1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
#include <stdio.h>
#include <string.h>
#include <stddef.h>
#include <sys/types.h>
#include <freeswan.h>
#include "constants.h"
#include "defs.h"
#include "log.h"
#include "libtwofish/twofish_cbc.h"
#include "alg_info.h"
#include "ike_alg.h"
#define TWOFISH_CBC_BLOCK_SIZE (128/BITS_PER_BYTE)
#define TWOFISH_KEY_MIN_LEN 128
#define TWOFISH_KEY_DEF_LEN 128
#define TWOFISH_KEY_MAX_LEN 256
static void
do_twofish(u_int8_t *buf, size_t buf_size, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc)
{
twofish_context twofish_ctx;
char iv_bak[TWOFISH_CBC_BLOCK_SIZE];
char *new_iv = NULL; /* logic will avoid copy to NULL */
twofish_set_key(&twofish_ctx, key, key_size);
/*
* my TWOFISH cbc does not touch passed IV (optimization for
* ESP handling), so I must "emulate" des-like IV
* crunching
*/
if (!enc)
memcpy(new_iv=iv_bak,
(char*) buf + buf_size-TWOFISH_CBC_BLOCK_SIZE,
TWOFISH_CBC_BLOCK_SIZE);
twofish_cbc_encrypt(&twofish_ctx, buf, buf, buf_size, iv, enc);
if (enc)
new_iv = (char*) buf + buf_size-TWOFISH_CBC_BLOCK_SIZE;
memcpy(iv, new_iv, TWOFISH_CBC_BLOCK_SIZE);
}
struct encrypt_desc encrypt_desc_twofish =
{
algo_type: IKE_ALG_ENCRYPT,
algo_id: OAKLEY_TWOFISH_CBC,
algo_next: NULL,
enc_ctxsize: sizeof(twofish_context),
enc_blocksize: TWOFISH_CBC_BLOCK_SIZE,
keydeflen: TWOFISH_KEY_MIN_LEN,
keyminlen: TWOFISH_KEY_DEF_LEN,
keymaxlen: TWOFISH_KEY_MAX_LEN,
do_crypt: do_twofish,
};
struct encrypt_desc encrypt_desc_twofish_ssh =
{
algo_type: IKE_ALG_ENCRYPT,
algo_id: OAKLEY_TWOFISH_CBC_SSH,
algo_next: NULL,
enc_ctxsize: sizeof(twofish_context),
enc_blocksize: TWOFISH_CBC_BLOCK_SIZE,
keydeflen: TWOFISH_KEY_MIN_LEN,
keyminlen: TWOFISH_KEY_DEF_LEN,
keymaxlen: TWOFISH_KEY_MAX_LEN,
do_crypt: do_twofish,
};
int ike_alg_twofish_init(void);
int
ike_alg_twofish_init(void)
{
int ret = ike_alg_register_enc(&encrypt_desc_twofish);
if (ike_alg_register_enc(&encrypt_desc_twofish_ssh) < 0)
plog("ike_alg_twofish_init(): Experimental OAKLEY_TWOFISH_CBC_SSH activation failed");
return ret;
}
/*
IKE_ALG_INIT_NAME: ike_alg_twofish_init
*/
|