191722Smike/* $NetBSD: evp-hcrypto.c,v 1.3 2023/06/19 21:41:43 christos Exp $ */ 291722Smike 391722Smike/* 491722Smike * Copyright (c) 2006 - 2008 Kungliga Tekniska H��gskolan 591722Smike * (Royal Institute of Technology, Stockholm, Sweden). 691722Smike * All rights reserved. 791722Smike * 891722Smike * Redistribution and use in source and binary forms, with or without 991722Smike * modification, are permitted provided that the following conditions 1091722Smike * are met: 1191722Smike * 1291722Smike * 1. Redistributions of source code must retain the above copyright 1391722Smike * notice, this list of conditions and the following disclaimer. 1491722Smike * 1591722Smike * 2. Redistributions in binary form must reproduce the above copyright 1691722Smike * notice, this list of conditions and the following disclaimer in the 1791722Smike * documentation and/or other materials provided with the distribution. 1891722Smike * 1991722Smike * 3. Neither the name of the Institute nor the names of its contributors 2091722Smike * may be used to endorse or promote products derived from this software 2191722Smike * without specific prior written permission. 2291722Smike * 2391722Smike * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 2491722Smike * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2591722Smike * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2691722Smike * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 2795740Smike * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2891722Smike * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2991722Smike * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 3091722Smike * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31115212Sru * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32115210Sru * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33115212Sru * SUCH DAMAGE. 34115210Sru */ 35115210Sru 36115212Sru#include <config.h> 3791722Smike#include <krb5/roken.h> 3895740Smike 3991722Smike#define HC_DEPRECATED 4095740Smike 4195740Smike#include <assert.h> 4295740Smike 4395740Smike#include <evp.h> 4495740Smike#include <evp-hcrypto.h> 4595740Smike 4691722Smike#include <krb5/krb5-types.h> 4791722Smike 4891722Smike#include <des.h> 4991722Smike#include "camellia.h" 5091722Smike#include <aes.h> 5191722Smike 5291722Smike#include <rc2.h> 5391722Smike#include <rc4.h> 5491722Smike 5591722Smike#include <sha.h> 5691722Smike#include <md4.h> 5791722Smike#include <md5.h> 5891722Smike 5991722Smike/* 6091722Smike * 6191722Smike */ 6291722Smike 6391722Smikestatic int 6491722Smikeaes_init(EVP_CIPHER_CTX *ctx, 6591722Smike const unsigned char * key, 6691722Smike const unsigned char * iv, 6791722Smike int encp) 6891722Smike{ 69113005Sphk AES_KEY *k = ctx->cipher_data; 70113005Sphk if (ctx->encrypt || EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB8_MODE) 71113005Sphk AES_set_encrypt_key(key, ctx->cipher->key_len * 8, k); 72113005Sphk else 73113005Sphk AES_set_decrypt_key(key, ctx->cipher->key_len * 8, k); 74113005Sphk return 1; 75113005Sphk} 76113005Sphk 77113005Sphkstatic int 78113005Sphkaes_do_cipher(EVP_CIPHER_CTX *ctx, 79113005Sphk unsigned char *out, 80113005Sphk const unsigned char *in, 81113005Sphk unsigned int size) 82115210Sru{ 83113005Sphk AES_KEY *k = ctx->cipher_data; 84115210Sru if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB8_MODE) 85113005Sphk AES_cfb8_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); 86115210Sru else 87113005Sphk AES_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); 88115210Sru return 1; 89113005Sphk} 90115210Sru 91113005Sphk/** 92115210Sru * The AES-128 cipher type (hcrypto) 9391722Smike * 9491722Smike * @return the AES-128 EVP_CIPHER pointer. 9595740Smike * 9695740Smike * @ingroup hcrypto_evp 9795740Smike */ 9895740Smike 9995740Smikeconst EVP_CIPHER * 10095740SmikeEVP_hcrypto_aes_128_cbc(void) 10195740Smike{ 10295740Smike static const EVP_CIPHER aes_128_cbc = { 10395740Smike 0, 10491722Smike 16, 10591722Smike 16, 10691722Smike 16, 10791722Smike EVP_CIPH_CBC_MODE, 10891722Smike aes_init, 10991722Smike aes_do_cipher, 11091722Smike NULL, 11191722Smike sizeof(AES_KEY), 11291722Smike NULL, 11391722Smike NULL, 11491722Smike NULL, 11591722Smike NULL 11691722Smike }; 11791722Smike 11891722Smike return &aes_128_cbc; 11991722Smike} 12091722Smike 12191722Smike/** 12291722Smike * The AES-192 cipher type (hcrypto) 12391722Smike * 12491722Smike * @return the AES-192 EVP_CIPHER pointer. 12591722Smike * 126232254Skevlo * @ingroup hcrypto_evp 12791722Smike */ 12891722Smike 12991722Smikeconst EVP_CIPHER * 13091722SmikeEVP_hcrypto_aes_192_cbc(void) 13191722Smike{ 13291722Smike static const EVP_CIPHER aes_192_cbc = { 13391722Smike 0, 13491722Smike 16, 13591722Smike 24, 13691722Smike 16, 13791722Smike EVP_CIPH_CBC_MODE, 138113005Sphk aes_init, 139113005Sphk aes_do_cipher, 140115210Sru NULL, 141115210Sru sizeof(AES_KEY), 142115210Sru NULL, 143115210Sru NULL, 144115210Sru NULL, 145115210Sru NULL 146115210Sru }; 147115210Sru return &aes_192_cbc; 148115210Sru} 149115210Sru 150115210Sru/** 151115210Sru * The AES-256 cipher type (hcrypto) 152115210Sru * 153113005Sphk * @return the AES-256 EVP_CIPHER pointer. 154113005Sphk * 15591722Smike * @ingroup hcrypto_evp 15691722Smike */ 15791722Smike 158115210Sruconst EVP_CIPHER * 159115210SruEVP_hcrypto_aes_256_cbc(void) 160115210Sru{ 161235693Sgjb static const EVP_CIPHER aes_256_cbc = { 162115210Sru 0, 16391722Smike 16, 16491722Smike 32, 16591722Smike 16, 16691722Smike EVP_CIPH_CBC_MODE, 167113005Sphk aes_init, 168115210Sru aes_do_cipher, 169113005Sphk NULL, 170 sizeof(AES_KEY), 171 NULL, 172 NULL, 173 NULL, 174 NULL 175 }; 176 return &aes_256_cbc; 177} 178 179/** 180 * The AES-128 CFB8 cipher type (hcrypto) 181 * 182 * @return the AES-128 EVP_CIPHER pointer. 183 * 184 * @ingroup hcrypto_evp 185 */ 186 187const EVP_CIPHER * 188EVP_hcrypto_aes_128_cfb8(void) 189{ 190 static const EVP_CIPHER aes_128_cfb8 = { 191 0, 192 1, 193 16, 194 16, 195 EVP_CIPH_CFB8_MODE, 196 aes_init, 197 aes_do_cipher, 198 NULL, 199 sizeof(AES_KEY), 200 NULL, 201 NULL, 202 NULL, 203 NULL 204 }; 205 206 return &aes_128_cfb8; 207} 208 209/** 210 * The AES-192 CFB8 cipher type (hcrypto) 211 * 212 * @return the AES-192 EVP_CIPHER pointer. 213 * 214 * @ingroup hcrypto_evp 215 */ 216 217const EVP_CIPHER * 218EVP_hcrypto_aes_192_cfb8(void) 219{ 220 static const EVP_CIPHER aes_192_cfb8 = { 221 0, 222 1, 223 24, 224 16, 225 EVP_CIPH_CFB8_MODE, 226 aes_init, 227 aes_do_cipher, 228 NULL, 229 sizeof(AES_KEY), 230 NULL, 231 NULL, 232 NULL, 233 NULL 234 }; 235 return &aes_192_cfb8; 236} 237 238/** 239 * The AES-256 CFB8 cipher type (hcrypto) 240 * 241 * @return the AES-256 EVP_CIPHER pointer. 242 * 243 * @ingroup hcrypto_evp 244 */ 245 246const EVP_CIPHER * 247EVP_hcrypto_aes_256_cfb8(void) 248{ 249 static const EVP_CIPHER aes_256_cfb8 = { 250 0, 251 1, 252 32, 253 16, 254 EVP_CIPH_CFB8_MODE, 255 aes_init, 256 aes_do_cipher, 257 NULL, 258 sizeof(AES_KEY), 259 NULL, 260 NULL, 261 NULL, 262 NULL 263 }; 264 return &aes_256_cfb8; 265} 266 267/** 268 * The message digest SHA256 - hcrypto 269 * 270 * @return the message digest type. 271 * 272 * @ingroup hcrypto_evp 273 */ 274 275const EVP_MD * 276EVP_hcrypto_sha256(void) 277{ 278 static const struct hc_evp_md sha256 = { 279 32, 280 64, 281 sizeof(SHA256_CTX), 282 (hc_evp_md_init)SHA256_Init, 283 (hc_evp_md_update)SHA256_Update, 284 (hc_evp_md_final)SHA256_Final, 285 NULL 286 }; 287 return &sha256; 288} 289 290/** 291 * The message digest SHA384 - hcrypto 292 * 293 * @return the message digest type. 294 * 295 * @ingroup hcrypto_evp 296 */ 297 298const EVP_MD * 299EVP_hcrypto_sha384(void) 300{ 301 static const struct hc_evp_md sha384 = { 302 48, 303 128, 304 sizeof(SHA384_CTX), 305 (hc_evp_md_init)SHA384_Init, 306 (hc_evp_md_update)SHA384_Update, 307 (hc_evp_md_final)SHA384_Final, 308 NULL 309 }; 310 return &sha384; 311} 312 313/** 314 * The message digest SHA512 - hcrypto 315 * 316 * @return the message digest type. 317 * 318 * @ingroup hcrypto_evp 319 */ 320 321const EVP_MD * 322EVP_hcrypto_sha512(void) 323{ 324 static const struct hc_evp_md sha512 = { 325 64, 326 128, 327 sizeof(SHA512_CTX), 328 (hc_evp_md_init)SHA512_Init, 329 (hc_evp_md_update)SHA512_Update, 330 (hc_evp_md_final)SHA512_Final, 331 NULL 332 }; 333 return &sha512; 334} 335 336/** 337 * The message digest SHA1 - hcrypto 338 * 339 * @return the message digest type. 340 * 341 * @ingroup hcrypto_evp 342 */ 343 344const EVP_MD * 345EVP_hcrypto_sha1(void) 346{ 347 static const struct hc_evp_md sha1 = { 348 20, 349 64, 350 sizeof(SHA_CTX), 351 (hc_evp_md_init)SHA1_Init, 352 (hc_evp_md_update)SHA1_Update, 353 (hc_evp_md_final)SHA1_Final, 354 NULL 355 }; 356 return &sha1; 357} 358 359/** 360 * The message digest MD5 - hcrypto 361 * 362 * @return the message digest type. 363 * 364 * @ingroup hcrypto_evp 365 */ 366 367const EVP_MD * 368EVP_hcrypto_md5(void) 369{ 370 static const struct hc_evp_md md5 = { 371 16, 372 64, 373 sizeof(MD5_CTX), 374 (hc_evp_md_init)MD5_Init, 375 (hc_evp_md_update)MD5_Update, 376 (hc_evp_md_final)MD5_Final, 377 NULL 378 }; 379 return &md5; 380} 381 382/** 383 * The message digest MD4 - hcrypto 384 * 385 * @return the message digest type. 386 * 387 * @ingroup hcrypto_evp 388 */ 389 390const EVP_MD * 391EVP_hcrypto_md4(void) 392{ 393 static const struct hc_evp_md md4 = { 394 16, 395 64, 396 sizeof(MD4_CTX), 397 (hc_evp_md_init)MD4_Init, 398 (hc_evp_md_update)MD4_Update, 399 (hc_evp_md_final)MD4_Final, 400 NULL 401 }; 402 return &md4; 403} 404 405 406/* 407 * 408 */ 409 410static int 411des_cbc_init(EVP_CIPHER_CTX *ctx, 412 const unsigned char * key, 413 const unsigned char * iv, 414 int encp) 415{ 416 DES_key_schedule *k = ctx->cipher_data; 417 DES_cblock deskey; 418 memcpy(&deskey, key, sizeof(deskey)); 419 DES_set_key_unchecked(&deskey, k); 420 return 1; 421} 422 423static int 424des_cbc_do_cipher(EVP_CIPHER_CTX *ctx, 425 unsigned char *out, 426 const unsigned char *in, 427 unsigned int size) 428{ 429 DES_key_schedule *k = ctx->cipher_data; 430 DES_cbc_encrypt(in, out, size, 431 k, (DES_cblock *)ctx->iv, ctx->encrypt); 432 return 1; 433} 434 435/** 436 * The DES cipher type 437 * 438 * @return the DES-CBC EVP_CIPHER pointer. 439 * 440 * @ingroup hcrypto_evp 441 */ 442 443const EVP_CIPHER * 444EVP_hcrypto_des_cbc(void) 445{ 446 static const EVP_CIPHER des_cbc = { 447 0, 448 8, 449 8, 450 8, 451 EVP_CIPH_CBC_MODE, 452 des_cbc_init, 453 des_cbc_do_cipher, 454 NULL, 455 sizeof(DES_key_schedule), 456 NULL, 457 NULL, 458 NULL, 459 NULL 460 }; 461 return &des_cbc; 462} 463 464/* 465 * 466 */ 467 468struct des_ede3_cbc { 469 DES_key_schedule ks[3]; 470}; 471 472static int 473des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, 474 const unsigned char * key, 475 const unsigned char * iv, 476 int encp) 477{ 478 struct des_ede3_cbc *k = ctx->cipher_data; 479 DES_cblock deskey; 480 481 memcpy(&deskey, key, sizeof(deskey)); 482 DES_set_odd_parity(&deskey); 483 DES_set_key_unchecked(&deskey, &k->ks[0]); 484 485 memcpy(&deskey, key + 8, sizeof(deskey)); 486 DES_set_odd_parity(&deskey); 487 DES_set_key_unchecked(&deskey, &k->ks[1]); 488 489 memcpy(&deskey, key + 16, sizeof(deskey)); 490 DES_set_odd_parity(&deskey); 491 DES_set_key_unchecked(&deskey, &k->ks[2]); 492 493 return 1; 494} 495 496static int 497des_ede3_cbc_do_cipher(EVP_CIPHER_CTX *ctx, 498 unsigned char *out, 499 const unsigned char *in, 500 unsigned int size) 501{ 502 struct des_ede3_cbc *k = ctx->cipher_data; 503 DES_ede3_cbc_encrypt(in, out, size, 504 &k->ks[0], &k->ks[1], &k->ks[2], 505 (DES_cblock *)ctx->iv, ctx->encrypt); 506 return 1; 507} 508 509/** 510 * The triple DES cipher type - hcrypto 511 * 512 * @return the DES-EDE3-CBC EVP_CIPHER pointer. 513 * 514 * @ingroup hcrypto_evp 515 */ 516 517const EVP_CIPHER * 518EVP_hcrypto_des_ede3_cbc(void) 519{ 520 static const EVP_CIPHER des_ede3_cbc = { 521 0, 522 8, 523 24, 524 8, 525 EVP_CIPH_CBC_MODE, 526 des_ede3_cbc_init, 527 des_ede3_cbc_do_cipher, 528 NULL, 529 sizeof(struct des_ede3_cbc), 530 NULL, 531 NULL, 532 NULL, 533 NULL 534 }; 535 return &des_ede3_cbc; 536} 537 538/* 539 * 540 */ 541 542struct rc2_cbc { 543 unsigned int maximum_effective_key; 544 RC2_KEY key; 545}; 546 547static int 548rc2_init(EVP_CIPHER_CTX *ctx, 549 const unsigned char * key, 550 const unsigned char * iv, 551 int encp) 552{ 553 struct rc2_cbc *k = ctx->cipher_data; 554 k->maximum_effective_key = EVP_CIPHER_CTX_key_length(ctx) * 8; 555 RC2_set_key(&k->key, 556 EVP_CIPHER_CTX_key_length(ctx), 557 key, 558 k->maximum_effective_key); 559 return 1; 560} 561 562static int 563rc2_do_cipher(EVP_CIPHER_CTX *ctx, 564 unsigned char *out, 565 const unsigned char *in, 566 unsigned int size) 567{ 568 struct rc2_cbc *k = ctx->cipher_data; 569 RC2_cbc_encrypt(in, out, size, &k->key, ctx->iv, ctx->encrypt); 570 return 1; 571} 572 573/** 574 * The RC2 cipher type - hcrypto 575 * 576 * @return the RC2 EVP_CIPHER pointer. 577 * 578 * @ingroup hcrypto_evp 579 */ 580 581const EVP_CIPHER * 582EVP_hcrypto_rc2_cbc(void) 583{ 584 static const EVP_CIPHER rc2_cbc = { 585 0, 586 RC2_BLOCK_SIZE, 587 RC2_KEY_LENGTH, 588 RC2_BLOCK_SIZE, 589 EVP_CIPH_CBC_MODE|EVP_CIPH_VARIABLE_LENGTH, 590 rc2_init, 591 rc2_do_cipher, 592 NULL, 593 sizeof(struct rc2_cbc), 594 NULL, 595 NULL, 596 NULL, 597 NULL 598 }; 599 return &rc2_cbc; 600} 601 602/** 603 * The RC2-40 cipher type 604 * 605 * @return the RC2-40 EVP_CIPHER pointer. 606 * 607 * @ingroup hcrypto_evp 608 */ 609 610const EVP_CIPHER * 611EVP_hcrypto_rc2_40_cbc(void) 612{ 613 static const EVP_CIPHER rc2_40_cbc = { 614 0, 615 RC2_BLOCK_SIZE, 616 5, 617 RC2_BLOCK_SIZE, 618 EVP_CIPH_CBC_MODE, 619 rc2_init, 620 rc2_do_cipher, 621 NULL, 622 sizeof(struct rc2_cbc), 623 NULL, 624 NULL, 625 NULL, 626 NULL 627 }; 628 return &rc2_40_cbc; 629} 630 631/** 632 * The RC2-64 cipher type 633 * 634 * @return the RC2-64 EVP_CIPHER pointer. 635 * 636 * @ingroup hcrypto_evp 637 */ 638 639const EVP_CIPHER * 640EVP_hcrypto_rc2_64_cbc(void) 641{ 642 static const EVP_CIPHER rc2_64_cbc = { 643 0, 644 RC2_BLOCK_SIZE, 645 8, 646 RC2_BLOCK_SIZE, 647 EVP_CIPH_CBC_MODE, 648 rc2_init, 649 rc2_do_cipher, 650 NULL, 651 sizeof(struct rc2_cbc), 652 NULL, 653 NULL, 654 NULL, 655 NULL 656 }; 657 return &rc2_64_cbc; 658} 659 660static int 661camellia_init(EVP_CIPHER_CTX *ctx, 662 const unsigned char * key, 663 const unsigned char * iv, 664 int encp) 665{ 666 CAMELLIA_KEY *k = ctx->cipher_data; 667 k->bits = ctx->cipher->key_len * 8; 668 CAMELLIA_set_key(key, ctx->cipher->key_len * 8, k); 669 return 1; 670} 671 672static int 673camellia_do_cipher(EVP_CIPHER_CTX *ctx, 674 unsigned char *out, 675 const unsigned char *in, 676 unsigned int size) 677{ 678 CAMELLIA_KEY *k = ctx->cipher_data; 679 CAMELLIA_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); 680 return 1; 681} 682 683/** 684 * The Camellia-128 cipher type - hcrypto 685 * 686 * @return the Camellia-128 EVP_CIPHER pointer. 687 * 688 * @ingroup hcrypto_evp 689 */ 690 691const EVP_CIPHER * 692EVP_hcrypto_camellia_128_cbc(void) 693{ 694 static const EVP_CIPHER cipher = { 695 0, 696 16, 697 16, 698 16, 699 EVP_CIPH_CBC_MODE, 700 camellia_init, 701 camellia_do_cipher, 702 NULL, 703 sizeof(CAMELLIA_KEY), 704 NULL, 705 NULL, 706 NULL, 707 NULL 708 }; 709 return &cipher; 710} 711 712/** 713 * The Camellia-198 cipher type - hcrypto 714 * 715 * @return the Camellia-198 EVP_CIPHER pointer. 716 * 717 * @ingroup hcrypto_evp 718 */ 719 720const EVP_CIPHER * 721EVP_hcrypto_camellia_192_cbc(void) 722{ 723 static const EVP_CIPHER cipher = { 724 0, 725 16, 726 24, 727 16, 728 EVP_CIPH_CBC_MODE, 729 camellia_init, 730 camellia_do_cipher, 731 NULL, 732 sizeof(CAMELLIA_KEY), 733 NULL, 734 NULL, 735 NULL, 736 NULL 737 }; 738 return &cipher; 739} 740 741/** 742 * The Camellia-256 cipher type - hcrypto 743 * 744 * @return the Camellia-256 EVP_CIPHER pointer. 745 * 746 * @ingroup hcrypto_evp 747 */ 748 749const EVP_CIPHER * 750EVP_hcrypto_camellia_256_cbc(void) 751{ 752 static const EVP_CIPHER cipher = { 753 0, 754 16, 755 32, 756 16, 757 EVP_CIPH_CBC_MODE, 758 camellia_init, 759 camellia_do_cipher, 760 NULL, 761 sizeof(CAMELLIA_KEY), 762 NULL, 763 NULL, 764 NULL, 765 NULL 766 }; 767 return &cipher; 768} 769 770static int 771rc4_init(EVP_CIPHER_CTX *ctx, 772 const unsigned char *key, 773 const unsigned char *iv, 774 int enc) 775{ 776 RC4_KEY *k = ctx->cipher_data; 777 RC4_set_key(k, ctx->key_len, key); 778 return 1; 779} 780 781static int 782rc4_do_cipher(EVP_CIPHER_CTX *ctx, 783 unsigned char *out, 784 const unsigned char *in, 785 unsigned int size) 786{ 787 RC4_KEY *k = ctx->cipher_data; 788 RC4(k, size, in, out); 789 return 1; 790} 791 792const EVP_CIPHER * 793EVP_hcrypto_rc4(void) 794{ 795 static const EVP_CIPHER rc4 = { 796 0, 797 1, 798 16, 799 0, 800 EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH, 801 rc4_init, 802 rc4_do_cipher, 803 NULL, 804 sizeof(RC4_KEY), 805 NULL, 806 NULL, 807 NULL, 808 NULL 809 }; 810 return &rc4; 811} 812 813 814const EVP_CIPHER * 815EVP_hcrypto_rc4_40(void) 816{ 817 static const EVP_CIPHER rc4_40 = { 818 0, 819 1, 820 5, 821 0, 822 EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH, 823 rc4_init, 824 rc4_do_cipher, 825 NULL, 826 sizeof(RC4_KEY), 827 NULL, 828 NULL, 829 NULL, 830 NULL 831 }; 832 return &rc4_40; 833} 834