xcrypt_key_setup, xcrypt_encrypt, xcrypt_decrypt, xcrypt_hash, xcrypt_malloc, xcrypt_free, xcrypt_printb, xcrypt_mac, xcrypt_hmac, xcrypt_sign, xcrypt_verify, xcrypt_dh_keygen, xcrypt_dh, xcrypt_btoa and xcrypt_randbuff Subroutine

Purpose

Provides various block and stream cipher algorithms and two crypto-secure hash algorithms.

Library

Cryptographic Library (libmodcrypt.a)

Syntax

#include <xcrypt.h>

int xcrypt_key_setup (alg, key, keymat, keysize, dir) 
int alg;
xcrypt_key *key;
u_char *keymat;
int keysize;
int dir;

int xcrypt_encrypt (alg, mode, key, IV, in, insize, out, padding) 
int alg;
int mode;
xcrypt_key *key;
u_char *IV;
u_char *in;
int insize;
u_char *out;
int padding;

int xcrypt_decrypt (alg, mode, key, IV, in, insize, out, padding) 
int alg;
int mode;
xcrypt_key *key;
u_char *IV;
u_char *in;
int insize;
u_char *out;
int padding;

int xcrypt_hash (alg, in, insize, out) 
int alg;
u_char *in;
int insize;
u_char *out;

int xcrypt_malloc (pp, size, blocksize) 
uchar **pp;
int size;
int blocksize;

void xcrypt_free (p, size) 
void *p;
int size;

void xcrypt_printb (p, size) 
void *p;
int size;

int xcrypt_mac (alg, key, in, insize, mac) 
int alg;
xcrypt_key *key;
u_char *in;
int insize;
u_char *mac;

int xcrypt_hmac (alg, key, in, insize, out) 
int alg;
xcrypt_key *key;
u_char *in;
int insize;
u_char *out;

int xcrypt_sign (alg, key, in, insize, sig) 
int alg;
xcrypt_key *key;
u_char *in;
int insize;
u_char *sig;

int xcrypt_verify (alg, key, in, insize, sig, sigsize) 
int alg;
xcrypt_key *key;
u_char *in;
int insize;
u_char *sig;
int sigsize;

int xcrypt_dh_keygen (dh_pk, keysize) 
void **dh_pk;
int keysize;

int xcrypt_dh (dh_pk, in, out) 
void dh_pk;
u_char *in;u_char *out;

void xcrypt_btoa (dest, buff, size) 
char *dest;
void *buff;
int size;

void xcrypt_randbuff (dest, size) 
void *dest;
int size;

Description

These subroutines provide block and stream cipher algorithms, plus two crypto-secure hash algorithms. Encryption may be done through the Rijndael, Mars, and Twofish block ciphers or the SEAL stream cipher. Each of these algorithms uses a use a block length of 128 bits and key lengths of 128, 192 and 256 bits. SEAL is a stream cipher that uses a 160 bit key and a 32 bit word input stream. In addition, the MD5 and SHA-1 cryptographic hash algorithms are included.

The libmodcrypt.a library and associated headers are available through the Expansion Pack.

The xcrypt_key_setup subroutine is used to setup a key schedule for any of the block cipher algorithms. It stores the key schedule in the xcrypt_key data structure that is passed in. If key scheduling is done for HMAC, set the dir parameter of xcrypt_key_setup to NULL. Note that when using the Twofish method, the keymat parameter should also be set to NULL. The xcrypt_key_setup subroutine expects the keymat pointer to point to a PKCS#8 object when used with public key encryption. Then the keysize parameter indicates the size of the PCKS#8 object, not the size of the key.

The xcrypt_encrypt subroutine encrypts a buffer. Data can be encrypted using the CBC mode (Cipher Block Chaining), EBC mode (Electronic Codebook) or CBF1 mode. Note that when EBC mode is being used, no initalization vector is required.

The xcrypt_decrypt subroutine decrypts a buffer. Data can be encrypted using the CBC mode (Cipher Block Chaining), EBC mode (Electronic Codebook) or CBF1 mode. If the xcrypt_encrypt subroutine is called with padding on, the xcrypt_decrypt subroutine must also be called with padding on. It is the caller's responsibility to determine whether padding is used. Note that when EBC mode is being used, no initalization vector is required.

The xcrypt_hash subroutine hashes a buffer using either the MD5 or SHA-1 algorithm.

The xcrypt_malloc subroutine dynamically allocates the least size bytes of memory to provide blocks of blocksize bytes. For example, if size is 105 and blocksize is 10, the xcrypt_malloc subroutine will return at least 110 bytes of memory (11 blocks, each 10 bytes in size). The xcrypt_malloc subroutine should be used when you need xcrypt to pad buffers. It will make sure that enough memory is allocated for the data to be encrypted, plus the padding.

The xcrypt_free subroutine overwrites and frees dynamically allocated memory.

The xcrypt_printb subroutine prints a buffer to the screen in hexadecimal notation.

The xcrypt_mac subroutine provides the caller with a Message Authentication Code (MAC). DES is the only algorithm that is supported.

The xcrypt_hmac subroutine provides the caller with a Hashed Message Authentication Code (HMAC). The algorithm used is MD5 or SHA-1.

The xcrypt_sign subroutine allows the caller to sign data using public key mechanisms.

The xcrypt_verify subroutine allows the caller to verify private key signatures.

The xcrypt_dh_keygen subroutine returns the private key object to be used in Diffie Helman key agreement. The dh parameter should point to NULL. The keysize parameter can be KEY_512, KEY_1024, or KEY_2048.

The xcrypt_dh subroutine allows the caller to execute the two steps to compute a shared secret through the Diffie-Hellman key agreement algorithm. If in is NULL, then out contains the public shared object to be transmitted to the other party involved in the key agreement. Otherwise, in points to the public shared object received from another party, and out points to the shared private key.

The xcrypt_btoa subroutine returns a string representing the buffer in hexadecimal. Note that the dest parameter must point to a buffer of size * 2 + 1.

The xcrypt_randbuff subroutine fills a buffer with random data.

Parameters

Item	Description
alg	Specifies the cipher to use. Use the symbolic constants that are described below: RIJNDAEL Rijndael (AES) block cipher. Supports key sizes of 128, 192, and 256 bits. MARS Mars block cipher. Supports key sizes of 128, 192, and 256 bits. TWOFISH Twofish block cipher. Supports key sizes of 128, 192, and 256 bits. SEAL SEAL stream cipher. Supports key sizes of 128, 192, and 256 bits. SHA1 SHA-1 one-way hash function. Arbitrary lengths are permitted. MD5 MD5 one-way hash function. Arbitrary lengths are permitted. DES Data Encryption Standard. Supports key sizes of 64 bits. TDES Triple Data Encryption Standard. Supports key sizes of 64 and 128 bits. MAC_DES Message Authentication Code using the DES algorithm. Supports key sizes of 64 bits. CAST5 CAST encryption algorithm. Supports key sizes of 40, 80, and 128 bits. RSA Rivest, Shamir Adleman. The keysize passed to xcrypt_key_setup should be the size of the PKCS#8 object. DSA Digital Signature Algorithm. The keysize passed to xcrypt_key_setup should be the size of the PKCS#8 object.
key	Points to the key instance to set up. Use for encryption or decryption.
keymat	Points to the key material used to build the key schedule.
keysize	Size of the keymat parameter. Use the symbolic constants described below: KEY_64 64 bit key KEY_80 80 bit key KEY_128 128 bit key KEY_192 192 bit key KEY_256 256 bit key
dir	The direction (encryption or decryption). Use the symbolic constants described below: DIR_ENCRYPT Encrypt DIR_DECRYPT Decrypt
mode	Specifies the mode of operation. Use the symbolic constants described below: MODE_ECB Ciphering in ECB mode MODE_CBC Ciphering in CBC mode MODE_CFB1 Ciphering in 1-bit CFB mode
IV	Points to the buffer holding the initialization vector. Note: When using ECB mode, the IV parameter should point to NULL.
in	Points to the buffer holding the data to encrypt, decrypt, or hash.
insize	Contains the size of the in parameter.
mac	Points to an output buffer that will hold the MAC.
out	Points to a preallocated output buffer.
padding	Specifies whether xcrypt should pad the buffers or not. Use the symbolic constants described below: TRUE True FALSE False
pp	A double pointer to the destination.
sig	Points to an output buffer that holds the RSA signature.
sigsize	The size of sig in bytes.
size	Contains the amount of memory to allocate, deallocate, print the contents of, or convert to a string.
blocksize	Contains the size of the blocks. Use the symbolic constants described below: BITS_32 32 bits BITS_80 80 bits BITS_128 128 bits BITS_160 160 bits BITS_192 192 bits BITS_256 256 bits DES_BLOCKSIZE 64 bits
p	Points to the memory to overwrite and free.
buff	Points to a buffer to print or convert to a string.
dest	Points to a preallocated destination buffer.
dh_pk	Refers to the private key object to be passed to xcrypt_dh. The private key object is obtained by calling xcrypt_dh_keygen before calling xcryp.

Return Values

The xcrypt_key_setup, xcrypt_hash and xcrypt_dh_keygen subroutines return 0 on success. The xcrypt_malloc subroutine returns the amount of memory allocated on success. The xcrypt_encrypt subroutine returns the amount of data encrypted on success. The xcrypt_decrypt subroutine returns the amount of data decrypted on success.

Upon success, the xcrypt_mac subroutine returns the size of mac in bytes; the xcrypt_hmac subroutine returns the size of hashed mac in bytes; the xcrypt_sig subroutine returns the size of signature; and the xcrypt_dh subroutine returns the number of bytes written to out. The xcrypt_verify subroutine returns a value of 1 to indicate successful signal verification.

On failure the above subroutines return the following error codes:

Error Codes

xcrypt_key_setup:

Item	Description
BAD_ALIGN32	A parameter is not aligned on a 32 bit boundary.
BAD_KEY_DIR	The dir parameter is not valid
BAD_KEY_INSTANCE	The key parameter is not valid
BAD_KEY_MAT	The keysize parameter is not valid or the key parameter is corrupt.

xcrypt_encrypt:

Item	Description
BAD_ALG	The alg parameter is not valid.
BAD_CIPHER_MODE	The mode parameter is not valid.
BAD_CIPHER_STATE	The key parameter is not valid.
BAD_INPUT_LEN	The insize parameter is not a multiple of of the blocksize being used by a block cipher for encryption or decryption.
BAD_IV	The IV parameter is set to NULL when the mode parameter is set to MODE_CBC.
BAD_IV_MAT	The IV parameter is not valid.
BAD_KEY_INSTANCE	The key parameter is not valid.

xcrypt_decrypt:

Item	Description
BAD_ALG	The alg parameter is not valid.
BAD_CIPHER_MODE	The mode parameter is not valid.
BAD_CIPHER_STATE	The key parameter is not valid.
BAD_INPUT_LEN	The insize parameter is not a multiple of of the blocksize being used by a block cipher for encryption or decryption.
BAD_IV	The IV parameter is set to NULL when the mode parameter is set to MODE_CBC.
BAD_IV_MAT	The IV parameter is not valid.
BAD_KEY_INSTANCE	The key parameter is not valid.

xcrypt_hash:

Item	Description
BAD_ALG	The alg parameter is not valid.

xcrypt_malloc:

Item	Description
BAD_MEM_ALLOC	The system could not allocate size bytes.