Provides various block and stream cipher algorithms and two crypto-secure hash algorithms.
Cryptographic Library (libmodcrypt.a)
#include <xcrypt.h>
int xcrypt_key_setup (alg, key, keymat, keysize, dir)
int alg;
xcrypt_key *key;
u_char *keymat;
int keysize;
int dir;
int xcrypt_encrypt (alg, mode, key, IV, in, insize, out, padding)
int alg;
int mode;
xcrypt_key *key;
u_char *IV;
u_char *in;
int insize;
u_char *out;
int padding;
int xcrypt_decrypt (alg, mode, key, IV, in, insize, out, padding)
int alg;
int mode;
xcrypt_key *key;
u_char *IV;
u_char *in;
int insize;
u_char *out;
int padding;
int xcrypt_hash (alg, in, insize, out)
int alg;
u_char *in;
int insize;
u_char *out;
int xcrypt_malloc (pp, size, blocksize)
uchar **pp;
int size;
int blocksize;
void xcrypt_free (p, size)
void *p;
int size;
void xcrypt_printb (p, size)
void *p;
int size;
int xcrypt_mac (alg, key, in, insize, mac)
int alg;
xcrypt_key *key;
u_char *in;
int insize;
u_char *mac;
int xcrypt_hmac (alg, key, in, insize, out)
int alg;
xcrypt_key *key;
u_char *in;
int insize;
u_char *out;
int xcrypt_sign (alg, key, in, insize, sig)
int alg;
xcrypt_key *key;
u_char *in;
int insize;
u_char *sig;
int xcrypt_verify (alg, key, in, insize, sig, sigsize)
int alg;
xcrypt_key *key;
u_char *in;
int insize;
u_char *sig;
int sigsize;
int xcrypt_dh_keygen (dh_pk, keysize)
void **dh_pk;
int keysize;
int xcrypt_dh (dh_pk, in, out)
void dh_pk;
u_char *in;u_char *out;
void xcrypt_btoa (dest, buff, size)
char *dest;
void *buff;
int size;
void xcrypt_randbuff (dest, size)
void *dest;
int size;
These subroutines provide block and stream cipher algorithms, plus two crypto-secure hash algorithms. Encryption may be done through the Rijndael, Mars, and Twofish block ciphers or the SEAL stream cipher. Each of these algorithms uses a use a block length of 128 bits and key lengths of 128, 192 and 256 bits. SEAL is a stream cipher that uses a 160 bit key and a 32 bit word input stream. In addition, the MD5 and SHA-1 cryptographic hash algorithms are included.
The libmodcrypt.a library and associated headers are available through the Expansion Pack.
The xcrypt_key_setup subroutine is used to setup a key schedule for any of the block cipher algorithms. It stores the key schedule in the xcrypt_key data structure that is passed in. If key scheduling is done for HMAC, set the dir parameter of xcrypt_key_setup to NULL. Note that when using the Twofish method, the keymat parameter should also be set to NULL. The xcrypt_key_setup subroutine expects the keymat pointer to point to a PKCS#8 object when used with public key encryption. Then the keysize parameter indicates the size of the PCKS#8 object, not the size of the key.
The xcrypt_encrypt subroutine encrypts a buffer. Data can be encrypted using the CBC mode (Cipher Block Chaining), EBC mode (Electronic Codebook) or CBF1 mode. Note that when EBC mode is being used, no initalization vector is required.
The xcrypt_decrypt subroutine decrypts a buffer. Data can be encrypted using the CBC mode (Cipher Block Chaining), EBC mode (Electronic Codebook) or CBF1 mode. If the xcrypt_encrypt subroutine is called with padding on, the xcrypt_decrypt subroutine must also be called with padding on. It is the caller's responsibility to determine whether padding is used. Note that when EBC mode is being used, no initalization vector is required.
The xcrypt_hash subroutine hashes a buffer using either the MD5 or SHA-1 algorithm.
The xcrypt_malloc subroutine dynamically allocates the least size bytes of memory to provide blocks of blocksize bytes. For example, if size is 105 and blocksize is 10, the xcrypt_malloc subroutine will return at least 110 bytes of memory (11 blocks, each 10 bytes in size). The xcrypt_malloc subroutine should be used when you need xcrypt to pad buffers. It will make sure that enough memory is allocated for the data to be encrypted, plus the padding.
The xcrypt_free subroutine overwrites and frees dynamically allocated memory.
The xcrypt_printb subroutine prints a buffer to the screen in hexadecimal notation.
The xcrypt_mac subroutine provides the caller with a Message Authentication Code (MAC). DES is the only algorithm that is supported.
The xcrypt_hmac subroutine provides the caller with a Hashed Message Authentication Code (HMAC). The algorithm used is MD5 or SHA-1.
The xcrypt_sign subroutine allows the caller to sign data using public key mechanisms.
The xcrypt_verify subroutine allows the caller to verify private key signatures.
The xcrypt_dh_keygen subroutine returns the private key object to be used in Diffie Helman key agreement. The dh parameter should point to NULL. The keysize parameter can be KEY_512, KEY_1024, or KEY_2048.
The xcrypt_dh subroutine allows the caller to execute the two steps to compute a shared secret through the Diffie-Hellman key agreement algorithm. If in is NULL, then out contains the public shared object to be transmitted to the other party involved in the key agreement. Otherwise, in points to the public shared object received from another party, and out points to the shared private key.
The xcrypt_btoa subroutine returns a string representing the buffer in hexadecimal. Note that the dest parameter must point to a buffer of size * 2 + 1.
The xcrypt_randbuff subroutine fills a buffer with random data.
Item | Description |
---|---|
alg | Specifies the cipher to use. Use the symbolic
constants that are described below:
|
key | Points to the key instance to set up. Use for encryption or decryption. |
keymat | Points to the key material used to build the key schedule. |
keysize | Size of the keymat parameter. Use the
symbolic constants described below:
|
dir | The direction (encryption or decryption). Use
the symbolic constants described below:
|
mode | Specifies the mode of operation. Use the symbolic
constants described below:
|
IV | Points to the buffer holding the initialization
vector. Note: When using ECB mode, the IV parameter should
point to NULL.
|
in | Points to the buffer holding the data to encrypt, decrypt, or hash. |
insize | Contains the size of the in parameter. |
mac | Points to an output buffer that will hold the MAC. |
out | Points to a preallocated output buffer. |
padding | Specifies whether xcrypt should pad the
buffers or not. Use the symbolic constants described below:
|
pp | A double pointer to the destination. |
sig | Points to an output buffer that holds the RSA signature. |
sigsize | The size of sig in bytes. |
size | Contains the amount of memory to allocate, deallocate, print the contents of, or convert to a string. |
blocksize | Contains the size of the blocks. Use the symbolic
constants described below:
|
p | Points to the memory to overwrite and free. |
buff | Points to a buffer to print or convert to a string. |
dest | Points to a preallocated destination buffer. |
dh_pk | Refers to the private key object to be passed to xcrypt_dh. The private key object is obtained by calling xcrypt_dh_keygen before calling xcryp. |
The xcrypt_key_setup, xcrypt_hash and xcrypt_dh_keygen subroutines return 0 on success. The xcrypt_malloc subroutine returns the amount of memory allocated on success. The xcrypt_encrypt subroutine returns the amount of data encrypted on success. The xcrypt_decrypt subroutine returns the amount of data decrypted on success.
Upon success, the xcrypt_mac subroutine returns the size of mac in bytes; the xcrypt_hmac subroutine returns the size of hashed mac in bytes; the xcrypt_sig subroutine returns the size of signature; and the xcrypt_dh subroutine returns the number of bytes written to out. The xcrypt_verify subroutine returns a value of 1 to indicate successful signal verification.
On failure the above subroutines return the following error codes:
Item | Description |
---|---|
BAD_ALIGN32 | A parameter is not aligned on a 32 bit boundary. |
BAD_KEY_DIR | The dir parameter is not valid |
BAD_KEY_INSTANCE | The key parameter is not valid |
BAD_KEY_MAT | The keysize parameter is not valid or the key parameter is corrupt. |
Item | Description |
---|---|
BAD_ALG | The alg parameter is not valid. |
BAD_CIPHER_MODE | The mode parameter is not valid. |
BAD_CIPHER_STATE | The key parameter is not valid. |
BAD_INPUT_LEN | The insize parameter is not a multiple of of the blocksize being used by a block cipher for encryption or decryption. |
BAD_IV | The IV parameter is set to NULL when the mode parameter is set to MODE_CBC. |
BAD_IV_MAT | The IV parameter is not valid. |
BAD_KEY_INSTANCE | The key parameter is not valid. |
Item | Description |
---|---|
BAD_ALG | The alg parameter is not valid. |
BAD_CIPHER_MODE | The mode parameter is not valid. |
BAD_CIPHER_STATE | The key parameter is not valid. |
BAD_INPUT_LEN | The insize parameter is not a multiple of of the blocksize being used by a block cipher for encryption or decryption. |
BAD_IV | The IV parameter is set to NULL when the mode parameter is set to MODE_CBC. |
BAD_IV_MAT | The IV parameter is not valid. |
BAD_KEY_INSTANCE | The key parameter is not valid. |
Item | Description |
---|---|
BAD_ALG | The alg parameter is not valid. |
Item | Description |
---|---|
BAD_MEM_ALLOC | The system could not allocate size bytes. |