1 /* $OpenBSD: e_rc2.c,v 1.29 2024/04/09 13:52:41 beck Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59 #include <limits.h>
60 #include <stdio.h>
61
62 #include <openssl/opensslconf.h>
63
64 #ifndef OPENSSL_NO_RC2
65
66 #include <openssl/err.h>
67 #include <openssl/evp.h>
68 #include <openssl/objects.h>
69 #include <openssl/rc2.h>
70
71 #include "evp_local.h"
72
73 static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
74 const unsigned char *iv, int enc);
75 static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx);
76 static int rc2_magic_to_meth(int i);
77 static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
78 static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
79 static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
80
81 typedef struct {
82 int key_bits; /* effective key bits */
83 RC2_KEY ks; /* key schedule */
84 } EVP_RC2_KEY;
85
86 #define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data)
87
88 static int
rc2_cbc_cipher(EVP_CIPHER_CTX * ctx,unsigned char * out,const unsigned char * in,size_t inl)89 rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
90 {
91 size_t chunk = LONG_MAX & ~0xff;
92
93 while (inl >= chunk) {
94 RC2_cbc_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
95 inl -= chunk;
96 in += chunk;
97 out += chunk;
98 }
99
100 if (inl)
101 RC2_cbc_encrypt(in, out, (long)inl, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
102
103 return 1;
104 }
105
106 static int
rc2_cfb64_cipher(EVP_CIPHER_CTX * ctx,unsigned char * out,const unsigned char * in,size_t inl)107 rc2_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
108 {
109 size_t chunk = LONG_MAX & ~0xff;
110
111 if (inl < chunk)
112 chunk = inl;
113
114 while (inl && inl >= chunk) {
115 RC2_cfb64_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt);
116 inl -= chunk;
117 in += chunk;
118 out += chunk;
119 if (inl < chunk)
120 chunk = inl;
121 }
122
123 return 1;
124 }
125
126 static int
rc2_ecb_cipher(EVP_CIPHER_CTX * ctx,unsigned char * out,const unsigned char * in,size_t inl)127 rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
128 {
129 size_t i, bl;
130
131 bl = ctx->cipher->block_size;
132
133 if (inl < bl)
134 return 1;
135
136 inl -= bl;
137
138 for (i = 0; i <= inl; i += bl)
139 RC2_ecb_encrypt(in + i, out + i, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->encrypt);
140
141 return 1;
142 }
143
144 static int
rc2_ofb_cipher(EVP_CIPHER_CTX * ctx,unsigned char * out,const unsigned char * in,size_t inl)145 rc2_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
146 {
147 size_t chunk = LONG_MAX & ~0xff;
148
149 while (inl >= chunk) {
150 RC2_ofb64_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
151 inl -= chunk;
152 in += chunk;
153 out += chunk;
154 }
155
156 if (inl)
157 RC2_ofb64_encrypt(in, out, (long)inl, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
158
159 return 1;
160 }
161
162 static const EVP_CIPHER rc2_cbc = {
163 .nid = NID_rc2_cbc,
164 .block_size = 8,
165 .key_len = RC2_KEY_LENGTH,
166 .iv_len = 8,
167 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_CBC_MODE,
168 .init = rc2_init_key,
169 .do_cipher = rc2_cbc_cipher,
170 .cleanup = NULL,
171 .ctx_size = sizeof(EVP_RC2_KEY),
172 .set_asn1_parameters = rc2_set_asn1_type_and_iv,
173 .get_asn1_parameters = rc2_get_asn1_type_and_iv,
174 .ctrl = rc2_ctrl,
175 };
176
177 const EVP_CIPHER *
EVP_rc2_cbc(void)178 EVP_rc2_cbc(void)
179 {
180 return &rc2_cbc;
181 }
182 LCRYPTO_ALIAS(EVP_rc2_cbc);
183
184 static const EVP_CIPHER rc2_cfb64 = {
185 .nid = NID_rc2_cfb64,
186 .block_size = 1,
187 .key_len = RC2_KEY_LENGTH,
188 .iv_len = 8,
189 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_CFB_MODE,
190 .init = rc2_init_key,
191 .do_cipher = rc2_cfb64_cipher,
192 .cleanup = NULL,
193 .ctx_size = sizeof(EVP_RC2_KEY),
194 .set_asn1_parameters = rc2_set_asn1_type_and_iv,
195 .get_asn1_parameters = rc2_get_asn1_type_and_iv,
196 .ctrl = rc2_ctrl,
197 };
198
199 const EVP_CIPHER *
EVP_rc2_cfb64(void)200 EVP_rc2_cfb64(void)
201 {
202 return &rc2_cfb64;
203 }
204 LCRYPTO_ALIAS(EVP_rc2_cfb64);
205
206 static const EVP_CIPHER rc2_ofb = {
207 .nid = NID_rc2_ofb64,
208 .block_size = 1,
209 .key_len = RC2_KEY_LENGTH,
210 .iv_len = 8,
211 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_OFB_MODE,
212 .init = rc2_init_key,
213 .do_cipher = rc2_ofb_cipher,
214 .cleanup = NULL,
215 .ctx_size = sizeof(EVP_RC2_KEY),
216 .set_asn1_parameters = rc2_set_asn1_type_and_iv,
217 .get_asn1_parameters = rc2_get_asn1_type_and_iv,
218 .ctrl = rc2_ctrl,
219 };
220
221 const EVP_CIPHER *
EVP_rc2_ofb(void)222 EVP_rc2_ofb(void)
223 {
224 return &rc2_ofb;
225 }
226 LCRYPTO_ALIAS(EVP_rc2_ofb);
227
228 static const EVP_CIPHER rc2_ecb = {
229 .nid = NID_rc2_ecb,
230 .block_size = 8,
231 .key_len = RC2_KEY_LENGTH,
232 .iv_len = 0,
233 .flags = EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT | EVP_CIPH_ECB_MODE,
234 .init = rc2_init_key,
235 .do_cipher = rc2_ecb_cipher,
236 .cleanup = NULL,
237 .ctx_size = sizeof(EVP_RC2_KEY),
238 .set_asn1_parameters = rc2_set_asn1_type_and_iv,
239 .get_asn1_parameters = rc2_get_asn1_type_and_iv,
240 .ctrl = rc2_ctrl,
241 };
242
243 const EVP_CIPHER *
EVP_rc2_ecb(void)244 EVP_rc2_ecb(void)
245 {
246 return &rc2_ecb;
247 }
248 LCRYPTO_ALIAS(EVP_rc2_ecb);
249
250 #define RC2_40_MAGIC 0xa0
251 #define RC2_64_MAGIC 0x78
252 #define RC2_128_MAGIC 0x3a
253
254 static const EVP_CIPHER r2_64_cbc_cipher = {
255 .nid = NID_rc2_64_cbc,
256 .block_size = 8,
257 .key_len = 8,
258 .iv_len = 8,
259 .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
260 .init = rc2_init_key,
261 .do_cipher = rc2_cbc_cipher,
262 .cleanup = NULL,
263 .ctx_size = sizeof(EVP_RC2_KEY),
264 .set_asn1_parameters = rc2_set_asn1_type_and_iv,
265 .get_asn1_parameters = rc2_get_asn1_type_and_iv,
266 .ctrl = rc2_ctrl,
267 };
268
269 static const EVP_CIPHER r2_40_cbc_cipher = {
270 .nid = NID_rc2_40_cbc,
271 .block_size = 8,
272 .key_len = 5,
273 .iv_len = 8,
274 .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
275 .init = rc2_init_key,
276 .do_cipher = rc2_cbc_cipher,
277 .cleanup = NULL,
278 .ctx_size = sizeof(EVP_RC2_KEY),
279 .set_asn1_parameters = rc2_set_asn1_type_and_iv,
280 .get_asn1_parameters = rc2_get_asn1_type_and_iv,
281 .ctrl = rc2_ctrl,
282 };
283
284 const EVP_CIPHER *
EVP_rc2_64_cbc(void)285 EVP_rc2_64_cbc(void)
286 {
287 return (&r2_64_cbc_cipher);
288 }
289 LCRYPTO_ALIAS(EVP_rc2_64_cbc);
290
291 const EVP_CIPHER *
EVP_rc2_40_cbc(void)292 EVP_rc2_40_cbc(void)
293 {
294 return (&r2_40_cbc_cipher);
295 }
296 LCRYPTO_ALIAS(EVP_rc2_40_cbc);
297
298 static int
rc2_init_key(EVP_CIPHER_CTX * ctx,const unsigned char * key,const unsigned char * iv,int enc)299 rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
300 const unsigned char *iv, int enc)
301 {
302 RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
303 key, data(ctx)->key_bits);
304 return 1;
305 }
306
307 static int
rc2_meth_to_magic(EVP_CIPHER_CTX * e)308 rc2_meth_to_magic(EVP_CIPHER_CTX *e)
309 {
310 int i;
311
312 if (EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i) <= 0)
313 return (0);
314 if (i == 128)
315 return (RC2_128_MAGIC);
316 else if (i == 64)
317 return (RC2_64_MAGIC);
318 else if (i == 40)
319 return (RC2_40_MAGIC);
320 else
321 return (0);
322 }
323
324 static int
rc2_magic_to_meth(int i)325 rc2_magic_to_meth(int i)
326 {
327 if (i == RC2_128_MAGIC)
328 return 128;
329 else if (i == RC2_64_MAGIC)
330 return 64;
331 else if (i == RC2_40_MAGIC)
332 return 40;
333 else {
334 EVPerror(EVP_R_UNSUPPORTED_KEY_SIZE);
335 return (0);
336 }
337 }
338
339 static int
rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX * c,ASN1_TYPE * type)340 rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
341 {
342 long num = 0;
343 int i = 0;
344 int key_bits;
345 int l;
346 unsigned char iv[EVP_MAX_IV_LENGTH];
347
348 if (type != NULL) {
349 l = EVP_CIPHER_CTX_iv_length(c);
350 if (l < 0 || l > sizeof(iv)) {
351 EVPerror(EVP_R_IV_TOO_LARGE);
352 return -1;
353 }
354 i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
355 if (i != l)
356 return (-1);
357 key_bits = rc2_magic_to_meth((int)num);
358 if (!key_bits)
359 return (-1);
360 if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
361 return -1;
362 if (EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS,
363 key_bits, NULL) <= 0)
364 return -1;
365 if (!EVP_CIPHER_CTX_set_key_length(c, key_bits / 8))
366 return -1;
367 }
368 return (i);
369 }
370
371 static int
rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX * c,ASN1_TYPE * type)372 rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
373 {
374 long num;
375 int i = 0, j;
376
377 if (type != NULL) {
378 num = rc2_meth_to_magic(c);
379 j = EVP_CIPHER_CTX_iv_length(c);
380 if (j < 0 || j > sizeof(c->oiv))
381 return 0;
382 i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j);
383 }
384 return (i);
385 }
386
387 static int
rc2_ctrl(EVP_CIPHER_CTX * c,int type,int arg,void * ptr)388 rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
389 {
390 switch (type) {
391 case EVP_CTRL_INIT:
392 data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
393 return 1;
394
395 case EVP_CTRL_GET_RC2_KEY_BITS:
396 *(int *)ptr = data(c)->key_bits;
397 return 1;
398
399 case EVP_CTRL_SET_RC2_KEY_BITS:
400 if (arg > 0) {
401 data(c)->key_bits = arg;
402 return 1;
403 }
404 return 0;
405
406 default:
407 return -1;
408 }
409 }
410
411 #endif
412