2 * Blowfish mechanism for udp tunnel
4 * mechanisms: blowfish-cbc, blowfish-cbcmac
5 * arguments: key size in bits (must be multiple of 8)
7 * key values: 8 byte random IV and n byte random key
9 * restrictions: plaintext length must be multiple of block size (8 bytes)
10 * encoding: do CBC encryption overwriting message
11 * encoding for MAC: do CBC and prepend last ciphertext block
14 * Copyright (C) 2000 Ian Jackson
16 * This is free software; you can redistribute it and/or modify it
17 * under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
21 * This program is distributed in the hope that it will be useful, but
22 * WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
24 * General Public License for more details.
26 * You should have received a copy of the GNU General Public License
27 * along with userv-utils; if not, write to the Free Software
28 * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
31 #include "forwarder.h"
35 unsigned char iv
[BLOWFISH_BLOCKBYTES
];
36 struct blowfish_cbc_state cbc
;
39 static void mds_blowfish(struct mechdata
**md_r
) {
41 unsigned long keysize
;
42 unsigned char key
[BLOWFISH_MAXKEYBYTES
];
46 keysize
= getarg_ulong();
47 arg_assert(!(keysize
& 7));
49 arg_assert(keysize
> 0 && keysize
<= BLOWFISH_MAXKEYBYTES
);
51 random_key(md
->iv
,sizeof(md
->iv
));
52 random_key(key
,keysize
);
54 blowfish_loadkey(&md
->cbc
.ek
, key
,keysize
);
58 static void mes_blowfish(struct mechdata
**md_r
, int *maxprefix_io
, int *maxsuffix_io
) {
62 static void mds_bfmac(struct mechdata
**md_r
) {
66 static void mes_bfmac(struct mechdata
**md_r
, int *maxprefix_io
, int *maxsuffix_io
) {
68 *maxprefix_io
+= BLOWFISH_BLOCKBYTES
;
73 arg_assert(!(msgsize & (BLOWFISH_BLOCKBYTES-1)));
77 if (msgsize & (BLOWFISH_BLOCKBYTES-1)) return "not multiple of block size"
79 #define FOREACH_BLOCK(func,inptr,outptr) \
82 blowfish_cbc_setiv(&md->cbc, md->iv); \
83 for (ptr= buf->start; \
84 ptr < buf->start + msgsize; \
85 ptr += BLOWFISH_BLOCKBYTES) { \
86 func(&md->cbc,inptr,outptr); \
90 static void menc_blowfish(struct mechdata
*md
, struct buffer
*buf
) {
91 unsigned long msgsize
;
93 FOREACH_BLOCK(blowfish_cbc_encrypt
,ptr
,ptr
);
96 static const char *mdec_blowfish(struct mechdata
*md
, struct buffer
*buf
) {
97 unsigned long msgsize
;
99 FOREACH_BLOCK(blowfish_cbc_decrypt
,ptr
,ptr
);
103 static void menc_bfmac(struct mechdata
*md
, struct buffer
*buf
) {
104 unsigned long msgsize
;
105 unsigned char outblock
[BLOWFISH_BLOCKBYTES
];
108 FOREACH_BLOCK(blowfish_cbc_encrypt
,ptr
,outblock
);
109 memcpy(buf_prepend(buf
,BLOWFISH_BLOCKBYTES
), outblock
, BLOWFISH_BLOCKBYTES
);
112 static const char *mdec_bfmac(struct mechdata
*md
, struct buffer
*buf
) {
113 unsigned long msgsize
;
114 unsigned char outblock
[BLOWFISH_BLOCKBYTES
];
115 unsigned char *checkblock
;
117 BUF_UNPREPEND(checkblock
,buf
,BLOWFISH_BLOCKBYTES
);
119 FOREACH_BLOCK(blowfish_cbc_encrypt
,ptr
,outblock
);
120 if (memcmp(checkblock
,outblock
,BLOWFISH_BLOCKBYTES
)) return "verify failed";
124 const struct mechanism mechlist_blowfish
[]= {
125 STANDARD_MECHANISM("blowfish-cbcmac", bfmac
)
126 STANDARD_MECHANISM("blowfish-cbc", blowfish
)