Page MenuHome GnuPG
Files F26446403

cipher.c
No OneTemporary
Actions

cipher.c
View Options

/* cipher.c - cipher dispatcher
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
* 2005, Free Software Foundation, Inc.
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser general Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include "g10lib.h"
#include "cipher.h"
#include "ath.h"
#define MAX_BLOCKSIZE 16
#define TABLE_SIZE 14
#define CTX_MAGIC_NORMAL 0x24091964
#define CTX_MAGIC_SECURE 0x46919042
/* This is the list of the default ciphers, which are included in
libgcrypt. */
static struct cipher_table_entry
{
gcry_cipher_spec_t *cipher;
unsigned int algorithm;
} cipher_table[] =
{
#if USE_BLOWFISH
{ &_gcry_cipher_spec_blowfish, GCRY_CIPHER_BLOWFISH },
#endif
#if USE_DES
{ &_gcry_cipher_spec_des, GCRY_CIPHER_DES },
{ &_gcry_cipher_spec_tripledes, GCRY_CIPHER_3DES },
#endif
#if USE_ARCFOUR
{ &_gcry_cipher_spec_arcfour, GCRY_CIPHER_ARCFOUR },
#endif
#if USE_CAST5
{ &_gcry_cipher_spec_cast5, GCRY_CIPHER_CAST5 },
#endif
#if USE_AES
{ &_gcry_cipher_spec_aes, GCRY_CIPHER_AES },
{ &_gcry_cipher_spec_aes192, GCRY_CIPHER_AES192 },
{ &_gcry_cipher_spec_aes256, GCRY_CIPHER_AES256 },
#endif
#if USE_TWOFISH
{ &_gcry_cipher_spec_twofish, GCRY_CIPHER_TWOFISH },
{ &_gcry_cipher_spec_twofish128, GCRY_CIPHER_TWOFISH128 },
#endif
#if USE_SERPENT
{ &_gcry_cipher_spec_serpent128, GCRY_CIPHER_SERPENT128 },
{ &_gcry_cipher_spec_serpent192, GCRY_CIPHER_SERPENT192 },
{ &_gcry_cipher_spec_serpent256, GCRY_CIPHER_SERPENT256 },
#endif
#if USE_RFC2268
{ &_gcry_cipher_spec_rfc2268_40, GCRY_CIPHER_RFC2268_40 },
#endif
#if USE_SEED
{ &_gcry_cipher_spec_seed, GCRY_CIPHER_SEED },
#endif
#if USE_CAMELLIA
{ &_gcry_cipher_spec_camellia128, GCRY_CIPHER_CAMELLIA128 },
{ &_gcry_cipher_spec_camellia192, GCRY_CIPHER_CAMELLIA192 },
{ &_gcry_cipher_spec_camellia256, GCRY_CIPHER_CAMELLIA256 },
#endif
{ NULL }
};
/* List of registered ciphers. */
static gcry_module_t ciphers_registered;
/* This is the lock protecting CIPHERS_REGISTERED. */
static ath_mutex_t ciphers_registered_lock = ATH_MUTEX_INITIALIZER;
/* Flag to check wether the default ciphers have already been
registered. */
static int default_ciphers_registered;
/* Convenient macro for registering the default ciphers. */
#define REGISTER_DEFAULT_CIPHERS \
do \
{ \
ath_mutex_lock (&ciphers_registered_lock); \
if (! default_ciphers_registered) \
{ \
gcry_cipher_register_default (); \
default_ciphers_registered = 1; \
} \
ath_mutex_unlock (&ciphers_registered_lock); \
} \
while (0)
/* The handle structure. */
struct gcry_cipher_handle
{
int magic;
size_t actual_handle_size; /* Allocated size of this handle. */
gcry_cipher_spec_t *cipher;
gcry_module_t module;
int mode;
unsigned int flags;
unsigned char iv[MAX_BLOCKSIZE]; /* (this should be ulong aligned) */
unsigned char lastiv[MAX_BLOCKSIZE];
int unused; /* in IV */
unsigned char ctr[MAX_BLOCKSIZE]; /* For Counter (CTR) mode. */
PROPERLY_ALIGNED_TYPE context;
};
/* These dummy functions are used in case a cipher implementation
refuses to provide it's own functions. */
static gcry_err_code_t
dummy_setkey (void *c, const unsigned char *key, unsigned int keylen)
{
(void)c;
(void)key;
(void)keylen;
return GPG_ERR_NO_ERROR;
}
static void
dummy_encrypt_block (void *c,
unsigned char *outbuf, const unsigned char *inbuf)
{
(void)c;
(void)outbuf;
(void)inbuf;
BUG();
}
static void
dummy_decrypt_block (void *c,
unsigned char *outbuf, const unsigned char *inbuf)
{
(void)c;
(void)outbuf;
(void)inbuf;
BUG();
}
static void
dummy_encrypt_stream (void *c,
unsigned char *outbuf, const unsigned char *inbuf,
unsigned int n)
{
(void)c;
(void)outbuf;
(void)inbuf;
(void)n;
BUG();
}
static void
dummy_decrypt_stream (void *c,
unsigned char *outbuf, const unsigned char *inbuf,
unsigned int n)
{
(void)c;
(void)outbuf;
(void)inbuf;
(void)n;
BUG();
}
/* Internal function. Register all the ciphers included in
CIPHER_TABLE. Note, that this function gets only used by the macro
REGISTER_DEFAULT_CIPHERS which protects it using a mutex. */
static void
gcry_cipher_register_default (void)
{
gcry_err_code_t err = GPG_ERR_NO_ERROR;
int i;
for (i = 0; !err && cipher_table[i].cipher; i++)
{
if (! cipher_table[i].cipher->setkey)
cipher_table[i].cipher->setkey = dummy_setkey;
if (! cipher_table[i].cipher->encrypt)
cipher_table[i].cipher->encrypt = dummy_encrypt_block;
if (! cipher_table[i].cipher->decrypt)
cipher_table[i].cipher->decrypt = dummy_decrypt_block;
if (! cipher_table[i].cipher->stencrypt)
cipher_table[i].cipher->stencrypt = dummy_encrypt_stream;
if (! cipher_table[i].cipher->stdecrypt)
cipher_table[i].cipher->stdecrypt = dummy_decrypt_stream;
err = _gcry_module_add (&ciphers_registered,
cipher_table[i].algorithm,
(void *) cipher_table[i].cipher,
NULL);
}
if (err)
BUG ();
}
/* Internal callback function. Used via _gcry_module_lookup. */
static int
gcry_cipher_lookup_func_name (void *spec, void *data)
{
gcry_cipher_spec_t *cipher = (gcry_cipher_spec_t *) spec;
char *name = (char *) data;
const char **aliases = cipher->aliases;
int i, ret = ! stricmp (name, cipher->name);
if (aliases)
for (i = 0; aliases[i] && (! ret); i++)
ret = ! stricmp (name, aliases[i]);
return ret;
}
/* Internal callback function. Used via _gcry_module_lookup. */
static int
gcry_cipher_lookup_func_oid (void *spec, void *data)
{
gcry_cipher_spec_t *cipher = (gcry_cipher_spec_t *) spec;
char *oid = (char *) data;
gcry_cipher_oid_spec_t *oid_specs = cipher->oids;
int ret = 0, i;
if (oid_specs)
for (i = 0; oid_specs[i].oid && (! ret); i++)
if (! stricmp (oid, oid_specs[i].oid))
ret = 1;
return ret;
}
/* Internal function. Lookup a cipher entry by it's name. */
static gcry_module_t
gcry_cipher_lookup_name (const char *name)
{
gcry_module_t cipher;
cipher = _gcry_module_lookup (ciphers_registered, (void *) name,
gcry_cipher_lookup_func_name);
return cipher;
}
/* Internal function. Lookup a cipher entry by it's oid. */
static gcry_module_t
gcry_cipher_lookup_oid (const char *oid)
{
gcry_module_t cipher;
cipher = _gcry_module_lookup (ciphers_registered, (void *) oid,
gcry_cipher_lookup_func_oid);
return cipher;
}
/* Register a new cipher module whose specification can be found in
CIPHER. On success, a new algorithm ID is stored in ALGORITHM_ID
and a pointer representhing this module is stored in MODULE. */
gcry_error_t
gcry_cipher_register (gcry_cipher_spec_t *cipher,
int *algorithm_id,
gcry_module_t *module)
{
gcry_err_code_t err = 0;
gcry_module_t mod;
ath_mutex_lock (&ciphers_registered_lock);
err = _gcry_module_add (&ciphers_registered, 0,
(void *) cipher, &mod);
ath_mutex_unlock (&ciphers_registered_lock);
if (! err)
{
*module = mod;
*algorithm_id = mod->mod_id;
}
return gcry_error (err);
}
/* Unregister the cipher identified by MODULE, which must have been
registered with gcry_cipher_register. */
void
gcry_cipher_unregister (gcry_module_t module)
{
ath_mutex_lock (&ciphers_registered_lock);
_gcry_module_release (module);
ath_mutex_unlock (&ciphers_registered_lock);
}
/* Locate the OID in the oid table and return the index or -1 when not
found. An opitonal "oid." or "OID." prefix in OID is ignored, the
OID is expected to be in standard IETF dotted notation. The
internal algorithm number is returned in ALGORITHM unless it
ispassed as NULL. A pointer to the specification of the module
implementing this algorithm is return in OID_SPEC unless passed as
NULL.*/
static int
search_oid (const char *oid, int *algorithm, gcry_cipher_oid_spec_t *oid_spec)
{
gcry_module_t module;
int ret = 0;
if (oid && ((! strncmp (oid, "oid.", 4))
|| (! strncmp (oid, "OID.", 4))))
oid += 4;
module = gcry_cipher_lookup_oid (oid);
if (module)
{
gcry_cipher_spec_t *cipher = module->spec;
int i;
for (i = 0; cipher->oids[i].oid && !ret; i++)
if (! stricmp (oid, cipher->oids[i].oid))
{
if (algorithm)
*algorithm = module->mod_id;
if (oid_spec)
*oid_spec = cipher->oids[i];
ret = 1;
}
_gcry_module_release (module);
}
return ret;
}
/* Map STRING to the cipher algorithm identifier. Returns the
algorithm ID of the cipher for the given name or 0 if the name is
not known. It is valid to pass NULL for STRING which results in a
return value of 0. */
int
gcry_cipher_map_name (const char *string)
{
gcry_module_t cipher;
int ret, algorithm = 0;
if (! string)
return 0;
REGISTER_DEFAULT_CIPHERS;
/* If the string starts with a digit (optionally prefixed with
either "OID." or "oid."), we first look into our table of ASN.1
object identifiers to figure out the algorithm */
ath_mutex_lock (&ciphers_registered_lock);
ret = search_oid (string, &algorithm, NULL);
if (! ret)
{
cipher = gcry_cipher_lookup_name (string);
if (cipher)
{
algorithm = cipher->mod_id;
_gcry_module_release (cipher);
}
}
ath_mutex_unlock (&ciphers_registered_lock);
return algorithm;
}
/* Given a STRING with an OID in dotted decimal notation, this
function returns the cipher mode (GCRY_CIPHER_MODE_*) associated
with that OID or 0 if no mode is known. Passing NULL for string
yields a return value of 0. */
int
gcry_cipher_mode_from_oid (const char *string)
{
gcry_cipher_oid_spec_t oid_spec;
int ret = 0, mode = 0;
if (!string)
return 0;
ath_mutex_lock (&ciphers_registered_lock);
ret = search_oid (string, NULL, &oid_spec);
if (ret)
mode = oid_spec.mode;
ath_mutex_unlock (&ciphers_registered_lock);
return mode;
}
/* Map the cipher algorithm whose ID is contained in ALGORITHM to a
string representation of the algorithm name. For unknown algorithm
IDs this function returns "?". */
static const char *
cipher_algo_to_string (int algorithm)
{
gcry_module_t cipher;
const char *name;
REGISTER_DEFAULT_CIPHERS;
ath_mutex_lock (&ciphers_registered_lock);
cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
if (cipher)
{
name = ((gcry_cipher_spec_t *) cipher->spec)->name;
_gcry_module_release (cipher);
}
else
name = "?";
ath_mutex_unlock (&ciphers_registered_lock);
return name;
}
/* Map the cipher algorithm identifier ALGORITHM to a string
representing this algorithm. This string is the default name as
used by Libgcrypt. An pointer to an empty string is returned for
an unknown algorithm. NULL is never returned. */
const char *
gcry_cipher_algo_name (int algorithm)
{
return cipher_algo_to_string (algorithm);
}
/* Flag the cipher algorithm with the identifier ALGORITHM as
disabled. There is no error return, the function does nothing for
unknown algorithms. Disabled algorithms are vitually not available
in Libgcrypt. */
static void
disable_cipher_algo (int algorithm)
{
gcry_module_t cipher;
REGISTER_DEFAULT_CIPHERS;
ath_mutex_lock (&ciphers_registered_lock);
cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
if (cipher)
{
if (! (cipher->flags & FLAG_MODULE_DISABLED))
cipher->flags |= FLAG_MODULE_DISABLED;
_gcry_module_release (cipher);
}
ath_mutex_unlock (&ciphers_registered_lock);
}
/* Return 0 if the cipher algorithm with indentifier ALGORITHM is
available. Returns a basic error code value if it is not available. */
static gcry_err_code_t
check_cipher_algo (int algorithm)
{
gcry_err_code_t err = GPG_ERR_NO_ERROR;
gcry_module_t cipher;
REGISTER_DEFAULT_CIPHERS;
ath_mutex_lock (&ciphers_registered_lock);
cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
if (cipher)
{
if (cipher->flags & FLAG_MODULE_DISABLED)
err = GPG_ERR_CIPHER_ALGO;
_gcry_module_release (cipher);
}
else
err = GPG_ERR_CIPHER_ALGO;
ath_mutex_unlock (&ciphers_registered_lock);
return err;
}
/* Return the standard length of the key for the cipher algorithm with
the identifier ALGORITHM. This function expects a valid algorithm
and will abort if the algorithm is not available or the length of
the key is not known. */
static unsigned int
cipher_get_keylen (int algorithm)
{
gcry_module_t cipher;
unsigned len = 0;
REGISTER_DEFAULT_CIPHERS;
ath_mutex_lock (&ciphers_registered_lock);
cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
if (cipher)
{
len = ((gcry_cipher_spec_t *) cipher->spec)->keylen;
if (! len)
log_bug ("cipher %d w/o key length\n", algorithm);
_gcry_module_release (cipher);
}
else
log_bug ("cipher %d not found\n", algorithm);
ath_mutex_unlock (&ciphers_registered_lock);
return len;
}
/* Return the block length of the cipher algorithm with the identifier
ALGORITHM. This function expects a valid algorithm and will abort
if the algorithm is not available or the length of the key is not
known. */
static unsigned int
cipher_get_blocksize (int algorithm)
{
gcry_module_t cipher;
unsigned len = 0;
REGISTER_DEFAULT_CIPHERS;
ath_mutex_lock (&ciphers_registered_lock);
cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
if (cipher)
{
len = ((gcry_cipher_spec_t *) cipher->spec)->blocksize;
if (! len)
log_bug ("cipher %d w/o blocksize\n", algorithm);
_gcry_module_release (cipher);
}
else
log_bug ("cipher %d not found\n", algorithm);
ath_mutex_unlock (&ciphers_registered_lock);
return len;
}
/*
Open a cipher handle for use with cipher algorithm ALGORITHM, using
the cipher mode MODE (one of the GCRY_CIPHER_MODE_*) and return a
handle in HANDLE. Put NULL into HANDLE and return an error code if
something goes wrong. FLAGS may be used to modify the
operation. The defined flags are:
GCRY_CIPHER_SECURE: allocate all internal buffers in secure memory.
GCRY_CIPHER_ENABLE_SYNC: Enable the sync operation as used in OpenPGP.
GCRY_CIPHER_CBC_CTS: Enable CTS mode.
GCRY_CIPHER_CBC_MAC: Enable MAC mode.
Values for these flags may be combined using OR.
*/
gcry_error_t
gcry_cipher_open (gcry_cipher_hd_t *handle,
int algo, int mode, unsigned int flags)
{
int secure = (flags & GCRY_CIPHER_SECURE);
gcry_cipher_spec_t *cipher = NULL;
gcry_module_t module = NULL;
gcry_cipher_hd_t h = NULL;
gcry_err_code_t err = 0;
/* If the application missed to call the random poll function, we do
it here to ensure that it is used once in a while. */
_gcry_fast_random_poll ();
REGISTER_DEFAULT_CIPHERS;
/* Fetch the according module and check wether the cipher is marked
available for use. */
ath_mutex_lock (&ciphers_registered_lock);
module = _gcry_module_lookup_id (ciphers_registered, algo);
if (module)
{
/* Found module. */
if (module->flags & FLAG_MODULE_DISABLED)
{
/* Not available for use. */
err = GPG_ERR_CIPHER_ALGO;
_gcry_module_release (module);
}
else
cipher = (gcry_cipher_spec_t *) module->spec;
}
else
err = GPG_ERR_CIPHER_ALGO;
ath_mutex_unlock (&ciphers_registered_lock);
/* check flags */
if ((! err)
&& ((flags & ~(0
| GCRY_CIPHER_SECURE
| GCRY_CIPHER_ENABLE_SYNC
| GCRY_CIPHER_CBC_CTS
| GCRY_CIPHER_CBC_MAC))
|| (flags & GCRY_CIPHER_CBC_CTS & GCRY_CIPHER_CBC_MAC)))
err = GPG_ERR_CIPHER_ALGO;
/* check that a valid mode has been requested */
if (! err)
switch (mode)
{
case GCRY_CIPHER_MODE_ECB:
case GCRY_CIPHER_MODE_CBC:
case GCRY_CIPHER_MODE_CFB:
case GCRY_CIPHER_MODE_OFB:
case GCRY_CIPHER_MODE_CTR:
if ((cipher->encrypt == dummy_encrypt_block)
|| (cipher->decrypt == dummy_decrypt_block))
err = GPG_ERR_INV_CIPHER_MODE;
break;
case GCRY_CIPHER_MODE_STREAM:
if ((cipher->stencrypt == dummy_encrypt_stream)
|| (cipher->stdecrypt == dummy_decrypt_stream))
err = GPG_ERR_INV_CIPHER_MODE;
break;
case GCRY_CIPHER_MODE_NONE:
/* FIXME: issue a warning when this mode is used */
break;
default:
err = GPG_ERR_INV_CIPHER_MODE;
}
/* ? FIXME: perform selftest here and mark this with a flag in
cipher_table ? */
if (! err)
{
size_t size = (sizeof (*h)
+ 2 * cipher->contextsize
- sizeof (PROPERLY_ALIGNED_TYPE));
if (secure)
h = gcry_calloc_secure (1, size);
else
h = gcry_calloc (1, size);
if (! h)
err = gpg_err_code_from_errno (errno);
else
{
h->magic = secure ? CTX_MAGIC_SECURE : CTX_MAGIC_NORMAL;
h->actual_handle_size = size;
h->cipher = cipher;
h->module = module;
h->mode = mode;
h->flags = flags;
}
}
/* Done. */
if (err)
{
if (module)
{
/* Release module. */
ath_mutex_lock (&ciphers_registered_lock);
_gcry_module_release (module);
ath_mutex_unlock (&ciphers_registered_lock);
}
}
*handle = err ? NULL : h;
return gcry_error (err);
}
/* Release all resources associated with the cipher handle H. H may be
NULL in which case this is a no-operation. */
void
gcry_cipher_close (gcry_cipher_hd_t h)
{
if (! h)
return;
if ((h->magic != CTX_MAGIC_SECURE)
&& (h->magic != CTX_MAGIC_NORMAL))
_gcry_fatal_error(GPG_ERR_INTERNAL,
"gcry_cipher_close: already closed/invalid handle");
else
h->magic = 0;
/* Release module. */
ath_mutex_lock (&ciphers_registered_lock);
_gcry_module_release (h->module);
ath_mutex_unlock (&ciphers_registered_lock);
/* We always want to wipe out the memory even when the context has
been allocated in secure memory. The user might have disabled
secure memory or is using his own implementation which does not
do the wiping. To accomplish this we need to keep track of the
actual size of this structure because we have no way to known
how large the allocated area was when using a standard malloc. */
wipememory (h, h->actual_handle_size);
gcry_free (h);
}
/* Set the key to be used for the encryption context C to KEY with
length KEYLEN. The length should match the required length. */
static gcry_error_t
cipher_setkey (gcry_cipher_hd_t c, byte *key, unsigned keylen)
{
gcry_err_code_t ret;
ret = (*c->cipher->setkey) (&c->context.c, key, keylen);
if (! ret)
/* Duplicate initial context. */
memcpy ((void *) ((char *) &c->context.c + c->cipher->contextsize),
(void *) &c->context.c,
c->cipher->contextsize);
return gcry_error (ret);
}
/* Set the IV to be used for the encryption context C to IV with
length IVLEN. The length should match the required length. */
static void
cipher_setiv( gcry_cipher_hd_t c, const byte *iv, unsigned ivlen )
{
memset( c->iv, 0, c->cipher->blocksize );
if( iv ) {
if( ivlen != c->cipher->blocksize )
log_info("WARNING: cipher_setiv: ivlen=%u blklen=%u\n",
ivlen, (unsigned) c->cipher->blocksize );
if (ivlen > c->cipher->blocksize)
ivlen = c->cipher->blocksize;
memcpy( c->iv, iv, ivlen );
}
c->unused = 0;
}
/* Reset the cipher context to the initial contex. This is basically
the same as an release followed by a new. */
static void
cipher_reset (gcry_cipher_hd_t c)
{
memcpy (&c->context.c,
(char *) &c->context.c + c->cipher->contextsize,
c->cipher->contextsize);
memset (c->iv, 0, c->cipher->blocksize);
memset (c->lastiv, 0, c->cipher->blocksize);
memset (c->ctr, 0, c->cipher->blocksize);
}
static void
do_ecb_encrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
unsigned int nblocks )
{
unsigned int n;
for(n=0; n < nblocks; n++ ) {
c->cipher->encrypt ( &c->context.c, outbuf, (byte*)/*arggg*/inbuf );
inbuf += c->cipher->blocksize;
outbuf += c->cipher->blocksize;
}
}
static void
do_ecb_decrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
unsigned int nblocks )
{
unsigned n;
for(n=0; n < nblocks; n++ ) {
c->cipher->decrypt ( &c->context.c, outbuf, (byte*)/*arggg*/inbuf );
inbuf += c->cipher->blocksize;
outbuf += c->cipher->blocksize;
}
}
static void
do_cbc_encrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
unsigned int nbytes )
{
unsigned int n;
byte *ivp;
int i;
size_t blocksize = c->cipher->blocksize;
unsigned nblocks = nbytes / blocksize;
if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize) {
if ((nbytes % blocksize) == 0)
nblocks--;
}
for(n=0; n < nblocks; n++ ) {
/* fixme: the xor should work on words and not on
* bytes. Maybe it is a good idea to enhance the cipher backend
* API to allow for CBC handling direct in the backend */
for(ivp=c->iv,i=0; i < blocksize; i++ )
outbuf[i] = inbuf[i] ^ *ivp++;
c->cipher->encrypt ( &c->context.c, outbuf, outbuf );
memcpy(c->iv, outbuf, blocksize );
inbuf += blocksize;
if (!(c->flags & GCRY_CIPHER_CBC_MAC))
outbuf += blocksize;
}
if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize)
{
/* We have to be careful here, since outbuf might be equal to
inbuf. */
int restbytes;
byte b;
if ((nbytes % blocksize) == 0)
restbytes = blocksize;
else
restbytes = nbytes % blocksize;
outbuf -= blocksize;
for (ivp = c->iv, i = 0; i < restbytes; i++)
{
b = inbuf[i];
outbuf[blocksize + i] = outbuf[i];
outbuf[i] = b ^ *ivp++;
}
for (; i < blocksize; i++)
outbuf[i] = 0 ^ *ivp++;
c->cipher->encrypt (&c->context.c, outbuf, outbuf);
memcpy (c->iv, outbuf, blocksize);
}
}
static void
do_cbc_decrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
unsigned int nbytes )
{
unsigned int n;
byte *ivp;
int i;
size_t blocksize = c->cipher->blocksize;
unsigned int nblocks = nbytes / blocksize;
if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize) {
nblocks--;
if ((nbytes % blocksize) == 0)
nblocks--;
memcpy(c->lastiv, c->iv, blocksize );
}
for(n=0; n < nblocks; n++ ) {
/* Because outbuf and inbuf might be the same, we have
* to save the original ciphertext block. We use lastiv
* for this here because it is not used otherwise. */
memcpy(c->lastiv, inbuf, blocksize );
c->cipher->decrypt ( &c->context.c, outbuf, inbuf );
for(ivp=c->iv,i=0; i < blocksize; i++ )
outbuf[i] ^= *ivp++;
memcpy(c->iv, c->lastiv, blocksize );
inbuf += c->cipher->blocksize;
outbuf += c->cipher->blocksize;
}
if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize) {
int restbytes;
if ((nbytes % blocksize) == 0)
restbytes = blocksize;
else
restbytes = nbytes % blocksize;
memcpy(c->lastiv, c->iv, blocksize ); /* save Cn-2 */
memcpy(c->iv, inbuf + blocksize, restbytes ); /* save Cn */
c->cipher->decrypt ( &c->context.c, outbuf, inbuf );
for(ivp=c->iv,i=0; i < restbytes; i++ )
outbuf[i] ^= *ivp++;
memcpy(outbuf + blocksize, outbuf, restbytes);
for(i=restbytes; i < blocksize; i++)
c->iv[i] = outbuf[i];
c->cipher->decrypt ( &c->context.c, outbuf, c->iv );
for(ivp=c->lastiv,i=0; i < blocksize; i++ )
outbuf[i] ^= *ivp++;
/* c->lastiv is now really lastlastiv, does this matter? */
}
}
static void
do_cfb_encrypt( gcry_cipher_hd_t c,
byte *outbuf, const byte *inbuf, unsigned nbytes )
{
byte *ivp;
size_t blocksize = c->cipher->blocksize;
if( nbytes <= c->unused ) {
/* Short enough to be encoded by the remaining XOR mask. */
/* XOR the input with the IV and store input into IV. */
for (ivp=c->iv+c->cipher->blocksize - c->unused;
nbytes;
nbytes--, c->unused-- )
*outbuf++ = (*ivp++ ^= *inbuf++);
return;
}
if( c->unused ) {
/* XOR the input with the IV and store input into IV */
nbytes -= c->unused;
for(ivp=c->iv+blocksize - c->unused; c->unused; c->unused-- )
*outbuf++ = (*ivp++ ^= *inbuf++);
}
/* Now we can process complete blocks. */
while( nbytes >= blocksize ) {
int i;
/* Encrypt the IV (and save the current one). */
memcpy( c->lastiv, c->iv, blocksize );
c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
/* XOR the input with the IV and store input into IV */
for(ivp=c->iv,i=0; i < blocksize; i++ )
*outbuf++ = (*ivp++ ^= *inbuf++);
nbytes -= blocksize;
}
if( nbytes ) { /* process the remaining bytes */
/* encrypt the IV (and save the current one) */
memcpy( c->lastiv, c->iv, blocksize );
c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
c->unused = blocksize;
/* and apply the xor */
c->unused -= nbytes;
for(ivp=c->iv; nbytes; nbytes-- )
*outbuf++ = (*ivp++ ^= *inbuf++);
}
}
static void
do_cfb_decrypt( gcry_cipher_hd_t c,
byte *outbuf, const byte *inbuf, unsigned int nbytes )
{
byte *ivp;
ulong temp;
size_t blocksize = c->cipher->blocksize;
if( nbytes <= c->unused ) {
/* Short enough to be encoded by the remaining XOR mask. */
/* XOR the input with the IV and store input into IV. */
for(ivp=c->iv+blocksize - c->unused; nbytes; nbytes--,c->unused--) {
temp = *inbuf++;
*outbuf++ = *ivp ^ temp;
*ivp++ = temp;
}
return;
}
if( c->unused ) {
/* XOR the input with the IV and store input into IV. */
nbytes -= c->unused;
for(ivp=c->iv+blocksize - c->unused; c->unused; c->unused-- ) {
temp = *inbuf++;
*outbuf++ = *ivp ^ temp;
*ivp++ = temp;
}
}
/* now we can process complete blocks */
while( nbytes >= blocksize ) {
int i;
/* encrypt the IV (and save the current one) */
memcpy( c->lastiv, c->iv, blocksize );
c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
/* XOR the input with the IV and store input into IV */
for(ivp=c->iv,i=0; i < blocksize; i++ ) {
temp = *inbuf++;
*outbuf++ = *ivp ^ temp;
*ivp++ = temp;
}
nbytes -= blocksize;
}
if( nbytes ) { /* process the remaining bytes */
/* encrypt the IV (and save the current one) */
memcpy( c->lastiv, c->iv, blocksize );
c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
c->unused = blocksize;
/* and apply the xor */
c->unused -= nbytes;
for(ivp=c->iv; nbytes; nbytes-- ) {
temp = *inbuf++;
*outbuf++ = *ivp ^ temp;
*ivp++ = temp;
}
}
}
static void
do_ofb_encrypt( gcry_cipher_hd_t c,
byte *outbuf, const byte *inbuf, unsigned nbytes )
{
byte *ivp;
size_t blocksize = c->cipher->blocksize;
if ( nbytes <= c->unused )
{
/* Short enough to be encoded by the remaining XOR mask. */
/* XOR the input with the IV */
for (ivp=c->iv+c->cipher->blocksize - c->unused;
nbytes;
nbytes--, c->unused-- )
*outbuf++ = (*ivp++ ^ *inbuf++);
return;
}
if( c->unused )
{
nbytes -= c->unused;
for(ivp=c->iv+blocksize - c->unused; c->unused; c->unused-- )
*outbuf++ = (*ivp++ ^ *inbuf++);
}
/* Now we can process complete blocks. */
while ( nbytes >= blocksize )
{
int i;
/* Encrypt the IV (and save the current one). */
memcpy( c->lastiv, c->iv, blocksize );
c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
for (ivp=c->iv,i=0; i < blocksize; i++ )
*outbuf++ = (*ivp++ ^ *inbuf++);
nbytes -= blocksize;
}
if ( nbytes )
{ /* process the remaining bytes */
memcpy( c->lastiv, c->iv, blocksize );
c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
c->unused = blocksize;
c->unused -= nbytes;
for(ivp=c->iv; nbytes; nbytes-- )
*outbuf++ = (*ivp++ ^ *inbuf++);
}
}
static void
do_ofb_decrypt( gcry_cipher_hd_t c,
byte *outbuf, const byte *inbuf, unsigned int nbytes )
{
byte *ivp;
size_t blocksize = c->cipher->blocksize;
if( nbytes <= c->unused )
{
/* Short enough to be encoded by the remaining XOR mask. */
for (ivp=c->iv+blocksize - c->unused; nbytes; nbytes--,c->unused--)
*outbuf++ = *ivp++ ^ *inbuf++;
return;
}
if ( c->unused )
{
nbytes -= c->unused;
for (ivp=c->iv+blocksize - c->unused; c->unused; c->unused-- )
*outbuf++ = *ivp++ ^ *inbuf++;
}
/* Now we can process complete blocks. */
while ( nbytes >= blocksize )
{
int i;
/* Encrypt the IV (and save the current one). */
memcpy( c->lastiv, c->iv, blocksize );
c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
for (ivp=c->iv,i=0; i < blocksize; i++ )
*outbuf++ = *ivp++ ^ *inbuf++;
nbytes -= blocksize;
}
if ( nbytes )
{ /* Process the remaining bytes. */
/* Encrypt the IV (and save the current one). */
memcpy( c->lastiv, c->iv, blocksize );
c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
c->unused = blocksize;
c->unused -= nbytes;
for (ivp=c->iv; nbytes; nbytes-- )
*outbuf++ = *ivp++ ^ *inbuf++;
}
}
static void
do_ctr_encrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
unsigned int nbytes )
{
unsigned int n;
byte tmp[MAX_BLOCKSIZE];
int i;
for(n=0; n < nbytes; n++)
{
if ((n % c->cipher->blocksize) == 0)
{
c->cipher->encrypt (&c->context.c, tmp, c->ctr);
for (i = c->cipher->blocksize; i > 0; i--)
{
c->ctr[i-1]++;
if (c->ctr[i-1] != 0)
break;
}
}
/* XOR input with encrypted counter and store in output. */
outbuf[n] = inbuf[n] ^ tmp[n % c->cipher->blocksize];
}
}
static void
do_ctr_decrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
unsigned int nbytes )
{
do_ctr_encrypt (c, outbuf, inbuf, nbytes);
}
/****************
* Encrypt INBUF to OUTBUF with the mode selected at open.
* inbuf and outbuf may overlap or be the same.
* Depending on the mode some contraints apply to NBYTES.
*/
static gcry_err_code_t
cipher_encrypt (gcry_cipher_hd_t c, byte *outbuf,
const byte *inbuf, unsigned int nbytes)
{
gcry_err_code_t rc = GPG_ERR_NO_ERROR;
switch( c->mode ) {
case GCRY_CIPHER_MODE_ECB:
if (!(nbytes%c->cipher->blocksize))
do_ecb_encrypt(c, outbuf, inbuf, nbytes/c->cipher->blocksize );
else
rc = GPG_ERR_INV_ARG;
break;
case GCRY_CIPHER_MODE_CBC:
if (!(nbytes%c->cipher->blocksize)
|| (nbytes > c->cipher->blocksize
&& (c->flags & GCRY_CIPHER_CBC_CTS)))
do_cbc_encrypt(c, outbuf, inbuf, nbytes );
else
rc = GPG_ERR_INV_ARG;
break;
case GCRY_CIPHER_MODE_CFB:
do_cfb_encrypt(c, outbuf, inbuf, nbytes );
break;
case GCRY_CIPHER_MODE_OFB:
do_ofb_encrypt(c, outbuf, inbuf, nbytes );
break;
case GCRY_CIPHER_MODE_CTR:
do_ctr_encrypt(c, outbuf, inbuf, nbytes );
break;
case GCRY_CIPHER_MODE_STREAM:
c->cipher->stencrypt ( &c->context.c,
outbuf, (byte*)/*arggg*/inbuf, nbytes );
break;
case GCRY_CIPHER_MODE_NONE:
if( inbuf != outbuf )
memmove( outbuf, inbuf, nbytes );
break;
default:
log_fatal("cipher_encrypt: invalid mode %d\n", c->mode );
rc = GPG_ERR_INV_CIPHER_MODE;
break;
}
return rc;
}
/****************
* Encrypt IN and write it to OUT. If IN is NULL, in-place encryption has
* been requested.
*/
gcry_error_t
gcry_cipher_encrypt (gcry_cipher_hd_t h, void *out, size_t outsize,
const void *in, size_t inlen)
{
gcry_err_code_t err;
if (!in)
/* Caller requested in-place encryption. */
/* Actually cipher_encrypt() does not need to know about it, but
* we may change it in the future to get better performance. */
err = cipher_encrypt (h, out, out, outsize);
else if (outsize < ((h->flags & GCRY_CIPHER_CBC_MAC) ?
h->cipher->blocksize : inlen))
err = GPG_ERR_TOO_SHORT;
else if ((h->mode == GCRY_CIPHER_MODE_ECB
|| (h->mode == GCRY_CIPHER_MODE_CBC
&& (! ((h->flags & GCRY_CIPHER_CBC_CTS)
&& (inlen > h->cipher->blocksize)))))
&& (inlen % h->cipher->blocksize))
err = GPG_ERR_INV_ARG;
else
err = cipher_encrypt (h, out, in, inlen);
if (err && out)
memset (out, 0x42, outsize); /* Failsafe: Make sure that the
plaintext will never make it into
OUT. */
return gcry_error (err);
}
/****************
* Decrypt INBUF to OUTBUF with the mode selected at open.
* inbuf and outbuf may overlap or be the same.
* Depending on the mode some some contraints apply to NBYTES.
*/
static gcry_err_code_t
cipher_decrypt (gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
unsigned int nbytes)
{
gcry_err_code_t rc = GPG_ERR_NO_ERROR;
switch( c->mode ) {
case GCRY_CIPHER_MODE_ECB:
if (!(nbytes%c->cipher->blocksize))
do_ecb_decrypt(c, outbuf, inbuf, nbytes/c->cipher->blocksize );
else
rc = GPG_ERR_INV_ARG;
break;
case GCRY_CIPHER_MODE_CBC:
if (!(nbytes%c->cipher->blocksize)
|| (nbytes > c->cipher->blocksize
&& (c->flags & GCRY_CIPHER_CBC_CTS)))
do_cbc_decrypt(c, outbuf, inbuf, nbytes );
else
rc = GPG_ERR_INV_ARG;
break;
case GCRY_CIPHER_MODE_CFB:
do_cfb_decrypt(c, outbuf, inbuf, nbytes );
break;
case GCRY_CIPHER_MODE_OFB:
do_ofb_decrypt(c, outbuf, inbuf, nbytes );
break;
case GCRY_CIPHER_MODE_CTR:
do_ctr_decrypt(c, outbuf, inbuf, nbytes );
break;
case GCRY_CIPHER_MODE_STREAM:
c->cipher->stdecrypt ( &c->context.c,
outbuf, (byte*)/*arggg*/inbuf, nbytes );
break;
case GCRY_CIPHER_MODE_NONE:
if( inbuf != outbuf )
memmove( outbuf, inbuf, nbytes );
break;
default:
log_fatal ("cipher_decrypt: invalid mode %d\n", c->mode );
rc = GPG_ERR_INV_CIPHER_MODE;
break;
}
return rc;
}
gcry_error_t
gcry_cipher_decrypt (gcry_cipher_hd_t h, void *out, size_t outsize,
const void *in, size_t inlen)
{
gcry_err_code_t err = 0;
if (!in)
/* Caller requested in-place encryption. */
/* Actually cipher_encrypt() does not need to know about it, but
* we may change it in the future to get better performance. */
err = cipher_decrypt (h, out, out, outsize);
else if (outsize < inlen)
err = GPG_ERR_TOO_SHORT;
else if (((h->mode == GCRY_CIPHER_MODE_ECB)
|| ((h->mode == GCRY_CIPHER_MODE_CBC)
&& (! ((h->flags & GCRY_CIPHER_CBC_CTS)
&& (inlen > h->cipher->blocksize)))))
&& (inlen % h->cipher->blocksize) != 0)
err = GPG_ERR_INV_ARG;
else
err = cipher_decrypt (h, out, in, inlen);
return gcry_error (err);
}
/****************
* Used for PGP's somewhat strange CFB mode. Only works if
* the corresponding flag is set.
*/
static void
cipher_sync( gcry_cipher_hd_t c )
{
if( (c->flags & GCRY_CIPHER_ENABLE_SYNC) && c->unused ) {
memmove(c->iv + c->unused, c->iv, c->cipher->blocksize - c->unused );
memcpy(c->iv, c->lastiv + c->cipher->blocksize - c->unused, c->unused);
c->unused = 0;
}
}
gcry_error_t
gcry_cipher_ctl( gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
{
gcry_err_code_t rc = GPG_ERR_NO_ERROR;
switch (cmd)
{
case GCRYCTL_SET_KEY:
rc = cipher_setkey( h, buffer, buflen );
break;
case GCRYCTL_SET_IV:
cipher_setiv( h, buffer, buflen );
break;
case GCRYCTL_RESET:
cipher_reset (h);
break;
case GCRYCTL_CFB_SYNC:
cipher_sync( h );
break;
case GCRYCTL_SET_CBC_CTS:
if (buflen)
if (h->flags & GCRY_CIPHER_CBC_MAC)
rc = GPG_ERR_INV_FLAG;
else
h->flags |= GCRY_CIPHER_CBC_CTS;
else
h->flags &= ~GCRY_CIPHER_CBC_CTS;
break;
case GCRYCTL_SET_CBC_MAC:
if (buflen)
if (h->flags & GCRY_CIPHER_CBC_CTS)
rc = GPG_ERR_INV_FLAG;
else
h->flags |= GCRY_CIPHER_CBC_MAC;
else
h->flags &= ~GCRY_CIPHER_CBC_MAC;
break;
case GCRYCTL_DISABLE_ALGO:
/* this one expects a NULL handle and buffer pointing to an
* integer with the algo number.
*/
if( h || !buffer || buflen != sizeof(int) )
return gcry_error (GPG_ERR_CIPHER_ALGO);
disable_cipher_algo( *(int*)buffer );
break;
case GCRYCTL_SET_CTR:
if (buffer && buflen == h->cipher->blocksize)
memcpy (h->ctr, buffer, h->cipher->blocksize);
else if (buffer == NULL || buflen == 0)
memset (h->ctr, 0, h->cipher->blocksize);
else
rc = GPG_ERR_INV_ARG;
break;
default:
rc = GPG_ERR_INV_OP;
}
return gcry_error (rc);
}
/****************
* Return information about the cipher handle.
*/
gcry_error_t
gcry_cipher_info( gcry_cipher_hd_t h, int cmd, void *buffer, size_t *nbytes)
{
gcry_err_code_t err = GPG_ERR_NO_ERROR;
(void)h;
(void)buffer;
(void)nbytes;
switch (cmd)
{
default:
err = GPG_ERR_INV_OP;
}
return gcry_error (err);
}
/****************
* Return information about the given cipher algorithm
* WHAT select the kind of information returned:
* GCRYCTL_GET_KEYLEN:
* Return the length of the key, if the algorithm
* supports multiple key length, the maximum supported value
* is returnd. The length is return as number of octets.
* buffer and nbytes must be zero.
* The keylength is returned in _bytes_.
* GCRYCTL_GET_BLKLEN:
* Return the blocklength of the algorithm counted in octets.
* buffer and nbytes must be zero.
* GCRYCTL_TEST_ALGO:
* Returns 0 when the specified algorithm is available for use.
* buffer and nbytes must be zero.
*
* Note: Because this function is in most cases used to return an
* integer value, we can make it easier for the caller to just look at
* the return value. The caller will in all cases consult the value
* and thereby detecting whether a error occured or not (i.e. while checking
* the block size)
*/
gcry_error_t
gcry_cipher_algo_info (int algo, int what, void *buffer, size_t *nbytes)
{
gcry_err_code_t err = GPG_ERR_NO_ERROR;
unsigned int ui;
switch (what)
{
case GCRYCTL_GET_KEYLEN:
if (buffer || (! nbytes))
err = GPG_ERR_CIPHER_ALGO;
else
{
ui = cipher_get_keylen (algo);
if ((ui > 0) && (ui <= 512))
*nbytes = (size_t) ui / 8;
else
/* The only reason is an invalid algo or a strange
blocksize. */
err = GPG_ERR_CIPHER_ALGO;
}
break;
case GCRYCTL_GET_BLKLEN:
if (buffer || (! nbytes))
err = GPG_ERR_CIPHER_ALGO;
else
{
ui = cipher_get_blocksize (algo);
if ((ui > 0) && (ui < 10000))
*nbytes = ui;
else
/* The only reason is an invalid algo or a strange
blocksize. */
err = GPG_ERR_CIPHER_ALGO;
}
break;
case GCRYCTL_TEST_ALGO:
if (buffer || nbytes)
err = GPG_ERR_INV_ARG;
else
err = check_cipher_algo (algo);
break;
default:
err = GPG_ERR_INV_OP;
}
return gcry_error (err);
}
size_t
gcry_cipher_get_algo_keylen (int algo)
{
size_t n;
if (gcry_cipher_algo_info( algo, GCRYCTL_GET_KEYLEN, NULL, &n))
n = 0;
return n;
}
size_t
gcry_cipher_get_algo_blklen (int algo)
{
size_t n;
if (gcry_cipher_algo_info( algo, GCRYCTL_GET_BLKLEN, NULL, &n))
n = 0;
return n;
}
gcry_err_code_t
_gcry_cipher_init (void)
{
gcry_err_code_t err = GPG_ERR_NO_ERROR;
REGISTER_DEFAULT_CIPHERS;
return err;
}
/* Get a list consisting of the IDs of the loaded cipher modules. If
LIST is zero, write the number of loaded cipher modules to
LIST_LENGTH and return. If LIST is non-zero, the first
*LIST_LENGTH algorithm IDs are stored in LIST, which must be of
according size. In case there are less cipher modules than
*LIST_LENGTH, *LIST_LENGTH is updated to the correct number. */
gcry_error_t
gcry_cipher_list (int *list, int *list_length)
{
gcry_err_code_t err = GPG_ERR_NO_ERROR;
ath_mutex_lock (&ciphers_registered_lock);
err = _gcry_module_list (ciphers_registered, list, list_length);
ath_mutex_unlock (&ciphers_registered_lock);
return err;
}

File Metadata

Mime Type
text/x-c
Expires
Thu, Jul 17, 12:59 AM (1 d, 13 h)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
67/d2/3ebe21d4926042d57fd2183ce66b

Event Timeline