tcrypto.c - mixmaster - mixmaster 3.0 patched for libressl
HTML git clone git://parazyd.org/mixmaster.git
DIR Log
DIR Files
DIR Refs
DIR README
---
tcrypto.c (10677B)
---
1 /* Mixmaster version 3.0 -- (C) 1999 - 2006 Anonymizer Inc. and others.
2
3 Mixmaster may be redistributed and modified under certain conditions.
4 This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF
5 ANY KIND, either express or implied. See the file COPYRIGHT for
6 details.
7
8 Interface to cryptographic library
9 $Id: crypto.c 934 2006-06-24 13:40:39Z rabbi $ */
10
11
12 #include "mix3.h"
13 #include "crypto.h"
14 #include <assert.h>
15 #include <string.h>
16 #include <time.h>
17
18 #ifdef USE_OPENSSL
19 int digestmem_md5(byte *b, int n, BUFFER *md)
20 {
21 byte m[MD5_DIGEST_LENGTH];
22
23 MD5(b, n, m);
24 buf_reset(md);
25 buf_append(md, m, MD5_DIGEST_LENGTH);
26 return (0);
27 }
28
29 int digest_md5(BUFFER *b, BUFFER *md)
30 {
31 return (digestmem_md5(b->data, b->length, md));
32 }
33
34 int isdigest_md5(BUFFER *b, BUFFER *md)
35 {
36 int ret;
37 BUFFER *newmd;
38
39 newmd = buf_new();
40 digest_md5(b, newmd);
41 ret = buf_eq(md, newmd);
42 buf_free(newmd);
43 return (ret);
44 }
45
46 static int digestmem_sha1(byte *b, int n, BUFFER *md)
47 {
48 byte m[SHA_DIGEST_LENGTH];
49
50 SHA1(b, n, m);
51 buf_reset(md);
52 buf_append(md, m, SHA_DIGEST_LENGTH);
53 return (0);
54 }
55
56 int digest_sha1(BUFFER *b, BUFFER *md)
57 {
58 return (digestmem_sha1(b->data, b->length, md));
59 }
60
61 static int digestmem_rmd160(byte *b, int n, BUFFER *md)
62 {
63 byte m[RIPEMD160_DIGEST_LENGTH];
64
65 RIPEMD160(b, n, m);
66 buf_reset(md);
67 buf_append(md, m, RIPEMD160_DIGEST_LENGTH);
68 return (0);
69 }
70
71 int digest_rmd160(BUFFER *b, BUFFER *md)
72 {
73 return (digestmem_rmd160(b->data, b->length, md));
74 }
75
76 #define MAX_RSA_MODULUS_LEN 128
77
78 static int read_seckey(BUFFER *buf, SECKEY *key, const byte id[])
79 {
80 BUFFER *md;
81 int bits;
82 int len, plen;
83 byte *ptr;
84 int err = 0;
85
86 md = buf_new();
87 bits = buf->data[0] + 256 * buf->data[1];
88 len = (bits + 7) / 8;
89 plen = (len + 1) / 2;
90
91 /* due to encryption, buffer size is multiple of 8 */
92 if (3 * len + 5 * plen + 8 < buf->length || 3 * len + 5 * plen > buf->length)
93 return (-1);
94
95 ptr = buf->data + 2;
96
97 key->n = BN_bin2bn(ptr, len, NULL);
98 buf_append(md, ptr, len);
99 ptr += len;
100
101 key->e = BN_bin2bn(ptr, len, NULL);
102 buf_append(md, ptr, len);
103 ptr += len;
104
105 key->d = BN_bin2bn(ptr, len, NULL);
106 ptr += len;
107
108 key->p = BN_bin2bn(ptr, plen, NULL);
109 ptr += plen;
110
111 key->q = BN_bin2bn(ptr, plen, NULL);
112 ptr += plen;
113
114 key->dmp1 = BN_bin2bn(ptr, plen, NULL);
115 ptr += plen;
116
117 key->dmq1 = BN_bin2bn(ptr, plen, NULL);
118 ptr += plen;
119
120 key->iqmp = BN_bin2bn(ptr, plen, NULL);
121 ptr += plen;
122
123 digest_md5(md, md);
124 if (id)
125 err = (memcmp(id, md->data, 16) == 0) ? 0 : -1;
126 buf_free(md);
127 return (err);
128 }
129
130 static int read_pubkey(BUFFER *buf, PUBKEY *key, const byte id[])
131 {
132 BUFFER *md;
133 int bits;
134 int len;
135 byte *ptr;
136 int err = 0;
137
138 md = buf_new();
139 bits = buf->data[0] + 256 * buf->data[1];
140 len = (bits + 7) / 8;
141
142 if (2 * len + 2 != buf->length)
143 return (-1);
144
145 ptr = buf->data + 2;
146
147 key->n = BN_bin2bn(ptr, len, NULL);
148 buf_append(md, ptr, len);
149 ptr += len;
150
151 key->e = BN_bin2bn(ptr, len, NULL);
152 buf_append(md, ptr, len);
153 ptr += len;
154
155 digest_md5(md, md);
156 if (id)
157 err = (memcmp(id, md->data, 16) == 0) ? 0 : -1;
158 buf_free(md);
159 return (err);
160 }
161
162 static int write_seckey(BUFFER *sk, SECKEY *key, byte keyid[])
163 {
164 byte l[128];
165 int n;
166 BUFFER *b, *temp;
167
168 b = buf_new();
169 temp = buf_new();
170
171 n = BN_bn2bin(key->n, l);
172 assert(n <= 128);
173 if (n < 128)
174 buf_appendzero(b, 128 - n);
175 buf_append(b, l, n);
176
177 n = BN_bn2bin(key->e, l);
178 assert(n <= 128);
179 if (n < 128)
180 buf_appendzero(b, 128 - n);
181 buf_append(b, l, n);
182
183 digest_md5(b, temp);
184 memcpy(keyid, temp->data, 16);
185
186 buf_appendc(sk, 0);
187 buf_appendc(sk, 4);
188 buf_cat(sk, b);
189
190 n = BN_bn2bin(key->d, l);
191 assert(n <= 128);
192 if (n < 128)
193 buf_appendzero(sk, 128 - n);
194 buf_append(sk, l, n);
195
196 n = BN_bn2bin(key->p, l);
197 assert(n <= 64);
198 if (n < 64)
199 buf_appendzero(sk, 64 - n);
200 buf_append(sk, l, n);
201
202 n = BN_bn2bin(key->q, l);
203 assert(n <= 64);
204 if (n < 64)
205 buf_appendzero(sk, 64 - n);
206 buf_append(sk, l, n);
207
208 n = BN_bn2bin(key->dmp1, l);
209 assert(n <= 64);
210 if (n < 64)
211 buf_appendzero(sk, 64 - n);
212 buf_append(sk, l, n);
213
214 n = BN_bn2bin(key->dmq1, l);
215 assert(n <= 64);
216 if (n < 64)
217 buf_appendzero(sk, 64 - n);
218 buf_append(sk, l, n);
219
220 n = BN_bn2bin(key->iqmp, l);
221 assert(n <= 64);
222 if (n < 64)
223 buf_appendzero(sk, 64 - n);
224 buf_append(sk, l, n);
225
226 buf_pad(sk, 712); /* encrypt needs a block size multiple of 8 */
227
228 buf_free(temp);
229 buf_free(b);
230 return (0);
231 }
232
233 static int write_pubkey(BUFFER *pk, PUBKEY *key, byte keyid[])
234 {
235 byte l[128];
236 int n;
237
238 buf_appendc(pk, 0);
239 buf_appendc(pk, 4);
240 n = BN_bn2bin(key->n, l);
241 assert(n <= 128);
242 if (n < 128)
243 buf_appendzero(pk, 128 - n);
244 buf_append(pk, l, n);
245 n = BN_bn2bin(key->e, l);
246 assert(n <= 128);
247 if (n < 128)
248 buf_appendzero(pk, 128 - n);
249 buf_append(pk, l, n);
250 return (0);
251 }
252
253 int seckeytopub(BUFFER *pub, BUFFER *sec, byte keyid[])
254 {
255 RSA *k;
256 int err = 0;
257
258 k = RSA_new();
259 err = read_seckey(sec, k, keyid);
260 if (err == 0)
261 err = write_pubkey(pub, k, keyid);
262 RSA_free(k);
263 return (err);
264 }
265
266 int check_pubkey(BUFFER *buf, const byte id[])
267 {
268 RSA *tmp;
269 int ret;
270
271 tmp = RSA_new();
272 ret = read_pubkey(buf, tmp, id);
273 RSA_free(tmp);
274 return (ret);
275 }
276
277 int check_seckey(BUFFER *buf, const byte id[])
278 {
279 RSA *tmp;
280 int ret;
281
282 tmp = RSA_new();
283 ret = read_seckey(buf, tmp, id);
284 RSA_free(tmp);
285 return (ret);
286 }
287
288 int v2createkey(void)
289 {
290 RSA *k;
291 BUFFER *b, *ek, *iv;
292 int err;
293 FILE *f;
294 byte keyid[16];
295 char line[33];
296
297 b = buf_new();
298 ek = buf_new();
299 iv = buf_new();
300
301 errlog(NOTICE, "Generating RSA key.\n");
302 k = RSA_generate_key(1024, 65537, NULL, NULL);
303 err = write_seckey(b, k, keyid);
304 RSA_free(k);
305 if (err == 0) {
306 f = mix_openfile(SECRING, "a");
307 if (f != NULL) {
308 time_t now = time(NULL);
309 struct tm *gt;
310 gt = gmtime(&now);
311 strftime(line, LINELEN, "%Y-%m-%d", gt);
312 fprintf(f, "%s\nCreated: %s\n", begin_key, line);
313 if (KEYLIFETIME) {
314 now += KEYLIFETIME;
315 gt = gmtime(&now);
316 strftime(line, LINELEN, "%Y-%m-%d", gt);
317 fprintf(f, "Expires: %s\n", line);
318 }
319 id_encode(keyid, line);
320 buf_appends(ek, PASSPHRASE);
321 digest_md5(ek, ek);
322 buf_setrnd(iv, 8);
323 buf_crypt(b, ek, iv, ENCRYPT);
324 encode(b, 40);
325 encode(iv, 0);
326 fprintf(f, "%s\n0\n%s\n", line, iv->data);
327 buf_write(b, f);
328 fprintf(f, "%s\n\n", end_key);
329 fclose(f);
330 } else
331 err = -1;
332 }
333 if (err != 0)
334 errlog(ERRORMSG, "Key generation failed.\n");
335
336 buf_free(b);
337 buf_free(ek);
338 buf_free(iv);
339 return (err);
340 }
341
342 int pk_decrypt(BUFFER *in, BUFFER *keybuf)
343 {
344 int err = 0;
345 BUFFER *out;
346 RSA *key;
347
348 out = buf_new();
349 key = RSA_new();
350 read_seckey(keybuf, key, NULL);
351
352 buf_prepare(out, in->length);
353 out->length = RSA_private_decrypt(in->length, in->data, out->data, key,
354 RSA_PKCS1_PADDING);
355 if (out->length == -1)
356 err = -1, out->length = 0;
357
358 RSA_free(key);
359 buf_move(in, out);
360 buf_free(out);
361 return (err);
362 }
363
364 int pk_encrypt(BUFFER *in, BUFFER *keybuf)
365 {
366 BUFFER *out;
367 RSA *key;
368 int err = 0;
369
370 out = buf_new();
371 key = RSA_new();
372 read_pubkey(keybuf, key, NULL);
373
374 buf_prepare(out, RSA_size(key));
375 out->length = RSA_public_encrypt(in->length, in->data, out->data, key,
376 RSA_PKCS1_PADDING);
377 if (out->length == -1)
378 out->length = 0, err = -1;
379 buf_move(in, out);
380 buf_free(out);
381 RSA_free(key);
382 return (err);
383 }
384 int buf_crypt(BUFFER *buf, BUFFER *key, BUFFER *iv, int enc)
385 {
386 DES_key_schedule ks1;
387 DES_key_schedule ks2;
388 DES_key_schedule ks3;
389 DES_cblock i;
390
391 assert(enc == ENCRYPT || enc == DECRYPT);
392 assert((key->length == 16 || key->length == 24) && iv->length == 8);
393 assert(buf->length % 8 == 0);
394
395 memcpy(i, iv->data, 8); /* leave iv buffer unchanged */
396 DES_set_key((const_DES_cblock *) key->data, &ks1);
397 DES_set_key((const_DES_cblock *) (key->data + 8), &ks2);
398 if (key->length == 16)
399 DES_set_key((const_DES_cblock *) key->data, &ks3);
400 else
401 DES_set_key((const_DES_cblock *) (key->data + 16), &ks3);
402 DES_ede3_cbc_encrypt(buf->data, buf->data, buf->length, &ks1, &ks2, &ks3,
403 &i, enc);
404 return (0);
405 }
406
407 int buf_3descrypt(BUFFER *buf, BUFFER *key, BUFFER *iv, int enc)
408 {
409 int n = 0;
410 DES_key_schedule ks1;
411 DES_key_schedule ks2;
412 DES_key_schedule ks3;
413
414 assert(enc == ENCRYPT || enc == DECRYPT);
415 assert(key->length == 24 && iv->length == 8);
416
417 DES_set_key((const_DES_cblock *) key->data, &ks1);
418 DES_set_key((const_DES_cblock *) (key->data + 8), &ks2);
419 DES_set_key((const_DES_cblock *) (key->data + 16), &ks3);
420 DES_ede3_cfb64_encrypt(buf->data, buf->data, buf->length, &ks1, &ks2, &ks3,
421 (DES_cblock *) iv->data, &n, enc);
422 return (0);
423 }
424
425 int buf_bfcrypt(BUFFER *buf, BUFFER *key, BUFFER *iv, int enc)
426 {
427 int n = 0;
428 BF_KEY ks;
429
430 if (key == NULL || key->length == 0)
431 return (-1);
432
433 assert(enc == ENCRYPT || enc == DECRYPT);
434 assert(key->length == 16 && iv->length == 8);
435 BF_set_key(&ks, key->length, key->data);
436 BF_cfb64_encrypt(buf->data, buf->data, buf->length, &ks, iv->data, &n,
437 enc == ENCRYPT ? BF_ENCRYPT : BF_DECRYPT);
438 return (0);
439 }
440
441 int buf_castcrypt(BUFFER *buf, BUFFER *key, BUFFER *iv, int enc)
442 {
443 int n = 0;
444 CAST_KEY ks;
445
446 if (key == NULL || key->length == 0)
447 return (-1);
448
449 assert(enc == ENCRYPT || enc == DECRYPT);
450 assert(key->length == 16 && iv->length == 8);
451 CAST_set_key(&ks, 16, key->data);
452 CAST_cfb64_encrypt(buf->data, buf->data, buf->length, &ks, iv->data, &n,
453 enc == ENCRYPT ? CAST_ENCRYPT : CAST_DECRYPT);
454 return (0);
455 }
456
457 #ifdef USE_AES
458 int buf_aescrypt(BUFFER *buf, BUFFER *key, BUFFER *iv, int enc)
459 {
460 int n = 0;
461 AES_KEY ks;
462
463 if (key == NULL || key->length == 0)
464 return (-1);
465
466 assert(enc == ENCRYPT || enc == DECRYPT);
467 assert((key->length == 16 || key->length == 24 || key->length == 32) && iv->length == 16);
468 AES_set_encrypt_key(key->data, key->length<<3, &ks);
469 AES_cfb128_encrypt(buf->data, buf->data, buf->length, &ks, iv->data, &n,
470 enc == ENCRYPT ? AES_ENCRYPT : AES_DECRYPT);
471 return (0);
472 }
473 #endif /* USE_AES */
474
475 #ifdef USE_IDEA
476 int buf_ideacrypt(BUFFER *buf, BUFFER *key, BUFFER *iv, int enc)
477 {
478 int n = 0;
479 IDEA_KEY_SCHEDULE ks;
480
481 if (key == NULL || key->length == 0)
482 return (-1);
483
484 assert(enc == ENCRYPT || enc == DECRYPT);
485 assert(key->length == 16 && iv->length == 8);
486 idea_set_encrypt_key(key->data, &ks);
487 idea_cfb64_encrypt(buf->data, buf->data, buf->length, &ks, iv->data, &n,
488 enc == ENCRYPT ? IDEA_ENCRYPT : IDEA_DECRYPT);
489 return (0);
490 }
491 #endif /* USE_IDEA */
492 #endif /* USE_OPENSSL */