Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 213 lines (179 sloc) 5.49 kb
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
1 /*
2 * Copyright (c) 2011 Alex Hornung <alex@alexhornung.com>.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
19 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
20 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
22 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
26 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 */
29
30 //#include <unistd.h>
31 #include <inttypes.h>
32 #include <errno.h>
33 #include <string.h>
34
9d4e451e »
2011-08-16 Work around broken gcrypt includes
35 /*
36 * Yey for gcrypt and its broken includes...
37 * see http://lists.gnupg.org/pipermail/gcrypt-devel/2011-July/001830.html
38 * and http://seclists.org/wireshark/2011/Jul/208
39 * for more details...
40 */
41 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
42 #include <gcrypt.h>
9d4e451e »
2011-08-16 Work around broken gcrypt includes
43 #pragma GCC diagnostic warning "-Wdeprecated-declarations"
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
44
45 #include "generic_xts.h"
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
46 #include "tcplay.h"
47
48
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
49 static int
50 gcrypt_encrypt(void *ctx, size_t blk_len, const uint8_t *src, uint8_t *dst)
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
51 {
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
52 gcry_cipher_hd_t cipher_hd = (gcry_cipher_hd_t)ctx;
53 gcry_error_t gcry_err;
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
54
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
55 gcry_err = gcry_cipher_encrypt(
56 cipher_hd,
57 dst,
58 blk_len, /* gcry_cipher_get_algo_blklen(GCRY_CIPHER_AES256) */
59 src,
60 blk_len);
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
61
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
62 return (gcry_err != 0);
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
63 }
64
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
65 static int
66 gcrypt_decrypt(void *ctx, size_t blk_len, const uint8_t *src, uint8_t *dst)
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
67 {
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
68 gcry_cipher_hd_t cipher_hd = (gcry_cipher_hd_t)ctx;
69 gcry_error_t gcry_err;
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
70
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
71 gcry_err = gcry_cipher_decrypt(
72 cipher_hd,
73 dst,
74 blk_len /* gcry_cipher_get_algo_blklen(GCRY_CIPHER_AES256) */,
75 src,
76 blk_len);
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
77
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
78 return (gcry_err != 0);
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
79 }
80
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
81 static int
82 gcrypt_set_key(void **ctx, void *arg1, void *arg2 __unused, const u_int8_t *key,
83 int keybits __unused)
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
84 {
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
85 gcry_cipher_hd_t *cipher_hd = (gcry_cipher_hd_t *)ctx;
86 int cipher = *((int *)arg1);
87 gcry_error_t gcry_err;
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
88
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
89 gcry_err = gcry_cipher_open(
90 cipher_hd,
91 cipher,
92 GCRY_CIPHER_MODE_ECB,
93 0);
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
94
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
95 if (gcry_err)
96 return -1;
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
97
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
98 gcry_err = gcry_cipher_setkey(
99 *cipher_hd,
100 key,
101 gcry_cipher_get_algo_keylen(cipher));
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
102
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
103 if (gcry_err) {
104 gcry_cipher_close(*cipher_hd);
105 *ctx = NULL;
106 return -1;
107 }
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
108
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
109 return 0;
110 }
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
111
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
112 static int
113 gcrypt_zero_key(void **ctx)
114 {
115 gcry_cipher_hd_t *cipher_hd = (gcry_cipher_hd_t *)ctx;
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
116
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
117 if (*cipher_hd == NULL)
118 return 0;
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
119
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
120 gcry_cipher_close(*cipher_hd);
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
121 return 0;
122 }
123
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
124 static
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
125 int
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
126 get_gcrypt_cipher_id(struct tc_crypto_algo *cipher)
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
127 {
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
128 if (strcmp(cipher->name, "AES-128-XTS") == 0)
129 return GCRY_CIPHER_AES128;
130 else if (strcmp(cipher->name, "AES-256-XTS") == 0)
131 return GCRY_CIPHER_AES256;
132 else if (strcmp(cipher->name, "TWOFISH-128-XTS") == 0)
133 return GCRY_CIPHER_TWOFISH128;
134 else if (strcmp(cipher->name, "TWOFISH-256-XTS") == 0)
6d60f48b »
2011-07-20 make compile on linux, update Makefile
135 return GCRY_CIPHER_TWOFISH; /* XXX: really 256? */
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
136 else if (strcmp(cipher->name, "SERPENT-128-XTS") == 0)
137 return GCRY_CIPHER_SERPENT128;
138 else if (strcmp(cipher->name, "SERPENT-256-XTS") == 0)
139 return GCRY_CIPHER_SERPENT256;
140 else
141 return -1;
142 }
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
143
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
144 int
145 syscrypt(struct tc_crypto_algo *cipher, unsigned char *key, size_t klen, unsigned char *iv,
146 unsigned char *in, unsigned char *out, size_t len, int do_encrypt)
147 {
148 struct xts_ctx *ctx;
149 int cipher_id;
150 int err;
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
151
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
152 cipher_id = get_gcrypt_cipher_id(cipher);
153 if (cipher_id < 0) {
154 tc_log(1, "Cipher %s not found\n",
155 cipher->name);
156 return ENOENT;
157 }
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
158
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
159 if ((ctx = (struct xts_ctx *)alloc_safe_mem(sizeof(struct xts_ctx))) ==
160 NULL) {
161 tc_log(1, "Could not allocate safe xts_xts memory\n");
162 return ENOMEM;
163 }
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
164
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
165 err = xts_init(ctx, &cipher_id, NULL, gcrypt_set_key, gcrypt_zero_key,
166 gcrypt_encrypt, gcrypt_decrypt,
167 gcry_cipher_get_algo_blklen(cipher_id),
168 key, klen);
169 if (err) {
170 tc_log(1, "Error initializing generic XTS\n");
171 return EINVAL;
172 }
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
173
4322ebf8 » jmesmon
2012-06-15 don't memcpy to ourselves (It is undefined)
174 /* When chaining ciphers, we reuse the input buffer as the output buffer */
175 if (out != in)
176 memcpy(out, in, len);
177
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
178 if (do_encrypt)
179 err = xts_encrypt(ctx, out, len, iv);
180 else
181 err = xts_decrypt(ctx, out, len, iv);
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
182
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
183 if (err) {
184 tc_log(1, "Error encrypting/decrypting\n");
185 xts_uninit(ctx);
186 return EINVAL;
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
187 }
188
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
189 xts_uninit(ctx);
190 free_safe_mem(ctx);
191
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
192 return 0;
193 }
194
195 int
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
196 tc_crypto_init(void)
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
197 {
2738209d »
2014-01-21 Use proper gcrypt initialization
198 if (!gcry_check_version(GCRYPT_VERSION)) {
199 tc_log(1, "libgcrypt version mismatch\n");
200 return EINVAL;
201 }
88ce8c89 »
2013-05-12 gcrypt - avoid double init
202
2738209d »
2014-01-21 Use proper gcrypt initialization
203 if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
204 return 0;
88ce8c89 »
2013-05-12 gcrypt - avoid double init
205
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
206 gcry_control(GCRYCTL_SUSPEND_SECMEM_WARN);
207 gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0);
208 gcry_control(GCRYCTL_RESUME_SECMEM_WARN);
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
209
65808bd3 »
2011-07-20 separate out bits; implement gcrypt backend
210 gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
34165edf »
2011-07-20 first step to porting to linux; can be broken :)
211
212 return 0;
213 }
Something went wrong with that request. Please try again.