1 /* $NetBSD: evp-hcrypto.c,v 1.2 2017/01/28 21:31:47 christos Exp $ */ 2 3 /* 4 * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include <config.h> 37 #include <krb5/roken.h> 38 39 #define HC_DEPRECATED 40 41 #include <assert.h> 42 43 #include <evp.h> 44 #include <evp-hcrypto.h> 45 46 #include <krb5/krb5-types.h> 47 48 #include <des.h> 49 #include "camellia.h" 50 #include <aes.h> 51 52 #include <rc2.h> 53 #include <rc4.h> 54 55 #include <sha.h> 56 #include <md2.h> 57 #include <md4.h> 58 #include <md5.h> 59 60 /* 61 * 62 */ 63 64 static int 65 aes_init(EVP_CIPHER_CTX *ctx, 66 const unsigned char * key, 67 const unsigned char * iv, 68 int encp) 69 { 70 AES_KEY *k = ctx->cipher_data; 71 if (ctx->encrypt || EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB8_MODE) 72 AES_set_encrypt_key(key, ctx->cipher->key_len * 8, k); 73 else 74 AES_set_decrypt_key(key, ctx->cipher->key_len * 8, k); 75 return 1; 76 } 77 78 static int 79 aes_do_cipher(EVP_CIPHER_CTX *ctx, 80 unsigned char *out, 81 const unsigned char *in, 82 unsigned int size) 83 { 84 AES_KEY *k = ctx->cipher_data; 85 if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB8_MODE) 86 AES_cfb8_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); 87 else 88 AES_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); 89 return 1; 90 } 91 92 /** 93 * The AES-128 cipher type (hcrypto) 94 * 95 * @return the AES-128 EVP_CIPHER pointer. 96 * 97 * @ingroup hcrypto_evp 98 */ 99 100 const EVP_CIPHER * 101 EVP_hcrypto_aes_128_cbc(void) 102 { 103 static const EVP_CIPHER aes_128_cbc = { 104 0, 105 16, 106 16, 107 16, 108 EVP_CIPH_CBC_MODE, 109 aes_init, 110 aes_do_cipher, 111 NULL, 112 sizeof(AES_KEY), 113 NULL, 114 NULL, 115 NULL, 116 NULL 117 }; 118 119 return &aes_128_cbc; 120 } 121 122 /** 123 * The AES-192 cipher type (hcrypto) 124 * 125 * @return the AES-192 EVP_CIPHER pointer. 126 * 127 * @ingroup hcrypto_evp 128 */ 129 130 const EVP_CIPHER * 131 EVP_hcrypto_aes_192_cbc(void) 132 { 133 static const EVP_CIPHER aes_192_cbc = { 134 0, 135 16, 136 24, 137 16, 138 EVP_CIPH_CBC_MODE, 139 aes_init, 140 aes_do_cipher, 141 NULL, 142 sizeof(AES_KEY), 143 NULL, 144 NULL, 145 NULL, 146 NULL 147 }; 148 return &aes_192_cbc; 149 } 150 151 /** 152 * The AES-256 cipher type (hcrypto) 153 * 154 * @return the AES-256 EVP_CIPHER pointer. 155 * 156 * @ingroup hcrypto_evp 157 */ 158 159 const EVP_CIPHER * 160 EVP_hcrypto_aes_256_cbc(void) 161 { 162 static const EVP_CIPHER aes_256_cbc = { 163 0, 164 16, 165 32, 166 16, 167 EVP_CIPH_CBC_MODE, 168 aes_init, 169 aes_do_cipher, 170 NULL, 171 sizeof(AES_KEY), 172 NULL, 173 NULL, 174 NULL, 175 NULL 176 }; 177 return &aes_256_cbc; 178 } 179 180 /** 181 * The AES-128 CFB8 cipher type (hcrypto) 182 * 183 * @return the AES-128 EVP_CIPHER pointer. 184 * 185 * @ingroup hcrypto_evp 186 */ 187 188 const EVP_CIPHER * 189 EVP_hcrypto_aes_128_cfb8(void) 190 { 191 static const EVP_CIPHER aes_128_cfb8 = { 192 0, 193 1, 194 16, 195 16, 196 EVP_CIPH_CFB8_MODE, 197 aes_init, 198 aes_do_cipher, 199 NULL, 200 sizeof(AES_KEY), 201 NULL, 202 NULL, 203 NULL, 204 NULL 205 }; 206 207 return &aes_128_cfb8; 208 } 209 210 /** 211 * The AES-192 CFB8 cipher type (hcrypto) 212 * 213 * @return the AES-192 EVP_CIPHER pointer. 214 * 215 * @ingroup hcrypto_evp 216 */ 217 218 const EVP_CIPHER * 219 EVP_hcrypto_aes_192_cfb8(void) 220 { 221 static const EVP_CIPHER aes_192_cfb8 = { 222 0, 223 1, 224 24, 225 16, 226 EVP_CIPH_CFB8_MODE, 227 aes_init, 228 aes_do_cipher, 229 NULL, 230 sizeof(AES_KEY), 231 NULL, 232 NULL, 233 NULL, 234 NULL 235 }; 236 return &aes_192_cfb8; 237 } 238 239 /** 240 * The AES-256 CFB8 cipher type (hcrypto) 241 * 242 * @return the AES-256 EVP_CIPHER pointer. 243 * 244 * @ingroup hcrypto_evp 245 */ 246 247 const EVP_CIPHER * 248 EVP_hcrypto_aes_256_cfb8(void) 249 { 250 static const EVP_CIPHER aes_256_cfb8 = { 251 0, 252 1, 253 32, 254 16, 255 EVP_CIPH_CFB8_MODE, 256 aes_init, 257 aes_do_cipher, 258 NULL, 259 sizeof(AES_KEY), 260 NULL, 261 NULL, 262 NULL, 263 NULL 264 }; 265 return &aes_256_cfb8; 266 } 267 268 /** 269 * The message digest SHA256 - hcrypto 270 * 271 * @return the message digest type. 272 * 273 * @ingroup hcrypto_evp 274 */ 275 276 const EVP_MD * 277 EVP_hcrypto_sha256(void) 278 { 279 static const struct hc_evp_md sha256 = { 280 32, 281 64, 282 sizeof(SHA256_CTX), 283 (hc_evp_md_init)SHA256_Init, 284 (hc_evp_md_update)SHA256_Update, 285 (hc_evp_md_final)SHA256_Final, 286 NULL 287 }; 288 return &sha256; 289 } 290 291 /** 292 * The message digest SHA384 - hcrypto 293 * 294 * @return the message digest type. 295 * 296 * @ingroup hcrypto_evp 297 */ 298 299 const EVP_MD * 300 EVP_hcrypto_sha384(void) 301 { 302 static const struct hc_evp_md sha384 = { 303 48, 304 128, 305 sizeof(SHA384_CTX), 306 (hc_evp_md_init)SHA384_Init, 307 (hc_evp_md_update)SHA384_Update, 308 (hc_evp_md_final)SHA384_Final, 309 NULL 310 }; 311 return &sha384; 312 } 313 314 /** 315 * The message digest SHA512 - hcrypto 316 * 317 * @return the message digest type. 318 * 319 * @ingroup hcrypto_evp 320 */ 321 322 const EVP_MD * 323 EVP_hcrypto_sha512(void) 324 { 325 static const struct hc_evp_md sha512 = { 326 64, 327 128, 328 sizeof(SHA512_CTX), 329 (hc_evp_md_init)SHA512_Init, 330 (hc_evp_md_update)SHA512_Update, 331 (hc_evp_md_final)SHA512_Final, 332 NULL 333 }; 334 return &sha512; 335 } 336 337 /** 338 * The message digest SHA1 - hcrypto 339 * 340 * @return the message digest type. 341 * 342 * @ingroup hcrypto_evp 343 */ 344 345 const EVP_MD * 346 EVP_hcrypto_sha1(void) 347 { 348 static const struct hc_evp_md sha1 = { 349 20, 350 64, 351 sizeof(SHA_CTX), 352 (hc_evp_md_init)SHA1_Init, 353 (hc_evp_md_update)SHA1_Update, 354 (hc_evp_md_final)SHA1_Final, 355 NULL 356 }; 357 return &sha1; 358 } 359 360 /** 361 * The message digest MD5 - hcrypto 362 * 363 * @return the message digest type. 364 * 365 * @ingroup hcrypto_evp 366 */ 367 368 const EVP_MD * 369 EVP_hcrypto_md5(void) 370 { 371 static const struct hc_evp_md md5 = { 372 16, 373 64, 374 sizeof(MD5_CTX), 375 (hc_evp_md_init)MD5_Init, 376 (hc_evp_md_update)MD5_Update, 377 (hc_evp_md_final)MD5_Final, 378 NULL 379 }; 380 return &md5; 381 } 382 383 /** 384 * The message digest MD4 - hcrypto 385 * 386 * @return the message digest type. 387 * 388 * @ingroup hcrypto_evp 389 */ 390 391 const EVP_MD * 392 EVP_hcrypto_md4(void) 393 { 394 static const struct hc_evp_md md4 = { 395 16, 396 64, 397 sizeof(MD4_CTX), 398 (hc_evp_md_init)MD4_Init, 399 (hc_evp_md_update)MD4_Update, 400 (hc_evp_md_final)MD4_Final, 401 NULL 402 }; 403 return &md4; 404 } 405 406 /** 407 * The message digest MD2 - hcrypto 408 * 409 * @return the message digest type. 410 * 411 * @ingroup hcrypto_evp 412 */ 413 414 const EVP_MD * 415 EVP_hcrypto_md2(void) 416 { 417 static const struct hc_evp_md md2 = { 418 16, 419 16, 420 sizeof(MD2_CTX), 421 (hc_evp_md_init)MD2_Init, 422 (hc_evp_md_update)MD2_Update, 423 (hc_evp_md_final)MD2_Final, 424 NULL 425 }; 426 return &md2; 427 } 428 429 /* 430 * 431 */ 432 433 static int 434 des_cbc_init(EVP_CIPHER_CTX *ctx, 435 const unsigned char * key, 436 const unsigned char * iv, 437 int encp) 438 { 439 DES_key_schedule *k = ctx->cipher_data; 440 DES_cblock deskey; 441 memcpy(&deskey, key, sizeof(deskey)); 442 DES_set_key_unchecked(&deskey, k); 443 return 1; 444 } 445 446 static int 447 des_cbc_do_cipher(EVP_CIPHER_CTX *ctx, 448 unsigned char *out, 449 const unsigned char *in, 450 unsigned int size) 451 { 452 DES_key_schedule *k = ctx->cipher_data; 453 DES_cbc_encrypt(in, out, size, 454 k, (DES_cblock *)ctx->iv, ctx->encrypt); 455 return 1; 456 } 457 458 /** 459 * The DES cipher type 460 * 461 * @return the DES-CBC EVP_CIPHER pointer. 462 * 463 * @ingroup hcrypto_evp 464 */ 465 466 const EVP_CIPHER * 467 EVP_hcrypto_des_cbc(void) 468 { 469 static const EVP_CIPHER des_cbc = { 470 0, 471 8, 472 8, 473 8, 474 EVP_CIPH_CBC_MODE, 475 des_cbc_init, 476 des_cbc_do_cipher, 477 NULL, 478 sizeof(DES_key_schedule), 479 NULL, 480 NULL, 481 NULL, 482 NULL 483 }; 484 return &des_cbc; 485 } 486 487 /* 488 * 489 */ 490 491 struct des_ede3_cbc { 492 DES_key_schedule ks[3]; 493 }; 494 495 static int 496 des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, 497 const unsigned char * key, 498 const unsigned char * iv, 499 int encp) 500 { 501 struct des_ede3_cbc *k = ctx->cipher_data; 502 DES_cblock deskey; 503 504 memcpy(&deskey, key, sizeof(deskey)); 505 DES_set_odd_parity(&deskey); 506 DES_set_key_unchecked(&deskey, &k->ks[0]); 507 508 memcpy(&deskey, key + 8, sizeof(deskey)); 509 DES_set_odd_parity(&deskey); 510 DES_set_key_unchecked(&deskey, &k->ks[1]); 511 512 memcpy(&deskey, key + 16, sizeof(deskey)); 513 DES_set_odd_parity(&deskey); 514 DES_set_key_unchecked(&deskey, &k->ks[2]); 515 516 return 1; 517 } 518 519 static int 520 des_ede3_cbc_do_cipher(EVP_CIPHER_CTX *ctx, 521 unsigned char *out, 522 const unsigned char *in, 523 unsigned int size) 524 { 525 struct des_ede3_cbc *k = ctx->cipher_data; 526 DES_ede3_cbc_encrypt(in, out, size, 527 &k->ks[0], &k->ks[1], &k->ks[2], 528 (DES_cblock *)ctx->iv, ctx->encrypt); 529 return 1; 530 } 531 532 /** 533 * The triple DES cipher type - hcrypto 534 * 535 * @return the DES-EDE3-CBC EVP_CIPHER pointer. 536 * 537 * @ingroup hcrypto_evp 538 */ 539 540 const EVP_CIPHER * 541 EVP_hcrypto_des_ede3_cbc(void) 542 { 543 static const EVP_CIPHER des_ede3_cbc = { 544 0, 545 8, 546 24, 547 8, 548 EVP_CIPH_CBC_MODE, 549 des_ede3_cbc_init, 550 des_ede3_cbc_do_cipher, 551 NULL, 552 sizeof(struct des_ede3_cbc), 553 NULL, 554 NULL, 555 NULL, 556 NULL 557 }; 558 return &des_ede3_cbc; 559 } 560 561 /* 562 * 563 */ 564 565 struct rc2_cbc { 566 unsigned int maximum_effective_key; 567 RC2_KEY key; 568 }; 569 570 static int 571 rc2_init(EVP_CIPHER_CTX *ctx, 572 const unsigned char * key, 573 const unsigned char * iv, 574 int encp) 575 { 576 struct rc2_cbc *k = ctx->cipher_data; 577 k->maximum_effective_key = EVP_CIPHER_CTX_key_length(ctx) * 8; 578 RC2_set_key(&k->key, 579 EVP_CIPHER_CTX_key_length(ctx), 580 key, 581 k->maximum_effective_key); 582 return 1; 583 } 584 585 static int 586 rc2_do_cipher(EVP_CIPHER_CTX *ctx, 587 unsigned char *out, 588 const unsigned char *in, 589 unsigned int size) 590 { 591 struct rc2_cbc *k = ctx->cipher_data; 592 RC2_cbc_encrypt(in, out, size, &k->key, ctx->iv, ctx->encrypt); 593 return 1; 594 } 595 596 /** 597 * The RC2 cipher type - hcrypto 598 * 599 * @return the RC2 EVP_CIPHER pointer. 600 * 601 * @ingroup hcrypto_evp 602 */ 603 604 const EVP_CIPHER * 605 EVP_hcrypto_rc2_cbc(void) 606 { 607 static const EVP_CIPHER rc2_cbc = { 608 0, 609 RC2_BLOCK_SIZE, 610 RC2_KEY_LENGTH, 611 RC2_BLOCK_SIZE, 612 EVP_CIPH_CBC_MODE|EVP_CIPH_VARIABLE_LENGTH, 613 rc2_init, 614 rc2_do_cipher, 615 NULL, 616 sizeof(struct rc2_cbc), 617 NULL, 618 NULL, 619 NULL, 620 NULL 621 }; 622 return &rc2_cbc; 623 } 624 625 /** 626 * The RC2-40 cipher type 627 * 628 * @return the RC2-40 EVP_CIPHER pointer. 629 * 630 * @ingroup hcrypto_evp 631 */ 632 633 const EVP_CIPHER * 634 EVP_hcrypto_rc2_40_cbc(void) 635 { 636 static const EVP_CIPHER rc2_40_cbc = { 637 0, 638 RC2_BLOCK_SIZE, 639 5, 640 RC2_BLOCK_SIZE, 641 EVP_CIPH_CBC_MODE, 642 rc2_init, 643 rc2_do_cipher, 644 NULL, 645 sizeof(struct rc2_cbc), 646 NULL, 647 NULL, 648 NULL, 649 NULL 650 }; 651 return &rc2_40_cbc; 652 } 653 654 /** 655 * The RC2-64 cipher type 656 * 657 * @return the RC2-64 EVP_CIPHER pointer. 658 * 659 * @ingroup hcrypto_evp 660 */ 661 662 const EVP_CIPHER * 663 EVP_hcrypto_rc2_64_cbc(void) 664 { 665 static const EVP_CIPHER rc2_64_cbc = { 666 0, 667 RC2_BLOCK_SIZE, 668 8, 669 RC2_BLOCK_SIZE, 670 EVP_CIPH_CBC_MODE, 671 rc2_init, 672 rc2_do_cipher, 673 NULL, 674 sizeof(struct rc2_cbc), 675 NULL, 676 NULL, 677 NULL, 678 NULL 679 }; 680 return &rc2_64_cbc; 681 } 682 683 static int 684 camellia_init(EVP_CIPHER_CTX *ctx, 685 const unsigned char * key, 686 const unsigned char * iv, 687 int encp) 688 { 689 CAMELLIA_KEY *k = ctx->cipher_data; 690 k->bits = ctx->cipher->key_len * 8; 691 CAMELLIA_set_key(key, ctx->cipher->key_len * 8, k); 692 return 1; 693 } 694 695 static int 696 camellia_do_cipher(EVP_CIPHER_CTX *ctx, 697 unsigned char *out, 698 const unsigned char *in, 699 unsigned int size) 700 { 701 CAMELLIA_KEY *k = ctx->cipher_data; 702 CAMELLIA_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); 703 return 1; 704 } 705 706 /** 707 * The Camellia-128 cipher type - hcrypto 708 * 709 * @return the Camellia-128 EVP_CIPHER pointer. 710 * 711 * @ingroup hcrypto_evp 712 */ 713 714 const EVP_CIPHER * 715 EVP_hcrypto_camellia_128_cbc(void) 716 { 717 static const EVP_CIPHER cipher = { 718 0, 719 16, 720 16, 721 16, 722 EVP_CIPH_CBC_MODE, 723 camellia_init, 724 camellia_do_cipher, 725 NULL, 726 sizeof(CAMELLIA_KEY), 727 NULL, 728 NULL, 729 NULL, 730 NULL 731 }; 732 return &cipher; 733 } 734 735 /** 736 * The Camellia-198 cipher type - hcrypto 737 * 738 * @return the Camellia-198 EVP_CIPHER pointer. 739 * 740 * @ingroup hcrypto_evp 741 */ 742 743 const EVP_CIPHER * 744 EVP_hcrypto_camellia_192_cbc(void) 745 { 746 static const EVP_CIPHER cipher = { 747 0, 748 16, 749 24, 750 16, 751 EVP_CIPH_CBC_MODE, 752 camellia_init, 753 camellia_do_cipher, 754 NULL, 755 sizeof(CAMELLIA_KEY), 756 NULL, 757 NULL, 758 NULL, 759 NULL 760 }; 761 return &cipher; 762 } 763 764 /** 765 * The Camellia-256 cipher type - hcrypto 766 * 767 * @return the Camellia-256 EVP_CIPHER pointer. 768 * 769 * @ingroup hcrypto_evp 770 */ 771 772 const EVP_CIPHER * 773 EVP_hcrypto_camellia_256_cbc(void) 774 { 775 static const EVP_CIPHER cipher = { 776 0, 777 16, 778 32, 779 16, 780 EVP_CIPH_CBC_MODE, 781 camellia_init, 782 camellia_do_cipher, 783 NULL, 784 sizeof(CAMELLIA_KEY), 785 NULL, 786 NULL, 787 NULL, 788 NULL 789 }; 790 return &cipher; 791 } 792 793 static int 794 rc4_init(EVP_CIPHER_CTX *ctx, 795 const unsigned char *key, 796 const unsigned char *iv, 797 int enc) 798 { 799 RC4_KEY *k = ctx->cipher_data; 800 RC4_set_key(k, ctx->key_len, key); 801 return 1; 802 } 803 804 static int 805 rc4_do_cipher(EVP_CIPHER_CTX *ctx, 806 unsigned char *out, 807 const unsigned char *in, 808 unsigned int size) 809 { 810 RC4_KEY *k = ctx->cipher_data; 811 RC4(k, size, in, out); 812 return 1; 813 } 814 815 const EVP_CIPHER * 816 EVP_hcrypto_rc4(void) 817 { 818 static const EVP_CIPHER rc4 = { 819 0, 820 1, 821 16, 822 0, 823 EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH, 824 rc4_init, 825 rc4_do_cipher, 826 NULL, 827 sizeof(RC4_KEY), 828 NULL, 829 NULL, 830 NULL, 831 NULL 832 }; 833 return &rc4; 834 } 835 836 837 const EVP_CIPHER * 838 EVP_hcrypto_rc4_40(void) 839 { 840 static const EVP_CIPHER rc4_40 = { 841 0, 842 1, 843 5, 844 0, 845 EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH, 846 rc4_init, 847 rc4_do_cipher, 848 NULL, 849 sizeof(RC4_KEY), 850 NULL, 851 NULL, 852 NULL, 853 NULL 854 }; 855 return &rc4_40; 856 } 857