diff options
Diffstat (limited to 'keyexchange/isakmpd-20041012/crypto.h')
-rw-r--r-- | keyexchange/isakmpd-20041012/crypto.h | 175 |
1 files changed, 175 insertions, 0 deletions
diff --git a/keyexchange/isakmpd-20041012/crypto.h b/keyexchange/isakmpd-20041012/crypto.h new file mode 100644 index 0000000..1095c7e --- /dev/null +++ b/keyexchange/isakmpd-20041012/crypto.h @@ -0,0 +1,175 @@ +/* $OpenBSD: crypto.h,v 1.14 2004/05/14 08:42:56 hshoexer Exp $ */ +/* $EOM: crypto.h,v 1.12 2000/10/15 21:56:41 niklas Exp $ */ + +/* + * Copyright (c) 1998 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#ifndef _CRYPTO_H_ +#define _CRYPTO_H_ + +#if defined (__APPLE__) + +#include <openssl/des.h> +#ifdef USE_BLOWFISH +#include <openssl/blowfish.h> +#endif +#ifdef USE_CAST +#include <openssl/cast.h> +#endif + +#else + +#include <des.h> +#ifdef USE_BLOWFISH +#include <blf.h> +#endif +#ifdef USE_CAST +#include <cast.h> +#endif + +#endif /* __APPLE__ */ + +#ifdef USE_AES +#include <openssl/aes.h> +#endif + +#define USE_32BIT +#if defined (USE_64BIT) + +#define XOR64(x,y) *(u_int64_t *)(x) ^= *(u_int64_t *)(y); +#define SET64(x,y) *(u_int64_t *)(x) = *(u_int64_t *)(y); + +#elif defined (USE_32BIT) + +#define XOR64(x,y) *(u_int32_t *)(x) ^= *(u_int32_t *)(y); \ + *(u_int32_t *)((u_int8_t *)(x) + 4) ^= *(u_int32_t *)((u_int8_t *)(y) + 4); +#define SET64(x,y) *(u_int32_t *)(x) = *(u_int32_t *)(y); \ + *(u_int32_t *)((u_int8_t *)(x) + 4) = *(u_int32_t *)((u_int8_t *)(y) + 4); + +#else + +#define XOR8(x,y,i) (x)[i] ^= (y)[i]; +#define XOR64(x,y) XOR8(x,y,0); XOR8(x,y,1); XOR8(x,y,2); XOR8(x,y,3); \ + XOR8(x,y,4); XOR8(x,y,5); XOR8(x,y,6); XOR8(x,y,7); +#define SET8(x,y,i) (x)[i] = (y)[i]; +#define SET64(x,y) SET8(x,y,0); SET8(x,y,1); SET8(x,y,2); SET8(x,y,3); \ + SET8(x,y,4); SET8(x,y,5); SET8(x,y,6); SET8(x,y,7); + +#endif /* USE_64BIT */ + +#define SET_32BIT_BIG(x,y) (x)[3]= (y); (x)[2]= (y) >> 8; \ + (x)[1] = (y) >> 16; (x)[0]= (y) >> 24; +#define GET_32BIT_BIG(x) (u_int32_t)(x)[3] | ((u_int32_t)(x)[2] << 8) | \ + ((u_int32_t)(x)[1] << 16)| ((u_int32_t)(x)[0] << 24); + +/* + * This is standard for all block ciphers we use at the moment. + * Keep MAXBLK uptodate. + */ +#define BLOCKSIZE 8 + +#ifdef USE_AES +#define MAXBLK AES_BLOCK_SIZE +#else +#define MAXBLK BLOCKSIZE +#endif + +struct keystate { + struct crypto_xf *xf; /* Back pointer */ + u_int16_t ebytes; /* Number of encrypted bytes */ + u_int16_t dbytes; /* Number of decrypted bytes */ + time_t life; /* Creation time */ + u_int8_t iv[MAXBLK]; /* Next IV to use */ + u_int8_t iv2[MAXBLK]; + u_int8_t *riv, *liv; + union { + des_key_schedule desks[3]; +#ifdef USE_BLOWFISH + blf_ctx blfks; +#endif +#ifdef USE_CAST + cast_key castks; +#endif +#ifdef USE_AES + AES_KEY aesks[2]; +#endif + } keydata; +}; + +#define ks_des keydata.desks +#define ks_blf keydata.blfks +#define ks_cast keydata.castks +#define ks_aes keydata.aesks + +/* + * Information about the cryptotransform. + * + * XXX - In regards to the IV (Initialization Vector) the drafts are + * completly fucked up and specify a MUST as how it is derived, so + * we also have to provide for that. I just don't know where. + * Furthermore is this enum needed at all? It seems to be Oakley IDs + * only anyhow, and we already have defines for that in ipsec_doi.h. + */ +enum transform { + DES_CBC = 1, /* This is a MUST */ + IDEA_CBC = 2, /* Licensed, DONT use */ + BLOWFISH_CBC = 3, + RC5_R16_B64_CBC = 4, /* Licensed, DONT use */ + TRIPLEDES_CBC = 5, /* This is a SHOULD */ + CAST_CBC = 6, + AES_CBC = 7 +}; + +enum cryptoerr { + EOKAY, /* No error */ + ENOCRYPTO, /* A none crypto related error, see errno */ + EWEAKKEY, /* A weak key was found in key setup */ + EKEYLEN /* The key length was invalid for the cipher */ +}; + +struct crypto_xf { + enum transform id; /* Oakley ID */ + char *name; /* Transform Name */ + u_int16_t keymin, keymax; /* Possible Keying Bytes */ + u_int16_t blocksize; /* Need to keep IV in the state */ + struct keystate *state; /* Key information, can also be passed sep. */ + enum cryptoerr (*init)(struct keystate *, u_int8_t *, u_int16_t); + void (*encrypt)(struct keystate *, u_int8_t *, u_int16_t); + void (*decrypt)(struct keystate *, u_int8_t *, u_int16_t); +}; + +extern struct keystate *crypto_clone_keystate(struct keystate *); +extern void crypto_decrypt(struct keystate *, u_int8_t *, u_int16_t); +extern void crypto_encrypt(struct keystate *, u_int8_t *, u_int16_t); +extern struct crypto_xf *crypto_get(enum transform); +extern struct keystate *crypto_init(struct crypto_xf *, u_int8_t *, u_int16_t, + enum cryptoerr *); +extern void crypto_init_iv(struct keystate *, u_int8_t *, size_t); +extern void crypto_update_iv(struct keystate *); + +#endif /* _CRYPTO_H_ */ |