2007-05-22 21:32:48 +00:00
|
|
|
/*
|
|
|
|
cipher.c -- Symmetric block cipher handling
|
|
|
|
Copyright (C) 2007 Guus Sliepen <guus@tinc-vpn.org>
|
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
2009-09-29 13:33:58 +00:00
|
|
|
You should have received a copy of the GNU General Public License along
|
|
|
|
with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2007-05-22 21:32:48 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include "system.h"
|
|
|
|
|
|
|
|
#include "cipher.h"
|
2007-05-22 21:44:17 +00:00
|
|
|
#include "logger.h"
|
|
|
|
#include "xalloc.h"
|
2007-05-22 21:32:48 +00:00
|
|
|
|
|
|
|
static struct {
|
2007-05-22 21:44:17 +00:00
|
|
|
const char *name;
|
|
|
|
int algo;
|
|
|
|
int mode;
|
|
|
|
int nid;
|
2007-05-22 21:32:48 +00:00
|
|
|
} ciphertable[] = {
|
|
|
|
{"none", GCRY_CIPHER_NONE, GCRY_CIPHER_MODE_NONE, 0},
|
|
|
|
|
|
|
|
{NULL, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_ECB, 92},
|
|
|
|
{"blowfish", GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, 91},
|
|
|
|
{NULL, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CFB, 93},
|
|
|
|
{NULL, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB, 94},
|
|
|
|
|
|
|
|
{NULL, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 418},
|
|
|
|
{"aes", GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 419},
|
|
|
|
{NULL, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CFB, 421},
|
|
|
|
{NULL, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_OFB, 420},
|
|
|
|
|
|
|
|
{NULL, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_ECB, 422},
|
|
|
|
{"aes192", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC, 423},
|
|
|
|
{NULL, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CFB, 425},
|
|
|
|
{NULL, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_OFB, 424},
|
|
|
|
|
|
|
|
{NULL, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_ECB, 426},
|
|
|
|
{"aes256", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 427},
|
|
|
|
{NULL, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB, 429},
|
|
|
|
{NULL, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB, 428},
|
|
|
|
};
|
|
|
|
|
2007-05-22 21:44:17 +00:00
|
|
|
static bool nametocipher(const char *name, int *algo, int *mode) {
|
2008-12-14 12:47:26 +00:00
|
|
|
size_t i;
|
2007-05-22 21:32:48 +00:00
|
|
|
|
|
|
|
for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) {
|
|
|
|
if(ciphertable[i].name && !strcasecmp(name, ciphertable[i].name)) {
|
|
|
|
*algo = ciphertable[i].algo;
|
|
|
|
*mode = ciphertable[i].mode;
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2007-05-22 21:44:17 +00:00
|
|
|
static bool nidtocipher(int nid, int *algo, int *mode) {
|
2008-12-14 12:47:26 +00:00
|
|
|
size_t i;
|
2007-05-22 21:32:48 +00:00
|
|
|
|
|
|
|
for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) {
|
|
|
|
if(nid == ciphertable[i].nid) {
|
|
|
|
*algo = ciphertable[i].algo;
|
|
|
|
*mode = ciphertable[i].mode;
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2007-05-22 21:44:17 +00:00
|
|
|
static bool ciphertonid(int algo, int mode, int *nid) {
|
2008-12-14 12:47:26 +00:00
|
|
|
size_t i;
|
2007-05-22 21:32:48 +00:00
|
|
|
|
|
|
|
for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) {
|
|
|
|
if(algo == ciphertable[i].algo && mode == ciphertable[i].mode) {
|
|
|
|
*nid = ciphertable[i].nid;
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
static bool cipher_open(cipher_t *cipher, int algo, int mode) {
|
|
|
|
gcry_error_t err;
|
|
|
|
|
|
|
|
if(!ciphertonid(algo, mode, &cipher->nid)) {
|
2012-02-26 17:37:36 +00:00
|
|
|
logger(DEBUG_ALWAYS, LOG_DEBUG, "Cipher %d mode %d has no corresponding nid!", algo, mode);
|
2007-05-22 21:32:48 +00:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if((err = gcry_cipher_open(&cipher->handle, algo, mode, 0))) {
|
2012-02-26 17:37:36 +00:00
|
|
|
logger(DEBUG_ALWAYS, LOG_DEBUG, "Unable to intialise cipher %d mode %d: %s", algo, mode, gcry_strerror(err));
|
2007-05-22 21:32:48 +00:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
cipher->keylen = gcry_cipher_get_algo_keylen(algo);
|
2009-11-04 23:02:42 +00:00
|
|
|
cipher->blklen = gcry_cipher_get_algo_blklen(algo);
|
2007-05-22 21:44:17 +00:00
|
|
|
cipher->key = xmalloc(cipher->keylen + cipher->blklen);
|
2009-11-04 23:02:42 +00:00
|
|
|
cipher->padding = mode == GCRY_CIPHER_MODE_ECB || mode == GCRY_CIPHER_MODE_CBC;
|
2007-05-22 21:32:48 +00:00
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool cipher_open_by_name(cipher_t *cipher, const char *name) {
|
|
|
|
int algo, mode;
|
|
|
|
|
|
|
|
if(!nametocipher(name, &algo, &mode)) {
|
2012-02-26 17:37:36 +00:00
|
|
|
logger(DEBUG_ALWAYS, LOG_DEBUG, "Unknown cipher name '%s'!", name);
|
2007-05-22 21:32:48 +00:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return cipher_open(cipher, algo, mode);
|
|
|
|
}
|
|
|
|
|
|
|
|
bool cipher_open_by_nid(cipher_t *cipher, int nid) {
|
|
|
|
int algo, mode;
|
|
|
|
|
|
|
|
if(!nidtocipher(nid, &algo, &mode)) {
|
2012-02-26 17:37:36 +00:00
|
|
|
logger(DEBUG_ALWAYS, LOG_DEBUG, "Unknown cipher ID %d!", nid);
|
2007-05-22 21:32:48 +00:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return cipher_open(cipher, algo, mode);
|
|
|
|
}
|
|
|
|
|
|
|
|
bool cipher_open_blowfish_ofb(cipher_t *cipher) {
|
|
|
|
return cipher_open(cipher, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB);
|
|
|
|
}
|
|
|
|
|
|
|
|
void cipher_close(cipher_t *cipher) {
|
|
|
|
if(cipher->handle) {
|
|
|
|
gcry_cipher_close(cipher->handle);
|
|
|
|
cipher->handle = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if(cipher->key) {
|
|
|
|
free(cipher->key);
|
|
|
|
cipher->key = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-05-22 23:41:22 +00:00
|
|
|
size_t cipher_keylength(const cipher_t *cipher) {
|
|
|
|
return cipher->keylen + cipher->blklen;
|
|
|
|
}
|
|
|
|
|
|
|
|
void cipher_get_key(const cipher_t *cipher, void *key) {
|
|
|
|
memcpy(key, cipher->key, cipher->keylen + cipher->blklen);
|
|
|
|
}
|
|
|
|
|
2007-05-23 13:45:49 +00:00
|
|
|
bool cipher_set_key(cipher_t *cipher, void *key, bool encrypt) {
|
2007-05-22 23:41:22 +00:00
|
|
|
memcpy(cipher->key, key, cipher->keylen + cipher->blklen);
|
|
|
|
|
|
|
|
gcry_cipher_setkey(cipher->handle, cipher->key, cipher->keylen);
|
|
|
|
gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2007-09-04 14:58:52 +00:00
|
|
|
bool cipher_set_key_from_rsa(cipher_t *cipher, void *key, size_t len, bool encrypt) {
|
2007-05-23 13:45:49 +00:00
|
|
|
memcpy(cipher->key, key + len - cipher->keylen, cipher->keylen + cipher->blklen);
|
|
|
|
memcpy(cipher->key + cipher->keylen, key + len - cipher->keylen - cipher->blklen, cipher->blklen);
|
|
|
|
|
|
|
|
gcry_cipher_setkey(cipher->handle, cipher->key, cipher->keylen);
|
|
|
|
gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool cipher_regenerate_key(cipher_t *cipher, bool encrypt) {
|
2007-05-22 21:32:48 +00:00
|
|
|
gcry_create_nonce(cipher->key, cipher->keylen + cipher->blklen);
|
|
|
|
|
|
|
|
gcry_cipher_setkey(cipher->handle, cipher->key, cipher->keylen);
|
2007-05-22 21:44:17 +00:00
|
|
|
gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
|
2007-05-22 21:32:48 +00:00
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2009-11-04 23:02:42 +00:00
|
|
|
bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) {
|
|
|
|
gcry_error_t err;
|
|
|
|
uint8_t pad[cipher->blklen];
|
2007-05-22 21:32:48 +00:00
|
|
|
|
2009-11-04 23:02:42 +00:00
|
|
|
if(cipher->padding) {
|
|
|
|
if(!oneshot)
|
|
|
|
return false;
|
2007-05-22 21:32:48 +00:00
|
|
|
|
2009-12-19 22:23:25 +00:00
|
|
|
size_t reqlen = ((inlen + cipher->blklen) / cipher->blklen) * cipher->blklen;
|
|
|
|
|
|
|
|
if(*outlen < reqlen) {
|
2012-02-26 17:37:36 +00:00
|
|
|
logger(DEBUG_ALWAYS, LOG_ERR, "Error while encrypting: not enough room for padding");
|
2009-12-19 22:23:25 +00:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2009-11-04 23:02:42 +00:00
|
|
|
uint8_t padbyte = reqlen - inlen;
|
|
|
|
inlen = reqlen - cipher->blklen;
|
2007-05-22 21:32:48 +00:00
|
|
|
|
2009-11-04 23:02:42 +00:00
|
|
|
for(int i = 0; i < cipher->blklen; i++)
|
|
|
|
if(i < cipher->blklen - padbyte)
|
|
|
|
pad[i] = ((uint8_t *)indata)[inlen + i];
|
|
|
|
else
|
|
|
|
pad[i] = padbyte;
|
2007-05-22 21:32:48 +00:00
|
|
|
}
|
2009-11-04 23:02:42 +00:00
|
|
|
|
2009-12-19 19:10:38 +00:00
|
|
|
if(oneshot)
|
|
|
|
gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
|
|
|
|
|
2009-11-04 23:02:42 +00:00
|
|
|
if((err = gcry_cipher_encrypt(cipher->handle, outdata, *outlen, indata, inlen))) {
|
2012-02-26 17:37:36 +00:00
|
|
|
logger(DEBUG_ALWAYS, LOG_ERR, "Error while encrypting: %s", gcry_strerror(err));
|
2007-05-22 21:32:48 +00:00
|
|
|
return false;
|
2009-11-04 23:02:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if(cipher->padding) {
|
|
|
|
if((err = gcry_cipher_encrypt(cipher->handle, outdata + inlen, cipher->blklen, pad, cipher->blklen))) {
|
2012-02-26 17:37:36 +00:00
|
|
|
logger(DEBUG_ALWAYS, LOG_ERR, "Error while encrypting: %s", gcry_strerror(err));
|
2009-11-04 23:02:42 +00:00
|
|
|
return false;
|
|
|
|
}
|
2007-05-22 21:32:48 +00:00
|
|
|
|
2009-11-04 23:02:42 +00:00
|
|
|
inlen += cipher->blklen;
|
|
|
|
}
|
2007-05-22 21:32:48 +00:00
|
|
|
|
2009-11-04 23:02:42 +00:00
|
|
|
*outlen = inlen;
|
2007-05-22 21:32:48 +00:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2009-11-04 23:02:42 +00:00
|
|
|
bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) {
|
2007-05-22 21:32:48 +00:00
|
|
|
gcry_error_t err;
|
|
|
|
|
2009-12-19 19:10:38 +00:00
|
|
|
if(oneshot)
|
|
|
|
gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
|
|
|
|
|
2009-11-04 23:02:42 +00:00
|
|
|
if((err = gcry_cipher_decrypt(cipher->handle, outdata, *outlen, indata, inlen))) {
|
2012-02-26 17:37:36 +00:00
|
|
|
logger(DEBUG_ALWAYS, LOG_ERR, "Error while decrypting: %s", gcry_strerror(err));
|
2007-05-22 21:32:48 +00:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2009-11-04 23:02:42 +00:00
|
|
|
if(cipher->padding) {
|
|
|
|
if(!oneshot)
|
|
|
|
return false;
|
2007-05-22 21:32:48 +00:00
|
|
|
|
2009-11-04 23:02:42 +00:00
|
|
|
uint8_t padbyte = ((uint8_t *)outdata)[inlen - 1];
|
2007-05-22 21:32:48 +00:00
|
|
|
|
2009-12-19 17:57:54 +00:00
|
|
|
if(padbyte == 0 || padbyte > cipher->blklen || padbyte > inlen) {
|
2012-02-26 17:37:36 +00:00
|
|
|
logger(DEBUG_ALWAYS, LOG_ERR, "Error while decrypting: invalid padding");
|
2009-11-04 23:02:42 +00:00
|
|
|
return false;
|
2009-12-19 17:57:54 +00:00
|
|
|
}
|
2007-05-23 13:45:49 +00:00
|
|
|
|
2009-11-04 23:02:42 +00:00
|
|
|
size_t origlen = inlen - padbyte;
|
|
|
|
|
|
|
|
for(int i = inlen - 1; i >= origlen; i--)
|
2009-12-19 17:57:54 +00:00
|
|
|
if(((uint8_t *)outdata)[i] != padbyte) {
|
2012-02-26 17:37:36 +00:00
|
|
|
logger(DEBUG_ALWAYS, LOG_ERR, "Error while decrypting: invalid padding");
|
2009-11-04 23:02:42 +00:00
|
|
|
return false;
|
2009-12-19 17:57:54 +00:00
|
|
|
}
|
2009-11-04 23:02:42 +00:00
|
|
|
|
|
|
|
*outlen = origlen;
|
2009-12-19 22:23:25 +00:00
|
|
|
} else
|
|
|
|
*outlen = inlen;
|
2007-05-22 21:32:48 +00:00
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2007-05-22 23:41:22 +00:00
|
|
|
int cipher_get_nid(const cipher_t *cipher) {
|
2007-05-22 21:32:48 +00:00
|
|
|
return cipher->nid;
|
|
|
|
}
|
|
|
|
|
2007-05-22 23:41:22 +00:00
|
|
|
bool cipher_active(const cipher_t *cipher) {
|
|
|
|
return cipher->nid != 0;
|
|
|
|
}
|