133965Sjdp/* $OpenBSD: e_rc2.c,v 1.29 2024/04/09 13:52:41 beck Exp $ */
233965Sjdp/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
333965Sjdp * All rights reserved.
433965Sjdp *
533965Sjdp * This package is an SSL implementation written
633965Sjdp * by Eric Young (eay@cryptsoft.com).
733965Sjdp * The implementation was written so as to conform with Netscapes SSL.
833965Sjdp *
933965Sjdp * This library is free for commercial and non-commercial use as long as
1033965Sjdp * the following conditions are aheared to.  The following conditions
1133965Sjdp * apply to all code found in this distribution, be it the RC4, RSA,
1233965Sjdp * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
1333965Sjdp * included with this distribution is covered by the same copyright terms
1433965Sjdp * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1533965Sjdp *
1633965Sjdp * Copyright remains Eric Young's, and as such any Copyright notices in
1733965Sjdp * the code are not to be removed.
1833965Sjdp * If this package is used in a product, Eric Young should be given attribution
1933965Sjdp * as the author of the parts of the library used.
2033965Sjdp * This can be in the form of a textual message at program startup or
2133965Sjdp * in documentation (online or textual) provided with the package.
2233965Sjdp *
2333965Sjdp * Redistribution and use in source and binary forms, with or without
2433965Sjdp * modification, are permitted provided that the following conditions
2533965Sjdp * are met:
2633965Sjdp * 1. Redistributions of source code must retain the copyright
2733965Sjdp *    notice, this list of conditions and the following disclaimer.
2833965Sjdp * 2. Redistributions in binary form must reproduce the above copyright
2933965Sjdp *    notice, this list of conditions and the following disclaimer in the
3033965Sjdp *    documentation and/or other materials provided with the distribution.
3133965Sjdp * 3. All advertising materials mentioning features or use of this software
3233965Sjdp *    must display the following acknowledgement:
3333965Sjdp *    "This product includes cryptographic software written by
3433965Sjdp *     Eric Young (eay@cryptsoft.com)"
3533965Sjdp *    The word 'cryptographic' can be left out if the rouines from the library
3633965Sjdp *    being used are not cryptographic related :-).
3733965Sjdp * 4. If you include any Windows specific code (or a derivative thereof) from
3833965Sjdp *    the apps directory (application code) you must include an acknowledgement:
3933965Sjdp *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
4033965Sjdp *
4133965Sjdp * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
4233965Sjdp * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
4333965Sjdp * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
4433965Sjdp * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
4533965Sjdp * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
4633965Sjdp * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
4733965Sjdp * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
4833965Sjdp * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
4933965Sjdp * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
5033965Sjdp * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <limits.h>
60#include <stdio.h>
61
62#include <openssl/opensslconf.h>
63
64#ifndef OPENSSL_NO_RC2
65
66#include <openssl/err.h>
67#include <openssl/evp.h>
68#include <openssl/objects.h>
69#include <openssl/rc2.h>
70
71#include "evp_local.h"
72
73static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
74    const unsigned char *iv, int enc);
75static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx);
76static int rc2_magic_to_meth(int i);
77static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
78static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
79static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
80
81typedef struct {
82	int key_bits;	/* effective key bits */
83	RC2_KEY ks;	/* key schedule */
84} EVP_RC2_KEY;
85
86#define data(ctx)	((EVP_RC2_KEY *)(ctx)->cipher_data)
87
88static int
89rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
90{
91	size_t chunk = LONG_MAX & ~0xff;
92
93	while (inl >= chunk) {
94		RC2_cbc_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
95		inl -= chunk;
96		in += chunk;
97		out += chunk;
98	}
99
100	if (inl)
101		RC2_cbc_encrypt(in, out, (long)inl, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
102
103	return 1;
104}
105
106static int
107rc2_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
108{
109	size_t chunk = LONG_MAX & ~0xff;
110
111	if (inl < chunk)
112		chunk = inl;
113
114	while (inl && inl >= chunk) {
115		RC2_cfb64_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
116		inl -= chunk;
117		in += chunk;
118		out += chunk;
119		if (inl < chunk)
120			chunk = inl;
121	}
122
123	return 1;
124}
125
126static int
127rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
128{
129	size_t i, bl;
130
131	bl = ctx->cipher->block_size;
132
133	if (inl < bl)
134		return 1;
135
136	inl -= bl;
137
138	for (i = 0; i <= inl; i += bl)
139		RC2_ecb_encrypt(in + i, out + i, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->encrypt);
140
141	return 1;
142}
143
144static int
145rc2_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
146{
147	size_t chunk = LONG_MAX & ~0xff;
148
149	while (inl >= chunk) {
150		RC2_ofb64_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
151		inl -= chunk;
152		in += chunk;
153		out += chunk;
154	}
155
156	if (inl)
157		RC2_ofb64_encrypt(in, out, (long)inl, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
158
159	return 1;
160}
161
162static const EVP_CIPHER rc2_cbc = {
163	.nid = NID_rc2_cbc,
164	.block_size = 8,
165	.key_len = RC2_KEY_LENGTH,
166	.iv_len = 8,
167	.flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_CBC_MODE,
168	.init = rc2_init_key,
169	.do_cipher = rc2_cbc_cipher,
170	.cleanup = NULL,
171	.ctx_size = sizeof(EVP_RC2_KEY),
172	.set_asn1_parameters = rc2_set_asn1_type_and_iv,
173	.get_asn1_parameters = rc2_get_asn1_type_and_iv,
174	.ctrl = rc2_ctrl,
175};
176
177const EVP_CIPHER *
178EVP_rc2_cbc(void)
179{
180	return &rc2_cbc;
181}
182LCRYPTO_ALIAS(EVP_rc2_cbc);
183
184static const EVP_CIPHER rc2_cfb64 = {
185	.nid = NID_rc2_cfb64,
186	.block_size = 1,
187	.key_len = RC2_KEY_LENGTH,
188	.iv_len = 8,
189	.flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_CFB_MODE,
190	.init = rc2_init_key,
191	.do_cipher = rc2_cfb64_cipher,
192	.cleanup = NULL,
193	.ctx_size = sizeof(EVP_RC2_KEY),
194	.set_asn1_parameters = rc2_set_asn1_type_and_iv,
195	.get_asn1_parameters = rc2_get_asn1_type_and_iv,
196	.ctrl = rc2_ctrl,
197};
198
199const EVP_CIPHER *
200EVP_rc2_cfb64(void)
201{
202	return &rc2_cfb64;
203}
204LCRYPTO_ALIAS(EVP_rc2_cfb64);
205
206static const EVP_CIPHER rc2_ofb = {
207	.nid = NID_rc2_ofb64,
208	.block_size = 1,
209	.key_len = RC2_KEY_LENGTH,
210	.iv_len = 8,
211	.flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_OFB_MODE,
212	.init = rc2_init_key,
213	.do_cipher = rc2_ofb_cipher,
214	.cleanup = NULL,
215	.ctx_size = sizeof(EVP_RC2_KEY),
216	.set_asn1_parameters = rc2_set_asn1_type_and_iv,
217	.get_asn1_parameters = rc2_get_asn1_type_and_iv,
218	.ctrl = rc2_ctrl,
219};
220
221const EVP_CIPHER *
222EVP_rc2_ofb(void)
223{
224	return &rc2_ofb;
225}
226LCRYPTO_ALIAS(EVP_rc2_ofb);
227
228static const EVP_CIPHER rc2_ecb = {
229	.nid = NID_rc2_ecb,
230	.block_size = 8,
231	.key_len = RC2_KEY_LENGTH,
232	.iv_len = 0,
233	.flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_ECB_MODE,
234	.init = rc2_init_key,
235	.do_cipher = rc2_ecb_cipher,
236	.cleanup = NULL,
237	.ctx_size = sizeof(EVP_RC2_KEY),
238	.set_asn1_parameters = rc2_set_asn1_type_and_iv,
239	.get_asn1_parameters = rc2_get_asn1_type_and_iv,
240	.ctrl = rc2_ctrl,
241};
242
243const EVP_CIPHER *
244EVP_rc2_ecb(void)
245{
246	return &rc2_ecb;
247}
248LCRYPTO_ALIAS(EVP_rc2_ecb);
249
250#define RC2_40_MAGIC	0xa0
251#define RC2_64_MAGIC	0x78
252#define RC2_128_MAGIC	0x3a
253
254static const EVP_CIPHER r2_64_cbc_cipher = {
255	.nid = NID_rc2_64_cbc,
256	.block_size = 8,
257	.key_len = 8,
258	.iv_len = 8,
259	.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
260	.init = rc2_init_key,
261	.do_cipher = rc2_cbc_cipher,
262	.cleanup = NULL,
263	.ctx_size = sizeof(EVP_RC2_KEY),
264	.set_asn1_parameters = rc2_set_asn1_type_and_iv,
265	.get_asn1_parameters = rc2_get_asn1_type_and_iv,
266	.ctrl = rc2_ctrl,
267};
268
269static const EVP_CIPHER r2_40_cbc_cipher = {
270	.nid = NID_rc2_40_cbc,
271	.block_size = 8,
272	.key_len = 5,
273	.iv_len = 8,
274	.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
275	.init = rc2_init_key,
276	.do_cipher = rc2_cbc_cipher,
277	.cleanup = NULL,
278	.ctx_size = sizeof(EVP_RC2_KEY),
279	.set_asn1_parameters = rc2_set_asn1_type_and_iv,
280	.get_asn1_parameters = rc2_get_asn1_type_and_iv,
281	.ctrl = rc2_ctrl,
282};
283
284const EVP_CIPHER *
285EVP_rc2_64_cbc(void)
286{
287	return (&r2_64_cbc_cipher);
288}
289LCRYPTO_ALIAS(EVP_rc2_64_cbc);
290
291const EVP_CIPHER *
292EVP_rc2_40_cbc(void)
293{
294	return (&r2_40_cbc_cipher);
295}
296LCRYPTO_ALIAS(EVP_rc2_40_cbc);
297
298static int
299rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
300    const unsigned char *iv, int enc)
301{
302	RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
303	    key, data(ctx)->key_bits);
304	return 1;
305}
306
307static int
308rc2_meth_to_magic(EVP_CIPHER_CTX *e)
309{
310	int i;
311
312	if (EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i) <= 0)
313		return (0);
314	if (i == 128)
315		return (RC2_128_MAGIC);
316	else if (i == 64)
317		return (RC2_64_MAGIC);
318	else if (i == 40)
319		return (RC2_40_MAGIC);
320	else
321		return (0);
322}
323
324static int
325rc2_magic_to_meth(int i)
326{
327	if (i == RC2_128_MAGIC)
328		return 128;
329	else if (i == RC2_64_MAGIC)
330		return 64;
331	else if (i == RC2_40_MAGIC)
332		return 40;
333	else {
334		EVPerror(EVP_R_UNSUPPORTED_KEY_SIZE);
335		return (0);
336	}
337}
338
339static int
340rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
341{
342	long num = 0;
343	int i = 0;
344	int key_bits;
345	int l;
346	unsigned char iv[EVP_MAX_IV_LENGTH];
347
348	if (type != NULL) {
349		l = EVP_CIPHER_CTX_iv_length(c);
350		if (l < 0 || l > sizeof(iv)) {
351			EVPerror(EVP_R_IV_TOO_LARGE);
352			return -1;
353		}
354		i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
355		if (i != l)
356			return (-1);
357		key_bits = rc2_magic_to_meth((int)num);
358		if (!key_bits)
359			return (-1);
360		if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
361			return -1;
362		if (EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS,
363		    key_bits, NULL) <= 0)
364			return -1;
365		if (!EVP_CIPHER_CTX_set_key_length(c, key_bits / 8))
366			return -1;
367	}
368	return (i);
369}
370
371static int
372rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
373{
374	long num;
375	int i = 0, j;
376
377	if (type != NULL) {
378		num = rc2_meth_to_magic(c);
379		j = EVP_CIPHER_CTX_iv_length(c);
380		if (j < 0 || j > sizeof(c->oiv))
381			return 0;
382		i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j);
383	}
384	return (i);
385}
386
387static int
388rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
389{
390	switch (type) {
391	case EVP_CTRL_INIT:
392		data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
393		return 1;
394
395	case EVP_CTRL_GET_RC2_KEY_BITS:
396		*(int *)ptr = data(c)->key_bits;
397		return 1;
398
399	case EVP_CTRL_SET_RC2_KEY_BITS:
400		if (arg > 0) {
401			data(c)->key_bits = arg;
402			return 1;
403		}
404		return 0;
405
406	default:
407		return -1;
408	}
409}
410
411#endif
412