWFISH_BLOCKBYTES; |
70 | } |
71 | |
72 | #define MSGSIZE_OUT \ |
73 | msgsize= buf->size; \ |
0f4b558c |
74 | arg_assert(!(msgsize & (BLOWFISH_BLOCKBYTES-1))); |
1fb3cba0 |
75 | |
76 | #define MSGSIZE_IN \ |
77 | msgsize= buf->size; \ |
0f4b558c |
78 | if (msgsize & (BLOWFISH_BLOCKBYTES-1)) return "not multiple of block size" |
1fb3cba0 |
79 | |
80 | #define FOREACH_BLOCK(func,inptr,outptr) \ |
81 | { \ |
82 | unsigned char *ptr; \ |
ed509ebd |
83 | blowfish_cbc_setiv(&md->cbc, md->iv); \ |
0f4b558c |
84 | for (ptr= buf->start; \ |
85 | ptr < buf->start + msgsize; \ |
86 | ptr += BLOWFISH_BLOCKBYTES) { \ |
1fb3cba0 |
87 | func(&md->cbc,inptr,outptr); \ |
0f4b558c |
88 | } \ |
1fb3cba0 |
89 | } |
90 | |
91 | static void menc_blowfish(struct mechdata *md, struct buffer *buf) { |
92 | unsigned long msgsize; |
93 | MSGSIZE_OUT; |
94 | FOREACH_BLOCK(blowfish_cbc_encrypt,ptr,ptr); |
95 | } |
96 | |
97 | static const char *mdec_blowfish(struct mechdata *md, struct buffer *buf) { |
98 | unsigned long msgsize; |
99 | MSGSIZE_IN; |
100 | FOREACH_BLOCK(blowfish_cbc_decrypt,ptr,ptr); |
101 | return 0; |
102 | } |
103 | |
104 | static void menc_bfmac(struct mechdata *md, struct buffer *buf) { |
105 | unsigned long msgsize; |
106 | unsigned char outblock[BLOWFISH_BLOCKBYTES]; |
107 | |
108 | MSGSIZE_OUT; |
109 | FOREACH_BLOCK(blowfish_cbc_encrypt,ptr,outblock); |
110 | memcpy(buf_prepend(buf,BLOWFISH_BLOCKBYTES), outblock, BLOWFISH_BLOCKBYTES); |
111 | } |
112 | |
113 | static const char *mdec_bfmac(struct mechdata *md, struct buffer *buf) { |
114 | unsigned long msgsize; |
115 | unsigned char outblock[BLOWFISH_BLOCKBYTES]; |
116 | unsigned char *checkblock; |
117 | |
118 | BUF_UNPREPEND(checkblock,buf,BLOWFISH_BLOCKBYTES); |
119 | MSGSIZE_IN; |
120 | FOREACH_BLOCK(blowfish_cbc_encrypt,ptr,outblock); |
121 | if (memcmp(checkblock,outblock,BLOWFISH_BLOCKBYTES)) return "verify failed"; |
122 | return 0; |
123 | } |
124 | |
125 | const struct mechanism mechlist_blowfish[]= { |
126 | STANDARD_MECHANISM("blowfish-cbcmac", bfmac) |
127 | STANDARD_MECHANISM("blowfish-cbc", blowfish) |
128 | { 0 } |
129 | }; |