/[pkg-mixmaster]/trunk/Mix/Src/crypto.c
ViewVC logotype

Contents of /trunk/Mix/Src/crypto.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 102 - (hide annotations) (download)
Wed Jul 24 07:48:50 2002 UTC (10 years, 9 months ago) by rabbi
File MIME type: text/plain
File size: 10312 byte(s) 
We have changed the compile-time option PASSPHRASE to be named
COMPILEDPASS. We have changed the configuration file option PASS_PHRASE to
be named PASSPHRASE. We have added documentation for the new configuration
file option and made changes in the man page to reflect the name change.

This was done to avoid confusion due to the similarity in names of the
options.
1 rabbi 1 /* Mixmaster version 3 -- (C) 1999 Anonymizer Inc.
2    
3     Mixmaster may be redistributed and modified under certain conditions.
4     This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF
5     ANY KIND, either express or implied. See the file COPYRIGHT for
6     details.
7    
8     Interface to cryptographic library
9 rabbi 102 $Id: crypto.c,v 1.4 2002/07/24 07:48:50 rabbi Exp $ */
10 rabbi 1
11    
12     #include "mix3.h"
13     #include "crypto.h"
14     #include <assert.h>
15    
16     #ifdef USE_OPENSSL
17     int digestmem_md5(byte *b, int n, BUFFER *md)
18     {
19     byte m[MD5_DIGEST_LENGTH];
20    
21     MD5(b, n, m);
22     buf_reset(md);
23     buf_append(md, m, MD5_DIGEST_LENGTH);
24     return (0);
25     }
26    
27     int digest_md5(BUFFER *b, BUFFER *md)
28     {
29     return (digestmem_md5(b->data, b->length, md));
30     }
31    
32     int isdigest_md5(BUFFER *b, BUFFER *md)
33     {
34     int ret;
35     BUFFER *newmd;
36    
37     newmd = buf_new();
38     digest_md5(b, newmd);
39     ret = buf_eq(md, newmd);
40     buf_free(newmd);
41     return (ret);
42     }
43    
44     static int digestmem_sha1(byte *b, int n, BUFFER *md)
45     {
46     byte m[SHA_DIGEST_LENGTH];
47    
48     SHA1(b, n, m);
49     buf_reset(md);
50     buf_append(md, m, SHA_DIGEST_LENGTH);
51     return (0);
52     }
53    
54     int digest_sha1(BUFFER *b, BUFFER *md)
55     {
56     return (digestmem_sha1(b->data, b->length, md));
57     }
58    
59     static int digestmem_rmd160(byte *b, int n, BUFFER *md)
60     {
61     byte m[RIPEMD160_DIGEST_LENGTH];
62    
63     RIPEMD160(b, n, m);
64     buf_reset(md);
65     buf_append(md, m, RIPEMD160_DIGEST_LENGTH);
66     return (0);
67     }
68    
69     int digest_rmd160(BUFFER *b, BUFFER *md)
70     {
71     return (digestmem_rmd160(b->data, b->length, md));
72     }
73    
74     #ifdef USE_RSA
75     #define MAX_RSA_MODULUS_LEN 128
76    
77     static int read_seckey(BUFFER *buf, SECKEY *key, const byte id[])
78     {
79     BUFFER *md;
80     int bits;
81     int len, plen;
82     byte *ptr;
83     int err = 0;
84    
85     md = buf_new();
86     bits = buf->data[0] + 256 * buf->data[1];
87     len = (bits + 7) / 8;
88     plen = (len + 1) / 2;
89    
90     /* due to encryption, buffer size is multiple of 8 */
91     if (3 * len + 5 * plen + 8 < buf->length || 3 * len + 5 * plen > buf->length)
92     return (-1);
93    
94     ptr = buf->data + 2;
95    
96     key->n = BN_bin2bn(ptr, len, NULL);
97     buf_append(md, ptr, len);
98     ptr += len;
99    
100     key->e = BN_bin2bn(ptr, len, NULL);
101     buf_append(md, ptr, len);
102     ptr += len;
103    
104     key->d = BN_bin2bn(ptr, len, NULL);
105     ptr += len;
106    
107     key->p = BN_bin2bn(ptr, plen, NULL);
108     ptr += plen;
109    
110     key->q = BN_bin2bn(ptr, plen, NULL);
111     ptr += plen;
112    
113     key->dmp1 = BN_bin2bn(ptr, plen, NULL);
114     ptr += plen;
115    
116     key->dmq1 = BN_bin2bn(ptr, plen, NULL);
117     ptr += plen;
118    
119     key->iqmp = BN_bin2bn(ptr, plen, NULL);
120     ptr += plen;
121    
122     digest_md5(md, md);
123     if (id)
124     err = (memcmp(id, md->data, 16) == 0) ? 0 : -1;
125     buf_free(md);
126     return (err);
127     }
128    
129     static int read_pubkey(BUFFER *buf, PUBKEY *key, const byte id[])
130     {
131     BUFFER *md;
132     int bits;
133     int len;
134     byte *ptr;
135     int err = 0;
136    
137     md = buf_new();
138     bits = buf->data[0] + 256 * buf->data[1];
139     len = (bits + 7) / 8;
140    
141     if (2 * len + 2 != buf->length)
142     return (-1);
143    
144     ptr = buf->data + 2;
145    
146     key->n = BN_bin2bn(ptr, len, NULL);
147     buf_append(md, ptr, len);
148     ptr += len;
149    
150     key->e = BN_bin2bn(ptr, len, NULL);
151     buf_append(md, ptr, len);
152     ptr += len;
153    
154     digest_md5(md, md);
155     if (id)
156     err = (memcmp(id, md->data, 16) == 0) ? 0 : -1;
157     buf_free(md);
158     return (err);
159     }
160    
161     static int write_seckey(BUFFER *sk, SECKEY *key, byte keyid[])
162     {
163     byte l[128];
164     int n;
165     BUFFER *b, *temp;
166    
167     b = buf_new();
168     temp = buf_new();
169    
170     n = BN_bn2bin(key->n, l);
171     assert(n <= 128);
172     if (n < 128)
173     buf_appendzero(b, 128 - n);
174     buf_append(b, l, n);
175    
176     n = BN_bn2bin(key->e, l);
177     assert(n <= 128);
178     if (n < 128)
179     buf_appendzero(b, 128 - n);
180     buf_append(b, l, n);
181    
182     digest_md5(b, temp);
183     memcpy(keyid, temp->data, 16);
184    
185     buf_appendc(sk, 0);
186     buf_appendc(sk, 4);
187     buf_cat(sk, b);
188    
189     n = BN_bn2bin(key->d, l);
190     assert(n <= 128);
191     if (n < 128)
192     buf_appendzero(sk, 128 - n);
193     buf_append(sk, l, n);
194    
195     n = BN_bn2bin(key->p, l);
196     assert(n <= 64);
197     if (n < 64)
198     buf_appendzero(sk, 64 - n);
199     buf_append(sk, l, n);
200    
201     n = BN_bn2bin(key->q, l);
202     assert(n <= 64);
203     if (n < 64)
204     buf_appendzero(sk, 64 - n);
205     buf_append(sk, l, n);
206    
207     n = BN_bn2bin(key->dmp1, l);
208     assert(n <= 64);
209     if (n < 64)
210     buf_appendzero(sk, 64 - n);
211     buf_append(sk, l, n);
212    
213     n = BN_bn2bin(key->dmq1, l);
214     assert(n <= 64);
215     if (n < 64)
216     buf_appendzero(sk, 64 - n);
217     buf_append(sk, l, n);
218    
219     n = BN_bn2bin(key->iqmp, l);
220     assert(n <= 64);
221     if (n < 64)
222     buf_appendzero(sk, 64 - n);
223     buf_append(sk, l, n);
224    
225     buf_pad(sk, 712); /* encrypt needs a block size multiple of 8 */
226    
227     buf_free(temp);
228     buf_free(b);
229     return (0);
230     }
231    
232     static int write_pubkey(BUFFER *pk, PUBKEY *key, byte keyid[])
233     {
234     byte l[128];
235     int n;
236    
237     buf_appendc(pk, 0);
238     buf_appendc(pk, 4);
239     n = BN_bn2bin(key->n, l);
240     assert(n <= 128);
241     if (n < 128)
242     buf_appendzero(pk, 128 - n);
243     buf_append(pk, l, n);
244     n = BN_bn2bin(key->e, l);
245     assert(n <= 128);
246     if (n < 128)
247     buf_appendzero(pk, 128 - n);
248     buf_append(pk, l, n);
249     return (0);
250     }
251    
252     int seckeytopub(BUFFER *pub, BUFFER *sec, byte keyid[])
253     {
254     RSA *k;
255     int err = 0;
256    
257     k = RSA_new();
258     err = read_seckey(sec, k, keyid);
259     if (err == 0)
260     err = write_pubkey(pub, k, keyid);
261     RSA_free(k);
262     return (err);
263     }
264    
265     int check_pubkey(BUFFER *buf, const byte id[])
266     {
267     RSA *tmp;
268     int ret;
269    
270     tmp = RSA_new();
271     ret = read_pubkey(buf, tmp, id);
272     RSA_free(tmp);
273     return (ret);
274     }
275    
276     int check_seckey(BUFFER *buf, const byte id[])
277     {
278     RSA *tmp;
279     int ret;
280    
281     tmp = RSA_new();
282     ret = read_seckey(buf, tmp, id);
283     RSA_free(tmp);
284     return (ret);
285     }
286    
287     int v2createkey(void)
288     {
289     RSA *k;
290     BUFFER *b, *ek, *iv;
291     int err;
292     FILE *f;
293     byte keyid[16];
294     char line[33];
295    
296     b = buf_new();
297     ek = buf_new();
298     iv = buf_new();
299    
300     errlog(NOTICE, "Generating RSA key.\n");
301     k = RSA_generate_key(1024, 65537, NULL, NULL);
302     err = write_seckey(b, k, keyid);
303     RSA_free(k);
304     if (err == 0) {
305     f = mix_openfile(SECRING, "a");
306     if (f != NULL) {
307     id_encode(keyid, line);
308 rabbi 102 buf_appends(ek, PASSPHRASE);
309 rabbi 1 digest_md5(ek, ek);
310     buf_setrnd(iv, 8);
311     buf_crypt(b, ek, iv, ENCRYPT);
312     encode(b, 40);
313     encode(iv, 0);
314     fprintf(f, "%s\n%s\n0\n%s\n", begin_key, line, iv->data);
315     buf_write(b, f);
316     fprintf(f, "%s\n\n", end_key);
317     fclose(f);
318     } else
319     err = -1;
320     }
321     if (err != 0)
322     errlog(ERRORMSG, "Key generation failed.\n");
323    
324     buf_free(b);
325     buf_free(ek);
326     buf_free(iv);
327     return (err);
328     }
329    
330     int pk_decrypt(BUFFER *in, BUFFER *keybuf)
331     {
332     int err = 0;
333     BUFFER *out;
334     RSA *key;
335    
336     out = buf_new();
337     key = RSA_new();
338     read_seckey(keybuf, key, NULL);
339    
340     buf_prepare(out, in->length);
341     out->length = RSA_private_decrypt(in->length, in->data, out->data, key,
342     RSA_PKCS1_PADDING);
343     if (out->length == -1)
344     err = -1, out->length = 0;
345    
346     RSA_free(key);
347     buf_move(in, out);
348     buf_free(out);
349     return (err);
350     }
351    
352     int pk_encrypt(BUFFER *in, BUFFER *keybuf)
353     {
354     BUFFER *out;
355     RSA *key;
356     int err = 0;
357    
358     out = buf_new();
359     key = RSA_new();
360     read_pubkey(keybuf, key, NULL);
361    
362     buf_prepare(out, RSA_size(key));
363     out->length = RSA_public_encrypt(in->length, in->data, out->data, key,
364     RSA_PKCS1_PADDING);
365     if (out->length == -1)
366     out->length = 0, err = -1;
367     buf_move(in, out);
368     buf_free(out);
369     RSA_free(key);
370     return (err);
371     }
372     #endif /* USE_RSA */
373    
374     int buf_crypt(BUFFER *buf, BUFFER *key, BUFFER *iv, int enc)
375     {
376     des_key_schedule ks1;
377     des_key_schedule ks2;
378     des_key_schedule ks3;
379     des_cblock i;
380    
381     assert(enc == ENCRYPT || enc == DECRYPT);
382     assert((key->length == 16 || key->length == 24) && iv->length == 8);
383     assert(buf->length % 8 == 0);
384    
385     memcpy(i, iv->data, 8); /* leave iv buffer unchanged */
386     des_set_key((const_des_cblock *) key->data, ks1);
387     des_set_key((const_des_cblock *) (key->data + 8), ks2);
388     if (key->length == 16)
389     des_set_key((const_des_cblock *) key->data, ks3);
390     else
391     des_set_key((const_des_cblock *) (key->data + 16), ks3);
392     des_ede3_cbc_encrypt(buf->data, buf->data, buf->length, ks1, ks2, ks3,
393     &i, enc);
394     return (0);
395     }
396    
397     int buf_3descrypt(BUFFER *buf, BUFFER *key, BUFFER *iv, int enc)
398     {
399     int n = 0;
400     des_key_schedule ks1;
401     des_key_schedule ks2;
402     des_key_schedule ks3;
403    
404     assert(enc == ENCRYPT || enc == DECRYPT);
405     assert(key->length == 24 && iv->length == 8);
406    
407     des_set_key((const_des_cblock *) key->data, ks1);
408     des_set_key((const_des_cblock *) (key->data + 8), ks2);
409     des_set_key((const_des_cblock *) (key->data + 16), ks3);
410     des_ede3_cfb64_encrypt(buf->data, buf->data, buf->length, ks1, ks2, ks3,
411     (des_cblock *) iv->data, &n, enc);
412     return (0);
413     }
414    
415     int buf_bfcrypt(BUFFER *buf, BUFFER *key, BUFFER *iv, int enc)
416     {
417     int n = 0;
418     BF_KEY ks;
419    
420     if (key == NULL || key->length == 0)
421     return (-1);
422    
423     assert(enc == ENCRYPT || enc == DECRYPT);
424     assert(key->length == 16 && iv->length == 8);
425     BF_set_key(&ks, key->length, key->data);
426     BF_cfb64_encrypt(buf->data, buf->data, buf->length, &ks, iv->data, &n,
427     enc == ENCRYPT ? BF_ENCRYPT : BF_DECRYPT);
428     return (0);
429     }
430    
431     int buf_castcrypt(BUFFER *buf, BUFFER *key, BUFFER *iv, int enc)
432     {
433     int n = 0;
434     CAST_KEY ks;
435    
436     if (key == NULL || key->length == 0)
437     return (-1);
438    
439     assert(enc == ENCRYPT || enc == DECRYPT);
440     assert(key->length == 16 && iv->length == 8);
441     CAST_set_key(&ks, 16, key->data);
442     CAST_cfb64_encrypt(buf->data, buf->data, buf->length, &ks, iv->data, &n,
443     enc == ENCRYPT ? CAST_ENCRYPT : CAST_DECRYPT);
444     return (0);
445     }
446    
447 rabbi 98 #ifdef USE_AES
448     int buf_aescrypt(BUFFER *buf, BUFFER *key, BUFFER *iv, int enc)
449     {
450     int n = 0;
451     AES_KEY ks;
452    
453     if (key == NULL || key->length == 0)
454     return (-1);
455    
456     assert(enc == ENCRYPT || enc == DECRYPT);
457     assert((key->length == 16 || key->length == 24 || key->length == 32) && iv->length == 16);
458     AES_set_encrypt_key(key->data, key->length<<3, &ks);
459     AES_cfb128_encrypt(buf->data, buf->data, buf->length, &ks, iv->data, &n,
460     enc == ENCRYPT ? AES_ENCRYPT : AES_DECRYPT);
461     return (0);
462     }
463     #endif /* USE_AES */
464    
465 rabbi 1 #ifdef USE_IDEA
466     int buf_ideacrypt(BUFFER *buf, BUFFER *key, BUFFER *iv, int enc)
467     {
468     int n = 0;
469     IDEA_KEY_SCHEDULE ks;
470    
471     if (key == NULL || key->length == 0)
472     return (-1);
473    
474     assert(enc == ENCRYPT || enc == DECRYPT);
475     assert(key->length == 16 && iv->length == 8);
476     idea_set_encrypt_key(key->data, &ks);
477     idea_cfb64_encrypt(buf->data, buf->data, buf->length, &ks, iv->data, &n,
478     enc == ENCRYPT ? IDEA_ENCRYPT : IDEA_DECRYPT);
479     return (0);
480     }
481     #endif /* USE_IDEA */
482     #endif
  ViewVC Help
Powered by ViewVC 1.1.5