crypto.h revision 1.1 
1/*	$Id: crypto.h,v 1.1 1998/11/15 00:03:48 niklas Exp $	*/
2
3/*
4 * Copyright (c) 1998 Niels Provos.  All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 *    notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 *    notice, this list of conditions and the following disclaimer in the
13 *    documentation and/or other materials provided with the distribution.
14 * 3. All advertising materials mentioning features or use of this software
15 *    must display the following acknowledgement:
16 *	This product includes software developed by Ericsson Radio Systems.
17 * 4. The name of the author may not be used to endorse or promote products
18 *    derived from this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
32/*
33 * This code was written under funding by Ericsson Radio Systems.
34 */
35
36#ifndef _CRYPTO_H_
37#define _CRYPTO_H_
38
39#include <des.h>
40#include <blf.h>
41#include <cast.h>
42
43#define USE_32BIT
44#if defined (USE_64BIT)
45
46#define XOR64(x,y) *(u_int64_t *)(x) ^= *(u_int64_t *)(y);
47#define SET64(x,y) *(u_int64_t *)(x) = *(u_int64_t *)(y);
48
49#elif defined (USE_32BIT)
50
51#define XOR64(x,y) *(u_int32_t *)(x) ^= *(u_int32_t *)(y); \
52   *(u_int32_t *)((u_int8_t *)(x) + 4) ^= *(u_int32_t *)((u_int8_t *)(y) + 4);
53#define SET64(x,y) *(u_int32_t *)(x) = *(u_int32_t *)(y); \
54   *(u_int32_t *)((u_int8_t *)(x) + 4) = *(u_int32_t *)((u_int8_t *)(y) + 4);
55
56#else
57
58#define XOR8(x,y,i) (x)[i] ^= (y)[i];
59#define XOR64(x,y) XOR8(x,y,0); XOR8(x,y,1); XOR8(x,y,2); XOR8(x,y,3); \
60   XOR8(x,y,4); XOR8(x,y,5); XOR8(x,y,6); XOR8(x,y,7);
61#define SET8(x,y,i) (x)[i] = (y)[i];
62#define SET64(x,y) SET8(x,y,0); SET8(x,y,1); SET8(x,y,2); SET8(x,y,3); \
63   SET8(x,y,4); SET8(x,y,5); SET8(x,y,6); SET8(x,y,7);
64
65#endif /* USE_64BIT */
66
67#define SET_32BIT_BIG(x,y) (x)[3]= (y); (x)[2]= (y) >> 8; \
68    (x)[1] = (y) >> 16; (x)[0]= (y) >> 24;
69#define GET_32BIT_BIG(x) (u_int32_t)(x)[3] | ((u_int32_t)(x)[2] << 8) | \
70    ((u_int32_t)(x)[1] << 16)| ((u_int32_t)(x)[0] << 24);
71
72/*
73 * This is standard for all block ciphers we use at the moment.
74 * Theoretically this could increase in future, e.g. for TwoFish.
75 * Keep MAXBLK uptodate
76 */
77#define BLOCKSIZE	8
78
79#define MAXBLK		BLOCKSIZE
80
81struct keystate {
82  struct crypto_xf *xf;			/* Back pointer */
83  u_int16_t	ebytes;			/* Number of encrypted bytes */
84  u_int16_t	dbytes;			/* Number of decrypted bytes */
85  time_t	life;			/* Creation time */
86  u_int8_t	iv[MAXBLK];		/* Next IV to use */
87  u_int8_t	iv2[MAXBLK];
88  u_int8_t	*riv, *liv;
89  union {
90    des_key_schedule desks[3];
91    blf_ctx blfks;
92    cast_key castks;
93  } keydata;
94};
95
96#define ks_des	keydata.desks
97#define ks_blf	keydata.blfks
98#define ks_cast	keydata.castks
99
100/*
101 * Information about the cryptotransform.
102 *
103 * XXX - In regards to the IV (Initialization Vector) the drafts are
104 * completly fucked up and specify a MUST as how it is derived, so
105 * we also have to provide for that. I just don't know where.
106 * Furthermore is this enum needed at all?  It seems to be Oakley IDs
107 * only anyhow, and we already have defines for that in ipsec_doi.h.
108 */
109enum transform {
110  DES_CBC=1,			/* This is a MUST */
111  IDEA_CBC=2,			/* Licensed, DONT use */
112  BLOWFISH_CBC=3,
113  RC5_R16_B64_CBC=4,		/* Licensed, DONT use */
114  TRIPLEDES_CBC=5,			/* This is a SHOULD */
115  CAST_CBC=6
116};
117
118enum cryptoerr {
119  EOKAY,			/* No error */
120  ENOCRYPTO,			/* A none crypto related error, see errno */
121  EWEAKKEY,			/* A weak key was found in key setup */
122  EKEYLEN,			/* The key length was invalid for the cipher */
123};
124
125struct crypto_xf {
126  enum transform id;		/* Oakley ID */
127  char *name;			/* Transform Name */
128  u_int16_t keymin, keymax;	/* Possible Keying Bytes */
129  u_int16_t blocksize;		/* Need to keep IV in the state */
130  struct keystate *state;	/* Key information, can also be passed sep. */
131  enum cryptoerr (*init) (struct keystate *, u_int8_t *, u_int16_t);
132  void (*encrypt) (struct keystate *, u_int8_t *, u_int16_t);
133  void (*decrypt) (struct keystate *, u_int8_t *, u_int16_t);
134};
135
136extern struct keystate *crypto_clone_keystate (struct keystate *);
137extern void crypto_decrypt (struct keystate *, u_int8_t *, u_int16_t);
138extern void crypto_encrypt (struct keystate *, u_int8_t *, u_int16_t);
139extern struct crypto_xf *crypto_get (enum transform);
140extern struct keystate *crypto_init (struct crypto_xf *, u_int8_t *,
141				     u_int16_t, enum cryptoerr *);
142extern void crypto_init_iv (struct keystate *, u_int8_t *, size_t);
143extern void crypto_update_iv (struct keystate *);
144
145#endif /* _CRYPTO_H_ */
146