1/* $NetBSD: evp-hcrypto.c,v 1.1.1.1 2011/04/13 18:14:49 elric Exp $ */ 2 3/* 4 * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36#include <config.h> 37 38#define HC_DEPRECATED 39 40#include <sys/types.h> 41#include <stdio.h> 42#include <stdlib.h> 43#include <string.h> 44#include <assert.h> 45 46#include <evp.h> 47#include <evp-hcrypto.h> 48 49#include <krb5/krb5-types.h> 50 51#include <des.h> 52#include "camellia.h" 53#include <aes.h> 54 55#include <rc2.h> 56#include <rc4.h> 57 58#include <sha.h> 59#include <md2.h> 60#include <md4.h> 61#include <md5.h> 62 63/* 64 * 65 */ 66 67static int 68aes_init(EVP_CIPHER_CTX *ctx, 69 const unsigned char * key, 70 const unsigned char * iv, 71 int encp) 72{ 73 AES_KEY *k = ctx->cipher_data; 74 if (ctx->encrypt) 75 AES_set_encrypt_key(key, ctx->cipher->key_len * 8, k); 76 else 77 AES_set_decrypt_key(key, ctx->cipher->key_len * 8, k); 78 return 1; 79} 80 81static int 82aes_do_cipher(EVP_CIPHER_CTX *ctx, 83 unsigned char *out, 84 const unsigned char *in, 85 unsigned int size) 86{ 87 AES_KEY *k = ctx->cipher_data; 88 if (ctx->flags & EVP_CIPH_CFB8_MODE) 89 AES_cfb8_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); 90 else 91 AES_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); 92 return 1; 93} 94 95/** 96 * The AES-128 cipher type (hcrypto) 97 * 98 * @return the AES-128 EVP_CIPHER pointer. 99 * 100 * @ingroup hcrypto_evp 101 */ 102 103const EVP_CIPHER * 104EVP_hcrypto_aes_128_cbc(void) 105{ 106 static const EVP_CIPHER aes_128_cbc = { 107 0, 108 16, 109 16, 110 16, 111 EVP_CIPH_CBC_MODE, 112 aes_init, 113 aes_do_cipher, 114 NULL, 115 sizeof(AES_KEY), 116 NULL, 117 NULL, 118 NULL, 119 NULL 120 }; 121 122 return &aes_128_cbc; 123} 124 125/** 126 * The AES-192 cipher type (hcrypto) 127 * 128 * @return the AES-192 EVP_CIPHER pointer. 129 * 130 * @ingroup hcrypto_evp 131 */ 132 133const EVP_CIPHER * 134EVP_hcrypto_aes_192_cbc(void) 135{ 136 static const EVP_CIPHER aes_192_cbc = { 137 0, 138 16, 139 24, 140 16, 141 EVP_CIPH_CBC_MODE, 142 aes_init, 143 aes_do_cipher, 144 NULL, 145 sizeof(AES_KEY), 146 NULL, 147 NULL, 148 NULL, 149 NULL 150 }; 151 return &aes_192_cbc; 152} 153 154/** 155 * The AES-256 cipher type (hcrypto) 156 * 157 * @return the AES-256 EVP_CIPHER pointer. 158 * 159 * @ingroup hcrypto_evp 160 */ 161 162const EVP_CIPHER * 163EVP_hcrypto_aes_256_cbc(void) 164{ 165 static const EVP_CIPHER aes_256_cbc = { 166 0, 167 16, 168 32, 169 16, 170 EVP_CIPH_CBC_MODE, 171 aes_init, 172 aes_do_cipher, 173 NULL, 174 sizeof(AES_KEY), 175 NULL, 176 NULL, 177 NULL, 178 NULL 179 }; 180 return &aes_256_cbc; 181} 182 183/** 184 * The AES-128 CFB8 cipher type (hcrypto) 185 * 186 * @return the AES-128 EVP_CIPHER pointer. 187 * 188 * @ingroup hcrypto_evp 189 */ 190 191const EVP_CIPHER * 192EVP_hcrypto_aes_128_cfb8(void) 193{ 194 static const EVP_CIPHER aes_128_cfb8 = { 195 0, 196 1, 197 16, 198 16, 199 EVP_CIPH_CFB8_MODE, 200 aes_init, 201 aes_do_cipher, 202 NULL, 203 sizeof(AES_KEY), 204 NULL, 205 NULL, 206 NULL, 207 NULL 208 }; 209 210 return &aes_128_cfb8; 211} 212 213/** 214 * The AES-192 CFB8 cipher type (hcrypto) 215 * 216 * @return the AES-192 EVP_CIPHER pointer. 217 * 218 * @ingroup hcrypto_evp 219 */ 220 221const EVP_CIPHER * 222EVP_hcrypto_aes_192_cfb8(void) 223{ 224 static const EVP_CIPHER aes_192_cfb8 = { 225 0, 226 1, 227 24, 228 16, 229 EVP_CIPH_CFB8_MODE, 230 aes_init, 231 aes_do_cipher, 232 NULL, 233 sizeof(AES_KEY), 234 NULL, 235 NULL, 236 NULL, 237 NULL 238 }; 239 return &aes_192_cfb8; 240} 241 242/** 243 * The AES-256 CFB8 cipher type (hcrypto) 244 * 245 * @return the AES-256 EVP_CIPHER pointer. 246 * 247 * @ingroup hcrypto_evp 248 */ 249 250const EVP_CIPHER * 251EVP_hcrypto_aes_256_cfb8(void) 252{ 253 static const EVP_CIPHER aes_256_cfb8 = { 254 0, 255 1, 256 32, 257 16, 258 EVP_CIPH_CFB8_MODE, 259 aes_init, 260 aes_do_cipher, 261 NULL, 262 sizeof(AES_KEY), 263 NULL, 264 NULL, 265 NULL, 266 NULL 267 }; 268 return &aes_256_cfb8; 269} 270 271/** 272 * The message digest SHA256 - hcrypto 273 * 274 * @return the message digest type. 275 * 276 * @ingroup hcrypto_evp 277 */ 278 279const EVP_MD * 280EVP_hcrypto_sha256(void) 281{ 282 static const struct hc_evp_md sha256 = { 283 32, 284 64, 285 sizeof(SHA256_CTX), 286 (hc_evp_md_init)SHA256_Init, 287 (hc_evp_md_update)SHA256_Update, 288 (hc_evp_md_final)SHA256_Final, 289 NULL 290 }; 291 return &sha256; 292} 293 294/** 295 * The message digest SHA384 - hcrypto 296 * 297 * @return the message digest type. 298 * 299 * @ingroup hcrypto_evp 300 */ 301 302const EVP_MD * 303EVP_hcrypto_sha384(void) 304{ 305 static const struct hc_evp_md sha384 = { 306 48, 307 128, 308 sizeof(SHA384_CTX), 309 (hc_evp_md_init)SHA384_Init, 310 (hc_evp_md_update)SHA384_Update, 311 (hc_evp_md_final)SHA384_Final, 312 NULL 313 }; 314 return &sha384; 315} 316 317/** 318 * The message digest SHA512 - hcrypto 319 * 320 * @return the message digest type. 321 * 322 * @ingroup hcrypto_evp 323 */ 324 325const EVP_MD * 326EVP_hcrypto_sha512(void) 327{ 328 static const struct hc_evp_md sha512 = { 329 64, 330 128, 331 sizeof(SHA512_CTX), 332 (hc_evp_md_init)SHA512_Init, 333 (hc_evp_md_update)SHA512_Update, 334 (hc_evp_md_final)SHA512_Final, 335 NULL 336 }; 337 return &sha512; 338} 339 340/** 341 * The message digest SHA1 - hcrypto 342 * 343 * @return the message digest type. 344 * 345 * @ingroup hcrypto_evp 346 */ 347 348const EVP_MD * 349EVP_hcrypto_sha1(void) 350{ 351 static const struct hc_evp_md sha1 = { 352 20, 353 64, 354 sizeof(SHA_CTX), 355 (hc_evp_md_init)SHA1_Init, 356 (hc_evp_md_update)SHA1_Update, 357 (hc_evp_md_final)SHA1_Final, 358 NULL 359 }; 360 return &sha1; 361} 362 363/** 364 * The message digest MD5 - hcrypto 365 * 366 * @return the message digest type. 367 * 368 * @ingroup hcrypto_evp 369 */ 370 371const EVP_MD * 372EVP_hcrypto_md5(void) 373{ 374 static const struct hc_evp_md md5 = { 375 16, 376 64, 377 sizeof(MD5_CTX), 378 (hc_evp_md_init)MD5_Init, 379 (hc_evp_md_update)MD5_Update, 380 (hc_evp_md_final)MD5_Final, 381 NULL 382 }; 383 return &md5; 384} 385 386/** 387 * The message digest MD4 - hcrypto 388 * 389 * @return the message digest type. 390 * 391 * @ingroup hcrypto_evp 392 */ 393 394const EVP_MD * 395EVP_hcrypto_md4(void) 396{ 397 static const struct hc_evp_md md4 = { 398 16, 399 64, 400 sizeof(MD4_CTX), 401 (hc_evp_md_init)MD4_Init, 402 (hc_evp_md_update)MD4_Update, 403 (hc_evp_md_final)MD4_Final, 404 NULL 405 }; 406 return &md4; 407} 408 409/** 410 * The message digest MD2 - hcrypto 411 * 412 * @return the message digest type. 413 * 414 * @ingroup hcrypto_evp 415 */ 416 417const EVP_MD * 418EVP_hcrypto_md2(void) 419{ 420 static const struct hc_evp_md md2 = { 421 16, 422 16, 423 sizeof(MD2_CTX), 424 (hc_evp_md_init)MD2_Init, 425 (hc_evp_md_update)MD2_Update, 426 (hc_evp_md_final)MD2_Final, 427 NULL 428 }; 429 return &md2; 430} 431 432/* 433 * 434 */ 435 436static int 437des_cbc_init(EVP_CIPHER_CTX *ctx, 438 const unsigned char * key, 439 const unsigned char * iv, 440 int encp) 441{ 442 DES_key_schedule *k = ctx->cipher_data; 443 DES_cblock deskey; 444 memcpy(&deskey, key, sizeof(deskey)); 445 DES_set_key_unchecked(&deskey, k); 446 return 1; 447} 448 449static int 450des_cbc_do_cipher(EVP_CIPHER_CTX *ctx, 451 unsigned char *out, 452 const unsigned char *in, 453 unsigned int size) 454{ 455 DES_key_schedule *k = ctx->cipher_data; 456 DES_cbc_encrypt(in, out, size, 457 k, (DES_cblock *)ctx->iv, ctx->encrypt); 458 return 1; 459} 460 461/** 462 * The DES cipher type 463 * 464 * @return the DES-CBC EVP_CIPHER pointer. 465 * 466 * @ingroup hcrypto_evp 467 */ 468 469const EVP_CIPHER * 470EVP_hcrypto_des_cbc(void) 471{ 472 static const EVP_CIPHER des_cbc = { 473 0, 474 8, 475 8, 476 8, 477 EVP_CIPH_CBC_MODE, 478 des_cbc_init, 479 des_cbc_do_cipher, 480 NULL, 481 sizeof(DES_key_schedule), 482 NULL, 483 NULL, 484 NULL, 485 NULL 486 }; 487 return &des_cbc; 488} 489 490/* 491 * 492 */ 493 494struct des_ede3_cbc { 495 DES_key_schedule ks[3]; 496}; 497 498static int 499des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, 500 const unsigned char * key, 501 const unsigned char * iv, 502 int encp) 503{ 504 struct des_ede3_cbc *k = ctx->cipher_data; 505 DES_cblock deskey; 506 507 memcpy(&deskey, key, sizeof(deskey)); 508 DES_set_odd_parity(&deskey); 509 DES_set_key_unchecked(&deskey, &k->ks[0]); 510 511 memcpy(&deskey, key + 8, sizeof(deskey)); 512 DES_set_odd_parity(&deskey); 513 DES_set_key_unchecked(&deskey, &k->ks[1]); 514 515 memcpy(&deskey, key + 16, sizeof(deskey)); 516 DES_set_odd_parity(&deskey); 517 DES_set_key_unchecked(&deskey, &k->ks[2]); 518 519 return 1; 520} 521 522static int 523des_ede3_cbc_do_cipher(EVP_CIPHER_CTX *ctx, 524 unsigned char *out, 525 const unsigned char *in, 526 unsigned int size) 527{ 528 struct des_ede3_cbc *k = ctx->cipher_data; 529 DES_ede3_cbc_encrypt(in, out, size, 530 &k->ks[0], &k->ks[1], &k->ks[2], 531 (DES_cblock *)ctx->iv, ctx->encrypt); 532 return 1; 533} 534 535/** 536 * The tripple DES cipher type - hcrypto 537 * 538 * @return the DES-EDE3-CBC EVP_CIPHER pointer. 539 * 540 * @ingroup hcrypto_evp 541 */ 542 543const EVP_CIPHER * 544EVP_hcrypto_des_ede3_cbc(void) 545{ 546 static const EVP_CIPHER des_ede3_cbc = { 547 0, 548 8, 549 24, 550 8, 551 EVP_CIPH_CBC_MODE, 552 des_ede3_cbc_init, 553 des_ede3_cbc_do_cipher, 554 NULL, 555 sizeof(struct des_ede3_cbc), 556 NULL, 557 NULL, 558 NULL, 559 NULL 560 }; 561 return &des_ede3_cbc; 562} 563 564/* 565 * 566 */ 567 568struct rc2_cbc { 569 unsigned int maximum_effective_key; 570 RC2_KEY key; 571}; 572 573static int 574rc2_init(EVP_CIPHER_CTX *ctx, 575 const unsigned char * key, 576 const unsigned char * iv, 577 int encp) 578{ 579 struct rc2_cbc *k = ctx->cipher_data; 580 k->maximum_effective_key = EVP_CIPHER_CTX_key_length(ctx) * 8; 581 RC2_set_key(&k->key, 582 EVP_CIPHER_CTX_key_length(ctx), 583 key, 584 k->maximum_effective_key); 585 return 1; 586} 587 588static int 589rc2_do_cipher(EVP_CIPHER_CTX *ctx, 590 unsigned char *out, 591 const unsigned char *in, 592 unsigned int size) 593{ 594 struct rc2_cbc *k = ctx->cipher_data; 595 RC2_cbc_encrypt(in, out, size, &k->key, ctx->iv, ctx->encrypt); 596 return 1; 597} 598 599/** 600 * The RC2 cipher type - hcrypto 601 * 602 * @return the RC2 EVP_CIPHER pointer. 603 * 604 * @ingroup hcrypto_evp 605 */ 606 607const EVP_CIPHER * 608EVP_hcrypto_rc2_cbc(void) 609{ 610 static const EVP_CIPHER rc2_cbc = { 611 0, 612 RC2_BLOCK_SIZE, 613 RC2_KEY_LENGTH, 614 RC2_BLOCK_SIZE, 615 EVP_CIPH_CBC_MODE|EVP_CIPH_VARIABLE_LENGTH, 616 rc2_init, 617 rc2_do_cipher, 618 NULL, 619 sizeof(struct rc2_cbc), 620 NULL, 621 NULL, 622 NULL, 623 NULL 624 }; 625 return &rc2_cbc; 626} 627 628/** 629 * The RC2-40 cipher type 630 * 631 * @return the RC2-40 EVP_CIPHER pointer. 632 * 633 * @ingroup hcrypto_evp 634 */ 635 636const EVP_CIPHER * 637EVP_hcrypto_rc2_40_cbc(void) 638{ 639 static const EVP_CIPHER rc2_40_cbc = { 640 0, 641 RC2_BLOCK_SIZE, 642 5, 643 RC2_BLOCK_SIZE, 644 EVP_CIPH_CBC_MODE, 645 rc2_init, 646 rc2_do_cipher, 647 NULL, 648 sizeof(struct rc2_cbc), 649 NULL, 650 NULL, 651 NULL, 652 NULL 653 }; 654 return &rc2_40_cbc; 655} 656 657/** 658 * The RC2-64 cipher type 659 * 660 * @return the RC2-64 EVP_CIPHER pointer. 661 * 662 * @ingroup hcrypto_evp 663 */ 664 665const EVP_CIPHER * 666EVP_hcrypto_rc2_64_cbc(void) 667{ 668 static const EVP_CIPHER rc2_64_cbc = { 669 0, 670 RC2_BLOCK_SIZE, 671 8, 672 RC2_BLOCK_SIZE, 673 EVP_CIPH_CBC_MODE, 674 rc2_init, 675 rc2_do_cipher, 676 NULL, 677 sizeof(struct rc2_cbc), 678 NULL, 679 NULL, 680 NULL, 681 NULL 682 }; 683 return &rc2_64_cbc; 684} 685 686static int 687camellia_init(EVP_CIPHER_CTX *ctx, 688 const unsigned char * key, 689 const unsigned char * iv, 690 int encp) 691{ 692 CAMELLIA_KEY *k = ctx->cipher_data; 693 k->bits = ctx->cipher->key_len * 8; 694 CAMELLIA_set_key(key, ctx->cipher->key_len * 8, k); 695 return 1; 696} 697 698static int 699camellia_do_cipher(EVP_CIPHER_CTX *ctx, 700 unsigned char *out, 701 const unsigned char *in, 702 unsigned int size) 703{ 704 CAMELLIA_KEY *k = ctx->cipher_data; 705 CAMELLIA_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); 706 return 1; 707} 708 709/** 710 * The Camellia-128 cipher type - hcrypto 711 * 712 * @return the Camellia-128 EVP_CIPHER pointer. 713 * 714 * @ingroup hcrypto_evp 715 */ 716 717const EVP_CIPHER * 718EVP_hcrypto_camellia_128_cbc(void) 719{ 720 static const EVP_CIPHER cipher = { 721 0, 722 16, 723 16, 724 16, 725 EVP_CIPH_CBC_MODE, 726 camellia_init, 727 camellia_do_cipher, 728 NULL, 729 sizeof(CAMELLIA_KEY), 730 NULL, 731 NULL, 732 NULL, 733 NULL 734 }; 735 return &cipher; 736} 737 738/** 739 * The Camellia-198 cipher type - hcrypto 740 * 741 * @return the Camellia-198 EVP_CIPHER pointer. 742 * 743 * @ingroup hcrypto_evp 744 */ 745 746const EVP_CIPHER * 747EVP_hcrypto_camellia_192_cbc(void) 748{ 749 static const EVP_CIPHER cipher = { 750 0, 751 16, 752 24, 753 16, 754 EVP_CIPH_CBC_MODE, 755 camellia_init, 756 camellia_do_cipher, 757 NULL, 758 sizeof(CAMELLIA_KEY), 759 NULL, 760 NULL, 761 NULL, 762 NULL 763 }; 764 return &cipher; 765} 766 767/** 768 * The Camellia-256 cipher type - hcrypto 769 * 770 * @return the Camellia-256 EVP_CIPHER pointer. 771 * 772 * @ingroup hcrypto_evp 773 */ 774 775const EVP_CIPHER * 776EVP_hcrypto_camellia_256_cbc(void) 777{ 778 static const EVP_CIPHER cipher = { 779 0, 780 16, 781 32, 782 16, 783 EVP_CIPH_CBC_MODE, 784 camellia_init, 785 camellia_do_cipher, 786 NULL, 787 sizeof(CAMELLIA_KEY), 788 NULL, 789 NULL, 790 NULL, 791 NULL 792 }; 793 return &cipher; 794} 795 796static int 797rc4_init(EVP_CIPHER_CTX *ctx, 798 const unsigned char *key, 799 const unsigned char *iv, 800 int enc) 801{ 802 RC4_KEY *k = ctx->cipher_data; 803 RC4_set_key(k, ctx->key_len, key); 804 return 1; 805} 806 807static int 808rc4_do_cipher(EVP_CIPHER_CTX *ctx, 809 unsigned char *out, 810 const unsigned char *in, 811 unsigned int size) 812{ 813 RC4_KEY *k = ctx->cipher_data; 814 RC4(k, size, in, out); 815 return 1; 816} 817 818const EVP_CIPHER * 819EVP_hcrypto_rc4(void) 820{ 821 static const EVP_CIPHER rc4 = { 822 0, 823 1, 824 16, 825 0, 826 EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH, 827 rc4_init, 828 rc4_do_cipher, 829 NULL, 830 sizeof(RC4_KEY), 831 NULL, 832 NULL, 833 NULL, 834 NULL 835 }; 836 return &rc4; 837} 838 839 840const EVP_CIPHER * 841EVP_hcrypto_rc4_40(void) 842{ 843 static const EVP_CIPHER rc4_40 = { 844 0, 845 1, 846 5, 847 0, 848 EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH, 849 rc4_init, 850 rc4_do_cipher, 851 NULL, 852 sizeof(RC4_KEY), 853 NULL, 854 NULL, 855 NULL, 856 NULL 857 }; 858 return &rc4_40; 859} 860