BadVPN – Blame information for rev 1
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | /** |
2 | * @file BEncryption.c |
||
3 | * @author Ambroz Bizjak <ambrop7@gmail.com> |
||
4 | * |
||
5 | * @section LICENSE |
||
6 | * |
||
7 | * Redistribution and use in source and binary forms, with or without |
||
8 | * modification, are permitted provided that the following conditions are met: |
||
9 | * 1. Redistributions of source code must retain the above copyright |
||
10 | * notice, this list of conditions and the following disclaimer. |
||
11 | * 2. Redistributions in binary form must reproduce the above copyright |
||
12 | * notice, this list of conditions and the following disclaimer in the |
||
13 | * documentation and/or other materials provided with the distribution. |
||
14 | * 3. Neither the name of the author nor the |
||
15 | * names of its contributors may be used to endorse or promote products |
||
16 | * derived from this software without specific prior written permission. |
||
17 | * |
||
18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
||
19 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
||
20 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
||
21 | * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY |
||
22 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
||
23 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
||
24 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
||
25 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
||
26 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
||
27 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
||
28 | */ |
||
29 | |||
30 | #include <base/BLog.h> |
||
31 | |||
32 | #include <security/BEncryption.h> |
||
33 | |||
34 | #include <generated/blog_channel_BEncryption.h> |
||
35 | |||
36 | int BEncryption_cipher_valid (int cipher) |
||
37 | { |
||
38 | switch (cipher) { |
||
39 | case BENCRYPTION_CIPHER_BLOWFISH: |
||
40 | case BENCRYPTION_CIPHER_AES: |
||
41 | return 1; |
||
42 | default: |
||
43 | return 0; |
||
44 | } |
||
45 | } |
||
46 | |||
47 | int BEncryption_cipher_block_size (int cipher) |
||
48 | { |
||
49 | switch (cipher) { |
||
50 | case BENCRYPTION_CIPHER_BLOWFISH: |
||
51 | return BENCRYPTION_CIPHER_BLOWFISH_BLOCK_SIZE; |
||
52 | case BENCRYPTION_CIPHER_AES: |
||
53 | return BENCRYPTION_CIPHER_AES_BLOCK_SIZE; |
||
54 | default: |
||
55 | ASSERT(0) |
||
56 | return 0; |
||
57 | } |
||
58 | } |
||
59 | |||
60 | int BEncryption_cipher_key_size (int cipher) |
||
61 | { |
||
62 | switch (cipher) { |
||
63 | case BENCRYPTION_CIPHER_BLOWFISH: |
||
64 | return BENCRYPTION_CIPHER_BLOWFISH_KEY_SIZE; |
||
65 | case BENCRYPTION_CIPHER_AES: |
||
66 | return BENCRYPTION_CIPHER_AES_KEY_SIZE; |
||
67 | default: |
||
68 | ASSERT(0) |
||
69 | return 0; |
||
70 | } |
||
71 | } |
||
72 | |||
73 | void BEncryption_Init (BEncryption *enc, int mode, int cipher, uint8_t *key) |
||
74 | { |
||
75 | ASSERT(!(mode&~(BENCRYPTION_MODE_ENCRYPT|BENCRYPTION_MODE_DECRYPT))) |
||
76 | ASSERT((mode&BENCRYPTION_MODE_ENCRYPT) || (mode&BENCRYPTION_MODE_DECRYPT)) |
||
77 | |||
78 | enc->mode = mode; |
||
79 | enc->cipher = cipher; |
||
80 | |||
81 | #ifdef BADVPN_USE_CRYPTODEV |
||
82 | |||
83 | switch (enc->cipher) { |
||
84 | case BENCRYPTION_CIPHER_AES: |
||
85 | enc->cryptodev.cipher = CRYPTO_AES_CBC; |
||
86 | break; |
||
87 | default: |
||
88 | goto fail1; |
||
89 | } |
||
90 | |||
91 | if ((enc->cryptodev.fd = open("/dev/crypto", O_RDWR, 0)) < 0) { |
||
92 | BLog(BLOG_ERROR, "failed to open /dev/crypto"); |
||
93 | goto fail1; |
||
94 | } |
||
95 | |||
96 | if (ioctl(enc->cryptodev.fd, CRIOGET, &enc->cryptodev.cfd)) { |
||
97 | BLog(BLOG_ERROR, "failed ioctl(CRIOGET)"); |
||
98 | goto fail2; |
||
99 | } |
||
100 | |||
101 | struct session_op sess; |
||
102 | memset(&sess, 0, sizeof(sess)); |
||
103 | sess.cipher = enc->cryptodev.cipher; |
||
104 | sess.keylen = BEncryption_cipher_key_size(enc->cipher); |
||
105 | sess.key = key; |
||
106 | if (ioctl(enc->cryptodev.cfd, CIOCGSESSION, &sess)) { |
||
107 | BLog(BLOG_ERROR, "failed ioctl(CIOCGSESSION)"); |
||
108 | goto fail3; |
||
109 | } |
||
110 | |||
111 | enc->cryptodev.ses = sess.ses; |
||
112 | enc->use_cryptodev = 1; |
||
113 | |||
114 | goto success; |
||
115 | |||
116 | fail3: |
||
117 | ASSERT_FORCE(close(enc->cryptodev.cfd) == 0) |
||
118 | fail2: |
||
119 | ASSERT_FORCE(close(enc->cryptodev.fd) == 0) |
||
120 | fail1: |
||
121 | |||
122 | enc->use_cryptodev = 0; |
||
123 | |||
124 | #endif |
||
125 | |||
126 | int res; |
||
127 | |||
128 | switch (enc->cipher) { |
||
129 | case BENCRYPTION_CIPHER_BLOWFISH: |
||
130 | BF_set_key(&enc->blowfish, BENCRYPTION_CIPHER_BLOWFISH_KEY_SIZE, key); |
||
131 | break; |
||
132 | case BENCRYPTION_CIPHER_AES: |
||
133 | if (enc->mode&BENCRYPTION_MODE_ENCRYPT) { |
||
134 | res = AES_set_encrypt_key(key, 128, &enc->aes.encrypt); |
||
135 | ASSERT_EXECUTE(res >= 0) |
||
136 | } |
||
137 | if (enc->mode&BENCRYPTION_MODE_DECRYPT) { |
||
138 | res = AES_set_decrypt_key(key, 128, &enc->aes.decrypt); |
||
139 | ASSERT_EXECUTE(res >= 0) |
||
140 | } |
||
141 | break; |
||
142 | default: |
||
143 | ASSERT(0) |
||
144 | ; |
||
145 | } |
||
146 | |||
147 | #ifdef BADVPN_USE_CRYPTODEV |
||
148 | success: |
||
149 | #endif |
||
150 | // init debug object |
||
151 | DebugObject_Init(&enc->d_obj); |
||
152 | } |
||
153 | |||
154 | void BEncryption_Free (BEncryption *enc) |
||
155 | { |
||
156 | // free debug object |
||
157 | DebugObject_Free(&enc->d_obj); |
||
158 | |||
159 | #ifdef BADVPN_USE_CRYPTODEV |
||
160 | |||
161 | if (enc->use_cryptodev) { |
||
162 | ASSERT_FORCE(ioctl(enc->cryptodev.cfd, CIOCFSESSION, &enc->cryptodev.ses) == 0) |
||
163 | ASSERT_FORCE(close(enc->cryptodev.cfd) == 0) |
||
164 | ASSERT_FORCE(close(enc->cryptodev.fd) == 0) |
||
165 | } |
||
166 | |||
167 | #endif |
||
168 | } |
||
169 | |||
170 | void BEncryption_Encrypt (BEncryption *enc, uint8_t *in, uint8_t *out, int len, uint8_t *iv) |
||
171 | { |
||
172 | ASSERT(enc->mode&BENCRYPTION_MODE_ENCRYPT) |
||
173 | ASSERT(len >= 0) |
||
174 | ASSERT(len % BEncryption_cipher_block_size(enc->cipher) == 0) |
||
175 | |||
176 | #ifdef BADVPN_USE_CRYPTODEV |
||
177 | |||
178 | if (enc->use_cryptodev) { |
||
179 | struct crypt_op cryp; |
||
180 | memset(&cryp, 0, sizeof(cryp)); |
||
181 | cryp.ses = enc->cryptodev.ses; |
||
182 | cryp.len = len; |
||
183 | cryp.src = in; |
||
184 | cryp.dst = out; |
||
185 | cryp.iv = iv; |
||
186 | cryp.op = COP_ENCRYPT; |
||
187 | ASSERT_FORCE(ioctl(enc->cryptodev.cfd, CIOCCRYPT, &cryp) == 0) |
||
188 | |||
189 | return; |
||
190 | } |
||
191 | |||
192 | #endif |
||
193 | |||
194 | switch (enc->cipher) { |
||
195 | case BENCRYPTION_CIPHER_BLOWFISH: |
||
196 | BF_cbc_encrypt(in, out, len, &enc->blowfish, iv, BF_ENCRYPT); |
||
197 | break; |
||
198 | case BENCRYPTION_CIPHER_AES: |
||
199 | AES_cbc_encrypt(in, out, len, &enc->aes.encrypt, iv, AES_ENCRYPT); |
||
200 | break; |
||
201 | default: |
||
202 | ASSERT(0); |
||
203 | } |
||
204 | } |
||
205 | |||
206 | void BEncryption_Decrypt (BEncryption *enc, uint8_t *in, uint8_t *out, int len, uint8_t *iv) |
||
207 | { |
||
208 | ASSERT(enc->mode&BENCRYPTION_MODE_DECRYPT) |
||
209 | ASSERT(len >= 0) |
||
210 | ASSERT(len % BEncryption_cipher_block_size(enc->cipher) == 0) |
||
211 | |||
212 | #ifdef BADVPN_USE_CRYPTODEV |
||
213 | |||
214 | if (enc->use_cryptodev) { |
||
215 | struct crypt_op cryp; |
||
216 | memset(&cryp, 0, sizeof(cryp)); |
||
217 | cryp.ses = enc->cryptodev.ses; |
||
218 | cryp.len = len; |
||
219 | cryp.src = in; |
||
220 | cryp.dst = out; |
||
221 | cryp.iv = iv; |
||
222 | cryp.op = COP_DECRYPT; |
||
223 | ASSERT_FORCE(ioctl(enc->cryptodev.cfd, CIOCCRYPT, &cryp) == 0) |
||
224 | |||
225 | return; |
||
226 | } |
||
227 | |||
228 | #endif |
||
229 | |||
230 | switch (enc->cipher) { |
||
231 | case BENCRYPTION_CIPHER_BLOWFISH: |
||
232 | BF_cbc_encrypt(in, out, len, &enc->blowfish, iv, BF_DECRYPT); |
||
233 | break; |
||
234 | case BENCRYPTION_CIPHER_AES: |
||
235 | AES_cbc_encrypt(in, out, len, &enc->aes.decrypt, iv, AES_DECRYPT); |
||
236 | break; |
||
237 | default: |
||
238 | ASSERT(0); |
||
239 | } |
||
240 | } |