[userv-utils] / ipif / mech-blowfish.c

/*
 * Blowfish mechanism for udp tunnel
 *
 * mechanisms: blowfish-cbc, blowfish-cbcmac
 * arguments: key size in bits (must be multiple of 8)
 *
 * key values: 8 byte random IV and n byte random key
 *
 * restrictions: plaintext length must be multiple of block size (8 bytes)
 * encoding:         do CBC encryption overwriting message
 * encoding for MAC: do CBC and prepend last ciphertext block
 */
/*
 * Copyright (C) 2000,2003 Ian Jackson
 * This file is part of ipif, part of userv-utils
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with userv-utils; if not, write to the Free Software
 * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

#include "forwarder.h"
#include "blowfish.h"

struct mechdata {
  unsigned char iv[BLOWFISH_BLOCKBYTES];
  struct blowfish_cbc_state cbc;
};

static void mds_blowfish(struct mechdata **md_r) {
  struct mechdata *md;
  unsigned long keysize;
  unsigned char key[BLOWFISH_MAXKEYBYTES];

  XMALLOC(md);

  keysize= getarg_ulong();
  arg_assert(!(keysize & 7));
  keysize >>= 3;
  arg_assert(keysize > 0 && keysize <= BLOWFISH_MAXKEYBYTES);

  random_key(md->iv,sizeof(md->iv));
  random_key(key,keysize);

  blowfish_loadkey(&md->cbc.ek, key,keysize);
  *md_r= md;
}

static void mes_blowfish(struct mechdata **md_r, int *maxprefix_io, int *maxsuffix_io) {
  mds_blowfish(md_r);
}

static void mds_bfmac(struct mechdata **md_r) {
  mds_blowfish(md_r);
}

static void mes_bfmac(struct mechdata **md_r, int *maxprefix_io, int *maxsuffix_io) {
  mds_blowfish(md_r);
  *maxprefix_io += BLOWFISH_BLOCKBYTES;
}

#define MSGSIZE_OUT 						      \
  msgsize= buf->size;					              \
  arg_assert(!(msgsize & (BLOWFISH_BLOCKBYTES-1)));

#define MSGSIZE_IN 						      \
  msgsize= buf->size;			   		              \
  if (msgsize & (BLOWFISH_BLOCKBYTES-1)) return "not multiple of block size"

#define FOREACH_BLOCK(func,inptr,outptr)			      \
 {                                                                    \
   unsigned char *ptr;						      \
   blowfish_cbc_setiv(&md->cbc, md->iv);                              \
   for (ptr= buf->start;					      \
        ptr < buf->start + msgsize;				      \
	ptr += BLOWFISH_BLOCKBYTES) {                                 \
     func(&md->cbc,inptr,outptr);				      \
   }                                                                  \
 }

static void menc_blowfish(struct mechdata *md, struct buffer *buf) {
  unsigned long msgsize;
  MSGSIZE_OUT;
  FOREACH_BLOCK(blowfish_cbc_encrypt,ptr,ptr);
}

static const char *mdec_blowfish(struct mechdata *md, struct buffer *buf) {
  unsigned long msgsize;
  MSGSIZE_IN;
  FOREACH_BLOCK(blowfish_cbc_decrypt,ptr,ptr);
  return 0;
}

static void menc_bfmac(struct mechdata *md, struct buffer *buf) {
  unsigned long msgsize;
  unsigned char outblock[BLOWFISH_BLOCKBYTES];
  
  MSGSIZE_OUT;
  FOREACH_BLOCK(blowfish_cbc_encrypt,ptr,outblock);
  memcpy(buf_prepend(buf,BLOWFISH_BLOCKBYTES), outblock, BLOWFISH_BLOCKBYTES);
}

static const char *mdec_bfmac(struct mechdata *md, struct buffer *buf) {
  unsigned long msgsize;
  unsigned char outblock[BLOWFISH_BLOCKBYTES];
  unsigned char *checkblock;

  BUF_UNPREPEND(checkblock,buf,BLOWFISH_BLOCKBYTES);
  MSGSIZE_IN;
  FOREACH_BLOCK(blowfish_cbc_encrypt,ptr,outblock);
  if (memcmp(checkblock,outblock,BLOWFISH_BLOCKBYTES)) return "verify failed";
  return 0;
}

const struct mechanism mechlist_blowfish[]= {
  STANDARD_MECHANISM("blowfish-cbcmac", bfmac)
  STANDARD_MECHANISM("blowfish-cbc",    blowfish)
  { 0 }
};
Commit	Line	Data
1fb3cba0	1	/*
f0e54a99	2	* Blowfish mechanism for udp tunnel
1fb3cba0	3	*
5124214b	4	* mechanisms: blowfish-cbc, blowfish-cbcmac
1fb3cba0	5	* arguments: key size in bits (must be multiple of 8)
	6	*
	7	* key values: 8 byte random IV and n byte random key
	8	*
5124214b	9	* restrictions: plaintext length must be multiple of block size (8 bytes)
1fb3cba0	10	* encoding: do CBC encryption overwriting message
	11	* encoding for MAC: do CBC and prepend last ciphertext block
	12	*/
f0e54a99	13	/*
c07be359	14	* Copyright (C) 2000,2003 Ian Jackson
c07be359	15	* This file is part of ipif, part of userv-utils
f0e54a99	16	*
	17	* This is free software; you can redistribute it and/or modify it
	18	* under the terms of the GNU General Public License as published by
	19	* the Free Software Foundation; either version 2 of the License, or
	20	* (at your option) any later version.
	21	*
	22	* This program is distributed in the hope that it will be useful, but
	23	* WITHOUT ANY WARRANTY; without even the implied warranty of
	24	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	25	* General Public License for more details.
	26	*
	27	* You should have received a copy of the GNU General Public License
	28	* along with userv-utils; if not, write to the Free Software
	29	* Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	30	*/
1fb3cba0	31
f9e59051	32	#include "forwarder.h"
1fb3cba0	33	#include "blowfish.h"
	34
	35	struct mechdata {
ed509ebd	36	unsigned char iv[BLOWFISH_BLOCKBYTES];
1fb3cba0	37	struct blowfish_cbc_state cbc;
	38	};
	39
	40	static void mds_blowfish(struct mechdata **md_r) {
	41	struct mechdata *md;
	42	unsigned long keysize;
1fb3cba0	43	unsigned char key[BLOWFISH_MAXKEYBYTES];
1fb3cba0	44
0f4b558c	45	XMALLOC(md);
1fb3cba0	46
	47	keysize= getarg_ulong();
	48	arg_assert(!(keysize & 7));
	49	keysize >>= 3;
	50	arg_assert(keysize > 0 && keysize <= BLOWFISH_MAXKEYBYTES);
	51
ed509ebd	52	random_key(md->iv,sizeof(md->iv));
1fb3cba0	53	random_key(key,keysize);
	54
	55	blowfish_loadkey(&md->cbc.ek, key,keysize);
1fb3cba0	56	*md_r= md;
	57	}
	58
	59	static void mes_blowfish(struct mechdata *md_r, int maxprefix_io, int *maxsuffix_io) {
	60	mds_blowfish(md_r);
	61	}
	62
	63	static void mds_bfmac(struct mechdata **md_r) {
	64	mds_blowfish(md_r);
	65	}
	66
	67	static void mes_bfmac(struct mechdata *md_r, int maxprefix_io, int *maxsuffix_io) {
	68	mds_blowfish(md_r);
	69	*maxprefix_io += BLOWFISH_BLOCKBYTES;
	70	}
	71
	72	#define MSGSIZE_OUT \
	73	msgsize= buf->size; \
0f4b558c	74	arg_assert(!(msgsize & (BLOWFISH_BLOCKBYTES-1)));
1fb3cba0	75
	76	#define MSGSIZE_IN \
	77	msgsize= buf->size; \
0f4b558c	78	if (msgsize & (BLOWFISH_BLOCKBYTES-1)) return "not multiple of block size"
1fb3cba0	79
	80	#define FOREACH_BLOCK(func,inptr,outptr) \
	81	{ \
	82	unsigned char *ptr; \
ed509ebd	83	blowfish_cbc_setiv(&md->cbc, md->iv); \
0f4b558c	84	for (ptr= buf->start; \
	85	ptr < buf->start + msgsize; \
	86	ptr += BLOWFISH_BLOCKBYTES) { \
1fb3cba0	87	func(&md->cbc,inptr,outptr); \
0f4b558c	88	} \
1fb3cba0	89	}
	90
	91	static void menc_blowfish(struct mechdata md, struct buffer buf) {
	92	unsigned long msgsize;
	93	MSGSIZE_OUT;
	94	FOREACH_BLOCK(blowfish_cbc_encrypt,ptr,ptr);
	95	}
	96
	97	static const char mdec_blowfish(struct mechdata md, struct buffer *buf) {
	98	unsigned long msgsize;
	99	MSGSIZE_IN;
	100	FOREACH_BLOCK(blowfish_cbc_decrypt,ptr,ptr);
	101	return 0;
	102	}
	103
	104	static void menc_bfmac(struct mechdata md, struct buffer buf) {
	105	unsigned long msgsize;
	106	unsigned char outblock[BLOWFISH_BLOCKBYTES];
	107
	108	MSGSIZE_OUT;
	109	FOREACH_BLOCK(blowfish_cbc_encrypt,ptr,outblock);
	110	memcpy(buf_prepend(buf,BLOWFISH_BLOCKBYTES), outblock, BLOWFISH_BLOCKBYTES);
	111	}
	112
	113	static const char mdec_bfmac(struct mechdata md, struct buffer *buf) {
	114	unsigned long msgsize;
	115	unsigned char outblock[BLOWFISH_BLOCKBYTES];
	116	unsigned char *checkblock;
	117
	118	BUF_UNPREPEND(checkblock,buf,BLOWFISH_BLOCKBYTES);
	119	MSGSIZE_IN;
	120	FOREACH_BLOCK(blowfish_cbc_encrypt,ptr,outblock);
	121	if (memcmp(checkblock,outblock,BLOWFISH_BLOCKBYTES)) return "verify failed";
	122	return 0;
	123	}
	124
	125	const struct mechanism mechlist_blowfish[]= {
	126	STANDARD_MECHANISM("blowfish-cbcmac", bfmac)
	127	STANDARD_MECHANISM("blowfish-cbc", blowfish)
	128	{ 0 }
	129	};