2 * Blowfish mechanism for udp tunnel
4 * mechanisms: blowfish-cbc, blowfish-cbcmac
5 * arguments: key size in bits (must be multiple of 8)
7 * key values: 8 byte random IV and n byte random key
9 * restrictions: plaintext length must be multiple of block size (8 bytes)
10 * encoding: do CBC encryption overwriting message
11 * encoding for MAC: do CBC and prepend last ciphertext block
14 * Copyright (C) 2000,2003 Ian Jackson
15 * This file is part of ipif, part of userv-utils
17 * This is free software; you can redistribute it and/or modify it
18 * under the terms of the GNU General Public License as published by
19 * the Free Software Foundation; either version 2 of the License, or
20 * (at your option) any later version.
22 * This program is distributed in the hope that it will be useful, but
23 * WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
25 * General Public License for more details.
27 * You should have received a copy of the GNU General Public License
28 * along with userv-utils; if not, write to the Free Software
29 * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
32 #include "forwarder.h"
36 unsigned char iv
[BLOWFISH_BLOCKBYTES
];
37 struct blowfish_cbc_state cbc
;
40 static void mds_blowfish(struct mechdata
**md_r
) {
42 unsigned long keysize
;
43 unsigned char key
[BLOWFISH_MAXKEYBYTES
];
47 keysize
= getarg_ulong();
48 arg_assert(!(keysize
& 7));
50 arg_assert(keysize
> 0 && keysize
<= BLOWFISH_MAXKEYBYTES
);
52 random_key(md
->iv
,sizeof(md
->iv
));
53 random_key(key
,keysize
);
55 blowfish_loadkey(&md
->cbc
.ek
, key
,keysize
);
59 static void mes_blowfish(struct mechdata
**md_r
, int *maxprefix_io
, int *maxsuffix_io
) {
63 static void mds_bfmac(struct mechdata
**md_r
) {
67 static void mes_bfmac(struct mechdata
**md_r
, int *maxprefix_io
, int *maxsuffix_io
) {
69 *maxprefix_io
+= BLOWFISH_BLOCKBYTES
;
74 arg_assert(!(msgsize & (BLOWFISH_BLOCKBYTES-1)));
78 if (msgsize & (BLOWFISH_BLOCKBYTES-1)) return "not multiple of block size"
80 #define FOREACH_BLOCK(func,inptr,outptr) \
83 blowfish_cbc_setiv(&md->cbc, md->iv); \
84 for (ptr= buf->start; \
85 ptr < buf->start + msgsize; \
86 ptr += BLOWFISH_BLOCKBYTES) { \
87 func(&md->cbc,inptr,outptr); \
91 static void menc_blowfish(struct mechdata
*md
, struct buffer
*buf
) {
92 unsigned long msgsize
;
94 FOREACH_BLOCK(blowfish_cbc_encrypt
,ptr
,ptr
);
97 static const char *mdec_blowfish(struct mechdata
*md
, struct buffer
*buf
) {
98 unsigned long msgsize
;
100 FOREACH_BLOCK(blowfish_cbc_decrypt
,ptr
,ptr
);
104 static void menc_bfmac(struct mechdata
*md
, struct buffer
*buf
) {
105 unsigned long msgsize
;
106 unsigned char outblock
[BLOWFISH_BLOCKBYTES
];
109 FOREACH_BLOCK(blowfish_cbc_encrypt
,ptr
,outblock
);
110 memcpy(buf_prepend(buf
,BLOWFISH_BLOCKBYTES
), outblock
, BLOWFISH_BLOCKBYTES
);
113 static const char *mdec_bfmac(struct mechdata
*md
, struct buffer
*buf
) {
114 unsigned long msgsize
;
115 unsigned char outblock
[BLOWFISH_BLOCKBYTES
];
116 unsigned char *checkblock
;
118 BUF_UNPREPEND(checkblock
,buf
,BLOWFISH_BLOCKBYTES
);
120 FOREACH_BLOCK(blowfish_cbc_encrypt
,ptr
,outblock
);
121 if (memcmp(checkblock
,outblock
,BLOWFISH_BLOCKBYTES
)) return "verify failed";
125 const struct mechanism mechlist_blowfish
[]= {
126 STANDARD_MECHANISM("blowfish-cbcmac", bfmac
)
127 STANDARD_MECHANISM("blowfish-cbc", blowfish
)