133965Sjdp/* $OpenBSD: e_rc2.c,v 1.29 2024/04/09 13:52:41 beck Exp $ */ 233965Sjdp/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 333965Sjdp * All rights reserved. 433965Sjdp * 533965Sjdp * This package is an SSL implementation written 633965Sjdp * by Eric Young (eay@cryptsoft.com). 733965Sjdp * The implementation was written so as to conform with Netscapes SSL. 833965Sjdp * 933965Sjdp * This library is free for commercial and non-commercial use as long as 1033965Sjdp * the following conditions are aheared to. The following conditions 1133965Sjdp * apply to all code found in this distribution, be it the RC4, RSA, 1233965Sjdp * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1333965Sjdp * included with this distribution is covered by the same copyright terms 1433965Sjdp * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1533965Sjdp * 1633965Sjdp * Copyright remains Eric Young's, and as such any Copyright notices in 1733965Sjdp * the code are not to be removed. 1833965Sjdp * If this package is used in a product, Eric Young should be given attribution 1933965Sjdp * as the author of the parts of the library used. 2033965Sjdp * This can be in the form of a textual message at program startup or 2133965Sjdp * in documentation (online or textual) provided with the package. 2233965Sjdp * 2333965Sjdp * Redistribution and use in source and binary forms, with or without 2433965Sjdp * modification, are permitted provided that the following conditions 2533965Sjdp * are met: 2633965Sjdp * 1. Redistributions of source code must retain the copyright 2733965Sjdp * notice, this list of conditions and the following disclaimer. 2833965Sjdp * 2. Redistributions in binary form must reproduce the above copyright 2933965Sjdp * notice, this list of conditions and the following disclaimer in the 3033965Sjdp * documentation and/or other materials provided with the distribution. 3133965Sjdp * 3. All advertising materials mentioning features or use of this software 3233965Sjdp * must display the following acknowledgement: 3333965Sjdp * "This product includes cryptographic software written by 3433965Sjdp * Eric Young (eay@cryptsoft.com)" 3533965Sjdp * The word 'cryptographic' can be left out if the rouines from the library 3633965Sjdp * being used are not cryptographic related :-). 3733965Sjdp * 4. If you include any Windows specific code (or a derivative thereof) from 3833965Sjdp * the apps directory (application code) you must include an acknowledgement: 3933965Sjdp * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 4033965Sjdp * 4133965Sjdp * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4233965Sjdp * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4333965Sjdp * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4433965Sjdp * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4533965Sjdp * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4633965Sjdp * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4733965Sjdp * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4833965Sjdp * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4933965Sjdp * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5033965Sjdp * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59#include <limits.h> 60#include <stdio.h> 61 62#include <openssl/opensslconf.h> 63 64#ifndef OPENSSL_NO_RC2 65 66#include <openssl/err.h> 67#include <openssl/evp.h> 68#include <openssl/objects.h> 69#include <openssl/rc2.h> 70 71#include "evp_local.h" 72 73static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 74 const unsigned char *iv, int enc); 75static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx); 76static int rc2_magic_to_meth(int i); 77static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); 78static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); 79static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); 80 81typedef struct { 82 int key_bits; /* effective key bits */ 83 RC2_KEY ks; /* key schedule */ 84} EVP_RC2_KEY; 85 86#define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data) 87 88static int 89rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) 90{ 91 size_t chunk = LONG_MAX & ~0xff; 92 93 while (inl >= chunk) { 94 RC2_cbc_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); 95 inl -= chunk; 96 in += chunk; 97 out += chunk; 98 } 99 100 if (inl) 101 RC2_cbc_encrypt(in, out, (long)inl, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); 102 103 return 1; 104} 105 106static int 107rc2_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) 108{ 109 size_t chunk = LONG_MAX & ~0xff; 110 111 if (inl < chunk) 112 chunk = inl; 113 114 while (inl && inl >= chunk) { 115 RC2_cfb64_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); 116 inl -= chunk; 117 in += chunk; 118 out += chunk; 119 if (inl < chunk) 120 chunk = inl; 121 } 122 123 return 1; 124} 125 126static int 127rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) 128{ 129 size_t i, bl; 130 131 bl = ctx->cipher->block_size; 132 133 if (inl < bl) 134 return 1; 135 136 inl -= bl; 137 138 for (i = 0; i <= inl; i += bl) 139 RC2_ecb_encrypt(in + i, out + i, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->encrypt); 140 141 return 1; 142} 143 144static int 145rc2_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) 146{ 147 size_t chunk = LONG_MAX & ~0xff; 148 149 while (inl >= chunk) { 150 RC2_ofb64_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); 151 inl -= chunk; 152 in += chunk; 153 out += chunk; 154 } 155 156 if (inl) 157 RC2_ofb64_encrypt(in, out, (long)inl, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); 158 159 return 1; 160} 161 162static const EVP_CIPHER rc2_cbc = { 163 .nid = NID_rc2_cbc, 164 .block_size = 8, 165 .key_len = RC2_KEY_LENGTH, 166 .iv_len = 8, 167 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_CBC_MODE, 168 .init = rc2_init_key, 169 .do_cipher = rc2_cbc_cipher, 170 .cleanup = NULL, 171 .ctx_size = sizeof(EVP_RC2_KEY), 172 .set_asn1_parameters = rc2_set_asn1_type_and_iv, 173 .get_asn1_parameters = rc2_get_asn1_type_and_iv, 174 .ctrl = rc2_ctrl, 175}; 176 177const EVP_CIPHER * 178EVP_rc2_cbc(void) 179{ 180 return &rc2_cbc; 181} 182LCRYPTO_ALIAS(EVP_rc2_cbc); 183 184static const EVP_CIPHER rc2_cfb64 = { 185 .nid = NID_rc2_cfb64, 186 .block_size = 1, 187 .key_len = RC2_KEY_LENGTH, 188 .iv_len = 8, 189 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_CFB_MODE, 190 .init = rc2_init_key, 191 .do_cipher = rc2_cfb64_cipher, 192 .cleanup = NULL, 193 .ctx_size = sizeof(EVP_RC2_KEY), 194 .set_asn1_parameters = rc2_set_asn1_type_and_iv, 195 .get_asn1_parameters = rc2_get_asn1_type_and_iv, 196 .ctrl = rc2_ctrl, 197}; 198 199const EVP_CIPHER * 200EVP_rc2_cfb64(void) 201{ 202 return &rc2_cfb64; 203} 204LCRYPTO_ALIAS(EVP_rc2_cfb64); 205 206static const EVP_CIPHER rc2_ofb = { 207 .nid = NID_rc2_ofb64, 208 .block_size = 1, 209 .key_len = RC2_KEY_LENGTH, 210 .iv_len = 8, 211 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_OFB_MODE, 212 .init = rc2_init_key, 213 .do_cipher = rc2_ofb_cipher, 214 .cleanup = NULL, 215 .ctx_size = sizeof(EVP_RC2_KEY), 216 .set_asn1_parameters = rc2_set_asn1_type_and_iv, 217 .get_asn1_parameters = rc2_get_asn1_type_and_iv, 218 .ctrl = rc2_ctrl, 219}; 220 221const EVP_CIPHER * 222EVP_rc2_ofb(void) 223{ 224 return &rc2_ofb; 225} 226LCRYPTO_ALIAS(EVP_rc2_ofb); 227 228static const EVP_CIPHER rc2_ecb = { 229 .nid = NID_rc2_ecb, 230 .block_size = 8, 231 .key_len = RC2_KEY_LENGTH, 232 .iv_len = 0, 233 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_ECB_MODE, 234 .init = rc2_init_key, 235 .do_cipher = rc2_ecb_cipher, 236 .cleanup = NULL, 237 .ctx_size = sizeof(EVP_RC2_KEY), 238 .set_asn1_parameters = rc2_set_asn1_type_and_iv, 239 .get_asn1_parameters = rc2_get_asn1_type_and_iv, 240 .ctrl = rc2_ctrl, 241}; 242 243const EVP_CIPHER * 244EVP_rc2_ecb(void) 245{ 246 return &rc2_ecb; 247} 248LCRYPTO_ALIAS(EVP_rc2_ecb); 249 250#define RC2_40_MAGIC 0xa0 251#define RC2_64_MAGIC 0x78 252#define RC2_128_MAGIC 0x3a 253 254static const EVP_CIPHER r2_64_cbc_cipher = { 255 .nid = NID_rc2_64_cbc, 256 .block_size = 8, 257 .key_len = 8, 258 .iv_len = 8, 259 .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, 260 .init = rc2_init_key, 261 .do_cipher = rc2_cbc_cipher, 262 .cleanup = NULL, 263 .ctx_size = sizeof(EVP_RC2_KEY), 264 .set_asn1_parameters = rc2_set_asn1_type_and_iv, 265 .get_asn1_parameters = rc2_get_asn1_type_and_iv, 266 .ctrl = rc2_ctrl, 267}; 268 269static const EVP_CIPHER r2_40_cbc_cipher = { 270 .nid = NID_rc2_40_cbc, 271 .block_size = 8, 272 .key_len = 5, 273 .iv_len = 8, 274 .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, 275 .init = rc2_init_key, 276 .do_cipher = rc2_cbc_cipher, 277 .cleanup = NULL, 278 .ctx_size = sizeof(EVP_RC2_KEY), 279 .set_asn1_parameters = rc2_set_asn1_type_and_iv, 280 .get_asn1_parameters = rc2_get_asn1_type_and_iv, 281 .ctrl = rc2_ctrl, 282}; 283 284const EVP_CIPHER * 285EVP_rc2_64_cbc(void) 286{ 287 return (&r2_64_cbc_cipher); 288} 289LCRYPTO_ALIAS(EVP_rc2_64_cbc); 290 291const EVP_CIPHER * 292EVP_rc2_40_cbc(void) 293{ 294 return (&r2_40_cbc_cipher); 295} 296LCRYPTO_ALIAS(EVP_rc2_40_cbc); 297 298static int 299rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 300 const unsigned char *iv, int enc) 301{ 302 RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), 303 key, data(ctx)->key_bits); 304 return 1; 305} 306 307static int 308rc2_meth_to_magic(EVP_CIPHER_CTX *e) 309{ 310 int i; 311 312 if (EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i) <= 0) 313 return (0); 314 if (i == 128) 315 return (RC2_128_MAGIC); 316 else if (i == 64) 317 return (RC2_64_MAGIC); 318 else if (i == 40) 319 return (RC2_40_MAGIC); 320 else 321 return (0); 322} 323 324static int 325rc2_magic_to_meth(int i) 326{ 327 if (i == RC2_128_MAGIC) 328 return 128; 329 else if (i == RC2_64_MAGIC) 330 return 64; 331 else if (i == RC2_40_MAGIC) 332 return 40; 333 else { 334 EVPerror(EVP_R_UNSUPPORTED_KEY_SIZE); 335 return (0); 336 } 337} 338 339static int 340rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) 341{ 342 long num = 0; 343 int i = 0; 344 int key_bits; 345 int l; 346 unsigned char iv[EVP_MAX_IV_LENGTH]; 347 348 if (type != NULL) { 349 l = EVP_CIPHER_CTX_iv_length(c); 350 if (l < 0 || l > sizeof(iv)) { 351 EVPerror(EVP_R_IV_TOO_LARGE); 352 return -1; 353 } 354 i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l); 355 if (i != l) 356 return (-1); 357 key_bits = rc2_magic_to_meth((int)num); 358 if (!key_bits) 359 return (-1); 360 if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1)) 361 return -1; 362 if (EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, 363 key_bits, NULL) <= 0) 364 return -1; 365 if (!EVP_CIPHER_CTX_set_key_length(c, key_bits / 8)) 366 return -1; 367 } 368 return (i); 369} 370 371static int 372rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) 373{ 374 long num; 375 int i = 0, j; 376 377 if (type != NULL) { 378 num = rc2_meth_to_magic(c); 379 j = EVP_CIPHER_CTX_iv_length(c); 380 if (j < 0 || j > sizeof(c->oiv)) 381 return 0; 382 i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j); 383 } 384 return (i); 385} 386 387static int 388rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) 389{ 390 switch (type) { 391 case EVP_CTRL_INIT: 392 data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8; 393 return 1; 394 395 case EVP_CTRL_GET_RC2_KEY_BITS: 396 *(int *)ptr = data(c)->key_bits; 397 return 1; 398 399 case EVP_CTRL_SET_RC2_KEY_BITS: 400 if (arg > 0) { 401 data(c)->key_bits = arg; 402 return 1; 403 } 404 return 0; 405 406 default: 407 return -1; 408 } 409} 410 411#endif 412