blowfish_crypto.cpp

Go to the documentation of this file.

/*****************************************************************************\
*                                                                             *
*  Name   : blowfish encryption                                               *
*  Author : Chris Koeritz                                                     *
*                                                                             *
*******************************************************************************
* Copyright (c) 2005-$now By Author.  This program is free software; you can  *
* redistribute it and/or modify it under the terms of the GNU General Public  *
* License as published by the Free Software Foundation; either version 2 of   *
* the License or (at your option) any later version.  This is online at:      *
*     http://www.fsf.org/copyleft/gpl.html                                    *
* Please send any updates to: fred@gruntose.com                               *
\*****************************************************************************/
 
#include "blowfish_crypto.h"
#include "ssl_init.h"
 
#include <basis/astring.h>
#include <basis/functions.h>
#include <basis/mutex.h>
#include <loggers/critical_events.h>
#include <loggers/program_wide_logger.h>
#include <mathematics/chaos.h>
#include <structures/static_memory_gremlin.h>
 
#include <openssl/blowfish.h>
#include <openssl/err.h>
#include <openssl/evp.h>
 
using namespace basis;
using namespace loggers;
using namespace mathematics;
using namespace structures;
 
namespace crypto {
 
const int FUDGE = 128;
  // extra space for the cipher's block size.  blowfish is only 8 bytes for
  // the cipher block size, but we ensure there will definitely be no
  // problems.
 
//#undef set_key
  // get rid of a macro we don't want.
 
#define DEBUG_BLOWFISH
  // uncomment for noisier version.
 
#undef ALWAYS_LOG
#define ALWAYS_LOG(t) CLASS_EMERGENCY_LOG(program_wide_logger::get(), t)
#ifdef DEBUG_BLOWFISH
  #undef LOG
  #define LOG(t) CLASS_EMERGENCY_LOG(program_wide_logger::get(), t)
#else
  #undef LOG
  #define LOG(t) 
#endif
 
// helpful macro for the error string of last failure.
#define GET_SSL_ERROR() \
  ERR_error_string(ERR_get_error(), NULL_POINTER)
 
#ifdef DEBUG_BLOWFISH
  // this macro checks on the validity of the key sizes (in bits).
  #define DISCUSS_KEY_SIZE(key_size) \
    if (key_size < minimum_key_size()) { \
      deadly_error(static_class_name(), func, \
          a_sprintf("key size (%d bits) is less than minimum key size %d.", \
              key_size, minimum_key_size())); \
      } \
  if (key_size > maximum_key_size()) { \
      deadly_error(static_class_name(), func, \
          a_sprintf("key size (%d bits) is greater than maximum key size %d.", \
              key_size, maximum_key_size())); \
    }
  
  // this macro checks that the key in the byte array has enough bytes for
  // the key size bits.
  #define DISCUSS_PROVIDED_KEY(key_size, key) \
    if (key.length() * BITS_PER_BYTE < key_size) { \
      deadly_error(static_class_name(), func, \
          a_sprintf("key array length (%d) is less than required by key size " \
              "(%d bits).", key.length(), key_size)); \
    }
#else
  #define DISCUSS_PROVIDED_KEY(key_size, key) 
  #define DISCUSS_KEY_SIZE(key_size) 
#endif
 
blowfish_crypto::blowfish_crypto(int key_size)
: _key_size(key_size),
  _key(new byte_array)
{
  FUNCDEF("ctor(int)");
  static_ssl_initializer();
  LOG("prior to key size discuss");
  DISCUSS_KEY_SIZE(key_size);
  if (key_size < minimum_key_size())
    _key_size = minimum_key_size();
  if (key_size > maximum_key_size())
    _key_size = maximum_key_size();
  LOG("prior to generate key");
  generate_key(_key_size, *_key);
  LOG("after generate key");
}
 
blowfish_crypto::blowfish_crypto(const byte_array &key, int key_size)
: _key_size(key_size),
  _key(new byte_array(key))
{
  FUNCDEF("ctor(byte_array,int)");
  static_ssl_initializer();
  // any problems with the key provided are horrid.  they will yield a
  // non-working blowfish object.
  LOG("prior to key size discuss");
  DISCUSS_KEY_SIZE(key_size);
  LOG("prior to provided key discuss");
  DISCUSS_PROVIDED_KEY(key_size, key);
  LOG("prior to ssl static init");
  LOG("after ssl static init");
}
 
blowfish_crypto::blowfish_crypto(const blowfish_crypto &to_copy)
: root_object(),
  _key_size(to_copy._key_size),
  _key(new byte_array(*to_copy._key))
{
  FUNCDEF("copy ctor");
  static_ssl_initializer(); 
  LOG("after ssl static init");
}
 
blowfish_crypto::~blowfish_crypto()
{
  FUNCDEF("destructor");
  LOG("prior to key whack");
  WHACK(_key);
  LOG("after key whack");
}
 
int blowfish_crypto::key_size() const { return _key_size; }
 
const byte_array &blowfish_crypto::get_key() const { return *_key; }
 
int blowfish_crypto::minimum_key_size() { return 64; }
 
int blowfish_crypto::maximum_key_size() { return 448; }
 
blowfish_crypto &blowfish_crypto::operator = (const blowfish_crypto &to_copy)
{
  if (this == &to_copy) return *this;
  _key_size = to_copy._key_size;
  *_key = *to_copy._key;
  return *this;
}
 
bool blowfish_crypto::set_key(const byte_array &new_key, int key_size)
{
  FUNCDEF("set_key");
  if (!new_key.length()) return false;
  DISCUSS_KEY_SIZE(key_size);
  DISCUSS_PROVIDED_KEY(key_size, new_key);
  if ( (key_size < minimum_key_size()) || (key_size > maximum_key_size()) )
    return false;
  if (new_key.length() * BITS_PER_BYTE < key_size) return false;
  _key_size = key_size;
  *_key = new_key;
  return true;
}
 
void blowfish_crypto::generate_key(int size, byte_array &new_key)
{
  FUNCDEF("generate_key");
  static_ssl_initializer();
  DISCUSS_KEY_SIZE(size);
  if (size < minimum_key_size())
    size = minimum_key_size();
  else if (size > maximum_key_size())
    size = maximum_key_size();
  int bytes = size / BITS_PER_BYTE;  // calculate the number of bytes needed.
  if (size % BITS_PER_BYTE) bytes++;  // add one for non-integral portion.
  new_key.reset(bytes);
  for (int i = 0; i < bytes; i++)
    new_key[i] = static_ssl_initializer().randomizer().inclusive(0, 255);
}
 
SAFE_STATIC(mutex, __vector_init_lock, )
 
const byte_array &blowfish_crypto::init_vector()
{
  FUNCDEF("init_vector");
  static_ssl_initializer();
  auto_synchronizer locking(__vector_init_lock());
  static byte_array to_return(EVP_MAX_IV_LENGTH);
  static bool initted = false;
  if (!initted) {
    LOG("actually doing init");
    for (int i = 0; i < to_return.length(); i++)
      to_return[i] = abyte(214 - i);
    initted = true;
    LOG("finished init process");
  }
  return to_return;
}
 
bool blowfish_crypto::encrypt(const byte_array &source,
    byte_array &target) const
{
  FUNCDEF("encrypt");
ALWAYS_LOG(">>encrypt>>");
  target.reset();
  if (!_key->length() || !source.length()) return false;
  bool to_return = true;
 
LOG(a_sprintf("  encrypting %d bytes", source.length()));
 
  // initialize an encoding session.
  EVP_CIPHER_CTX *session = EVP_CIPHER_CTX_new();
  EVP_CIPHER_CTX_init(session);
 
//new rules!
//EVP_EncryptInit to set the cipher, but leave key and IV null and unset
//EVP_CIPHER_CTX_set_key_length and EVP_CTRL_AEAD_SET_IVLEN
//EVP_EncryptInit again. This time leave cipher null, because you've already set it, and set the key and IV.
 
  int initret = EVP_EncryptInit_ex(session, EVP_bf_cbc(), NULL_POINTER, NULL_POINTER, NULL_POINTER);
  if (!initret) {
    // zero means a failure of the initialization.
    ALWAYS_LOG(a_sprintf("failure in calling EVP_EncryptInit_ex, with error %s", GET_SSL_ERROR()));
    exit(1);
  }
  LOG(a_sprintf("  calling set key len with key size of %d", _key_size));
  // new fancy footwork needed to keep openssl from blowing up and claiming we didn't set the key.
//hmmm: check returns on these setters?
  EVP_CIPHER_CTX_set_key_length(session, _key_size);
  EVP_CIPHER_CTX_ctrl(session, EVP_CTRL_AEAD_SET_IVLEN, init_vector().length(), NULL);
  // and round and round we go...
  initret = EVP_EncryptInit_ex(session, NULL_POINTER, NULL_POINTER, _key->observe(), init_vector().observe());
  if (!initret) {
    // zero means a failure of the initialization.
    ALWAYS_LOG(a_sprintf("second phase failure in calling EVP_EncryptInit_ex, with error %s", GET_SSL_ERROR()));
    exit(1);
  }
 
  // allocate temporary space for encrypted data.
  byte_array encoded(source.length() + FUDGE);
 
  // encrypt the entire source buffer.
  int encoded_len = 0;
  int enc_ret = EVP_EncryptUpdate(session, encoded.access(), &encoded_len,
      source.observe(), source.length());
  if (enc_ret != 1) {
    deadly_error(class_name(), func, a_sprintf("encryption failed, "
        "result=%d with error=%s.", enc_ret, GET_SSL_ERROR()));
    to_return = false;
  } else {
    // chop any extra space off.
    LOG(a_sprintf("  chopping extra bytes %d to %d.", encoded_len, encoded.last()));
    encoded.zap(encoded_len, encoded.last());
    target = encoded;
  }
 
  // only add padding if we succeeded with the encryption.
  if (enc_ret == 1) {
    // finalize the encryption.
    encoded.reset(FUDGE);  // reinflate for padding.
    int pad_len = 0;
    enc_ret = EVP_EncryptFinal_ex(session, encoded.access(), &pad_len);
    if (enc_ret != 1) {
      deadly_error(class_name(), func, a_sprintf("finalizing encryption "
          "failed, result=%d with error=%s.", enc_ret, GET_SSL_ERROR()));
      to_return = false;
    } else {
      LOG(a_sprintf("  padding added %d bytes.", pad_len));
      encoded.zap(pad_len, encoded.last());
      target += encoded;
    }
  }
 
  EVP_CIPHER_CTX_cleanup(session);
  EVP_CIPHER_CTX_free(session);
ALWAYS_LOG("<<encrypt<<");
  return to_return;
}
 
bool blowfish_crypto::decrypt(const byte_array &source,
    byte_array &target) const
{
  FUNCDEF("decrypt");
ALWAYS_LOG(">>decrypt>>");
  target.reset();
  if (!_key->length() || !source.length()) return false;
  bool to_return = true;
  EVP_CIPHER_CTX *session = EVP_CIPHER_CTX_new();
  EVP_CIPHER_CTX_init(session);
  LOG(a_sprintf("  using key size with %d bits.", _key_size));
  int initret = EVP_DecryptInit_ex(session, EVP_bf_cbc(), NULL_POINTER, NULL_POINTER, NULL_POINTER);
  if (!initret) {
    // zero means a failure of the initialization.
//hmmm: below approach is called a deadly error.  use that instead, throughout.
    ALWAYS_LOG(a_sprintf("failure in calling EVP_DecryptInit_ex, with error %s", GET_SSL_ERROR()));
    exit(1);
  }
  // more fancy fupwork.
//hmmm: check returns on these setters?
  EVP_CIPHER_CTX_set_key_length(session, _key_size);
  EVP_CIPHER_CTX_ctrl(session, EVP_CTRL_AEAD_SET_IVLEN, init_vector().length(), NULL);
  initret = EVP_DecryptInit_ex(session, NULL_POINTER, NULL_POINTER, _key->observe(), init_vector().observe());
  if (!initret) {
    // zero means a failure of the initialization.
    ALWAYS_LOG(a_sprintf("second phase failure in calling EVP_DecryptInit_ex, with error %s", GET_SSL_ERROR()));
    exit(1);
  }
 
  // allocate enough space for decoded bytes.
  byte_array decoded(source.length() + FUDGE);
 
  int decoded_len = 0;
  int dec_ret = EVP_DecryptUpdate(session, decoded.access(), &decoded_len,
      source.observe(), source.length());
  if (dec_ret != 1) {
    deadly_error(class_name(), func, a_sprintf("decryption failed with error=%s", GET_SSL_ERROR()));
    to_return = false;
  } else {
    LOG(a_sprintf("  first part decrypted size in bytes is %d.", decoded_len));
    decoded.zap(decoded_len, decoded.last());
    target = decoded;
  }
 
  // only process padding if the first part of decryption succeeded.
  if (dec_ret == 1) {
    decoded.reset(FUDGE);  // reinflate for padding.
    int pad_len = 0;
    dec_ret = EVP_DecryptFinal_ex(session, decoded.access(), &pad_len);
    if (dec_ret != 1) {
      deadly_error(class_name(), func, a_sprintf("finalizing decryption "
          "failed, result=%d, padlen=%d, target had %d bytes, error=%s.", dec_ret,
          pad_len, target.length(), GET_SSL_ERROR()));
      to_return = false;
    } else {
      LOG(a_sprintf("  padding added %d bytes.", pad_len));
      decoded.zap(pad_len, decoded.last());
      target += decoded;
    }
  }
 
  EVP_CIPHER_CTX_cleanup(session);
  EVP_CIPHER_CTX_free(session);
ALWAYS_LOG("<<decrypt<<");
  return to_return;
}
 
} //namespace.