--- /dev/null
+/*
+ cipher.c -- Symmetric block cipher handling
+ Copyright (C) 2007 Guus Sliepen <guus@tinc-vpn.org>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+ $Id$
+*/
+
+#include "system.h"
+
+#include "cipher.h"
+
+static struct {
+ const char *name,
+ enum gcry_cipher_algos algo,
+ enum gcry_cipher_modes mode,
+ int nid,
+} ciphertable[] = {
+ {"none", GCRY_CIPHER_NONE, GCRY_CIPHER_MODE_NONE, 0},
+
+ {NULL, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_ECB, 92},
+ {"blowfish", GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, 91},
+ {NULL, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CFB, 93},
+ {NULL, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB, 94},
+
+ {NULL, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 418},
+ {"aes", GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 419},
+ {NULL, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CFB, 421},
+ {NULL, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_OFB, 420},
+
+ {NULL, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_ECB, 422},
+ {"aes192", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC, 423},
+ {NULL, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CFB, 425},
+ {NULL, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_OFB, 424},
+
+ {NULL, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_ECB, 426},
+ {"aes256", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 427},
+ {NULL, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB, 429},
+ {NULL, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB, 428},
+};
+
+static bool nametocipher(const char *name, enum gcry_cipher_algos *algo, enum gcry_cipher_modes *mode) {
+ int i;
+
+ for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) {
+ if(ciphertable[i].name && !strcasecmp(name, ciphertable[i].name)) {
+ *algo = ciphertable[i].algo;
+ *mode = ciphertable[i].mode;
+ return true;
+ }
+ }
+
+ return false;
+}
+
+static bool nidtocipher(int nid, enum gcry_cipher_algos *algo, enum gcry_cipher_modes *mode) {
+ int i;
+
+ for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) {
+ if(nid == ciphertable[i].nid) {
+ *algo = ciphertable[i].algo;
+ *mode = ciphertable[i].mode;
+ return true;
+ }
+ }
+
+ return false;
+}
+
+static bool ciphertonid(enum gcry_cipher_algos algo, enum gcry_cipher_modes mode, int *nid) {
+ int i;
+
+ for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) {
+ if(algo == ciphertable[i].algo && mode == ciphertable[i].mode) {
+ *nid = ciphertable[i].nid;
+ return true;
+ }
+ }
+
+ return false;
+}
+
+static bool cipher_open(cipher_t *cipher, int algo, int mode) {
+ gcry_error_t err;
+
+ if(!ciphertonid(algo, mode, &cipher->nid)) {
+ logger(LOG_DEBUG< _("Cipher %d mode %d has no corresponding nid!"), algo, mode);
+ return false;
+ }
+
+ if((err = gcry_cipher_open(&cipher->handle, algo, mode, 0))) {
+ logger(LOG_DEBUG, _("Unable to intialise cipher %d mode %d!"), algo, mode);
+ return false;
+ }
+
+ cipher->keylen = gcry_cipher_get_algo_keylen(algo);
+ if(mode == GCRY_MODE_ECB || mode == GCRY_MODE_CBC)
+ cipher->blklen = gcry_cipher_get_algo_blklen(algo);
+ else
+ cipher->blklen = 0;
+ cipher->key = xmalloc(cipher->keylen, cipher->blklen);
+
+ return true;
+}
+
+bool cipher_open_by_name(cipher_t *cipher, const char *name) {
+ int algo, mode;
+
+ if(!nametocipher(name, &algo, &mode)) {
+ logger(LOG_DEBUG, _("Unknown cipher name '%s'!"), name);
+ return false;
+ }
+
+ return cipher_open(cipher, algo, mode);
+}
+
+bool cipher_open_by_nid(cipher_t *cipher, int nid) {
+ int algo, mode;
+
+ if(!nidtocipher(nid, &algo, &mode)) {
+ logger(LOG_DEBUG, _("Unknown cipher ID %d!"), nid);
+ return false;
+ }
+
+ return cipher_open(cipher, algo, mode);
+}
+
+bool cipher_open_blowfish_ofb(cipher_t *cipher) {
+ return cipher_open(cipher, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB);
+}
+
+void cipher_close(cipher_t *cipher) {
+ if(cipher->handle) {
+ gcry_cipher_close(cipher->handle);
+ cipher->handle = NULL;
+ }
+
+ if(cipher->key) {
+ free(cipher->key);
+ cipher->key = NULL;
+ }
+}
+
+bool cipher_regenerate_key(cipher_t *cipher) {
+ gcry_create_nonce(cipher->key, cipher->keylen + cipher->blklen);
+
+ gcry_cipher_setkey(cipher->handle, cipher->key, cipher->keylen);
+ gcry_cipher_setiv(cipher->handle, cipher->key + keylen, cipher->blklen);
+
+ return true;
+}
+
+bool cipher_add_padding(cipher_t *cipher, void *indata, size_t inlen, size_t *outlen) {
+ size_t reqlen;
+
+ if(cipher->blklen == 1) {
+ *outlen = inlen;
+ return true;
+
+ reqlen = ((inlen + 1) / cipher->blklen) * cipher->blklen;
+ if(reqlen > outlen)
+ return false;
+
+ // add padding
+
+ *outlen = reqlen;
+ return true;
+}
+
+bool cipher_remove_padding(cipher_t *cipher, void *indata, size_t inlen, size_t *outlen) {
+ size_t origlen;
+
+ if(cipher->blklen == 1) {
+ *outlen = inlen;
+ return true;
+ }
+
+ if(inlen % cipher->blklen)
+ return false;
+
+ // check and remove padding
+
+ *outlen = origlen;
+ return true;
+}
+
+bool cipher_encrypt(cipher_t *cipher, void *indata, size_t inlen, void *outdata, size_t *outlen) {
+ gcry_error_t err;
+
+ if((err = gcry_cipher_encrypt(cipher->handle, oudata, inlen, indata, inlen))) {
+ logger(LOG_ERR, _("Error while encrypting"));
+ return false;
+ }
+
+ return true;
+}
+
+bool cipher_decrypt(cipher_t *cipher, void *indata, size_t inlen, void *outdata, size_t *outlen) {
+ gcry_error_t err;
+
+ if((err = gcry_cipher_decrypt(cipher->handle, oudata, inlen, indata, inlen))) {
+ logger(LOG_ERR, _("Error while encrypting"));
+ return false;
+ }
+
+ return true;
+}
+
+void cipher_reset(cipher_t *cipher) {
+ gcry_cipher_reset(cipher->handle);
+ gcry_cipher_setiv(cipher->handle, cipher->key + keylen, cipher->blklen);
+}
+
+int cipher_get_nid(cipher_t *cipher) {
+ return cipher->nid;
+}
+
--- /dev/null
+/*
+ cipher.h -- header file cipher.c
+ Copyright (C) 2007 Guus Sliepen <guus@tinc-vpn.org>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+ $Id$
+*/
+
+#ifndef __TINC_CIPHER_H__
+#define __TINC_CIPHER_H__
+
+#include <gcrypt.h>
+
+typedef struct cipher {
+ gcry_cipher_hd_t handle;
+ char *key;
+ int nid;
+ uint16_t keylen;
+ uint16_t blklen;
+} cipher_t;
+
+bool cipher_open_by_name(struct cipher *, const char *);
+bool cipher_open_by_nid(struct cipher *, int);
+bool cipher_open_blowfish_ofb(struct cipher *);
+void cipher_close(struct cipher *);
+bool cipher_regenerate_key(struct cipher *);
+bool cipher_encrypt(struct cipher *, void *indata, size_t inlen, void *outdata, size_t *outlen);
+bool cipher_decrypt(struct cipher *, void *indata, size_t inlen, void *outdata, size_t *outlen);
+int cipher_get_nid(struct cipher *);
+
+#endif
--- /dev/null
+/*
+ digest.c -- Digest handling
+ Copyright (C) 2007 Guus Sliepen <guus@tinc-vpn.org>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+ $Id$
+*/
+
+#include "system.h"
+
+#include "digest.h"
+
+static struct {
+ const char *name,
+ enum gcry_md_algos algo,
+ int nid,
+} digesttable[] = {
+ {"none", GCRY_MD_NONE, 0},
+ {"sha1", GCRY_MD_SHA1, 64},
+ {"sha256", GCRY_MD_SHA256, 672},
+ {"sha384", GCRY_MD_SHA384, 673},
+ {"sha512", GCRY_MD_SHA512, 674},
+};
+
+static bool nidtodigest(int nid, enum gcry_md_algos *algo) {
+ int i;
+
+ for(i = 0; i < sizeof digesttable / sizeof *digesttable; i++) {
+ if(nid == digesttable[i].nid) {
+ *algo = digesttable[i].algo;
+ return true;
+ }
+ }
+
+ return false;
+}
+
+static bool digesttonid(enum gcry_md_algos algo, int *nid) {
+ int i;
+
+ for(i = 0; i < sizeof digesttable / sizeof *digesttable; i++) {
+ if(algo == digesttable[i].algo) {
+ *nid = digesttable[i].nid;
+ return true;
+ }
+ }
+
+ return false;
+}
+
+static bool digest_open(digest_t *digest, int algo) {
+ if(!digesttonid(algo, &digest->nid)) {
+ logger(LOG_DEBUG< _("Digest %d has no corresponding nid!"), algo);
+ return false;
+ }
+
+ digest->len = gcry_md_get_algo_dlen(algo);
+
+ return true;
+}
+
+bool digest_open_by_name(digest_t *digest, const char *name) {
+ int algo;
+
+ if(!nametodigest(name, &algo)) {
+ logger(LOG_DEBUG, _("Unknown digest name '%s'!"), name);
+ return false;
+ }
+
+ return digest_open(digest, algo);
+}
+
+bool digest_open_by_nid(digest_t *digest, int nid) {
+ int algo;
+
+ if(!nidtodigest(nid, &algo)) {
+ logger(LOG_DEBUG, _("Unknown digest ID %d!"), nid);
+ return false;
+ }
+
+ return digest_open(digest, algo, mode);
+}
+
+bool digest_open_sha1(digest_t *digest) {
+ return digest_open(digest, GCRY_MD_SHA1);
+}
+
+void digest_close(digest_t *digest) {
+}
+
+bool digest_create(digest_t *digest, void *indata, size_t inlen, void *outdata) {
+ gcry_error_t err;
+
+ if((err = gcry_md_hash_buffer(digest->algo, outdata, indata, inlen))) {
+ logger(LOG_ERR, _("Error while creating digest!"));
+ return false;
+ }
+
+ *outlen = digest->len;
+ return true;
+}
+
+bool digest_verify(digest_t *digest, void *indata, size_t inlen, void *cmpdata) {
+ gcry_error_t err;
+ char outdata[digest->len];
+
+ if((err = gcry_md_hash_buffer(digest->algo, outdata, indata, inlen))) {
+ logger(LOG_ERR, _("Error while creating digest!"));
+ return false;
+ }
+
+ return !memcmp(indata, outdata, digest->len);
+}
+
+int digest_get_nid(digest_t *digest) {
+ return digest->nid;
+}
+
--- /dev/null
+/*
+ digest.h -- header file digest.c
+ Copyright (C) 2007 Guus Sliepen <guus@tinc-vpn.org>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+ $Id$
+*/
+
+#ifndef __TINC_DIGEST_H__
+#define __TINC_DIGEST_H__
+
+#include <gcrypt.h>
+
+typedef struct digest {
+ enum gcry_md_algos algo;
+ int nid;
+ uint16_t len;
+} digest_t;
+
+bool digest_open_by_name(struct digest_t *, const char *);
+bool digest_open_by_nid(struct digest_t *, int);
+bool digest_open_sha1(struct digest_t *);
+bool digest_create(struct digest_t *, void *indata, size_t inlen, void *outdata, size_t *outlen);
+bool digest_verify(struct digest_t *, void *indata, size_t inlen, void *digestdata, size_t digestlen);
+int digest_get_nid(struct digest_t *);
+
+#endif
projects / tinc / commitdiff