xcrypt_key_setup, xcrypt_encrypt, xcrypt_decrypt, xcrypt_hash, xcrypt_malloc, xcrypt_free, xcrypt_printb, xcrypt_mac, xcrypt_hmac, xcrypt_sign, xcrypt_verify, xcrypt_dh_keygen, xcrypt_dh, xcrypt_btoa and xcrypt_randbuff Subroutine

Purpose

Provides various block and stream cipher algorithms and two crypto-secure hash algorithms.

Library

Cryptographic Library (libmodcrypt.a)

Syntax

#include <xcrypt.h>

int xcrypt_key_setup (alg, key, keymat, keysize, dir) 
int alg;
xcrypt_key *key;
u_char *keymat;
int keysize;
int dir;
int xcrypt_encrypt (alg, mode, key, IV, in, insize, out, padding) 
int alg;
int mode;
xcrypt_key *key;
u_char *IV;
u_char *in;
int insize;
u_char *out;
int padding;
int xcrypt_decrypt (alg, mode, key, IV, in, insize, out, padding) 
int alg;
int mode;
xcrypt_key *key;
u_char *IV;
u_char *in;
int insize;
u_char *out;
int padding;
int xcrypt_hash (alg, in, insize, out) 
int alg;
u_char *in;
int insize;
u_char *out;
int xcrypt_malloc (pp, size, blocksize) 
uchar **pp;
int size;
int blocksize;
void xcrypt_free (p, size) 
void *p;
int size;
void xcrypt_printb (p, size) 
void *p;
int size;
int xcrypt_mac (alg, key, in, insize, mac) 
int alg;
xcrypt_key *key;
u_char *in;
int insize;
u_char *mac;
int xcrypt_hmac (alg, key, in, insize, out) 
int alg;
xcrypt_key *key;
u_char *in;
int insize;
u_char *out;
int xcrypt_sign (alg, key, in, insize, sig) 
int alg;
xcrypt_key *key;
u_char *in;
int insize;
u_char *sig;
int xcrypt_verify (alg, key, in, insize, sig, sigsize) 
int alg;
xcrypt_key *key;
u_char *in;
int insize;
u_char *sig;
int sigsize;
int xcrypt_dh_keygen (dh_pk, keysize) 
void **dh_pk;
int keysize;
int xcrypt_dh (dh_pk, in, out) 
void dh_pk;
u_char *in;u_char *out;
void xcrypt_btoa (dest, buff, size) 
char *dest;
void *buff;
int size;
void xcrypt_randbuff (dest, size) 
void *dest;
int size;

Description

These subroutines provide block and stream cipher algorithms, plus two crypto-secure hash algorithms. Encryption may be done through the Rijndael, Mars, and Twofish block ciphers or the SEAL stream cipher. Each of these algorithms uses a use a block length of 128 bits and key lengths of 128, 192 and 256 bits. SEAL is a stream cipher that uses a 160 bit key and a 32 bit word input stream. In addition, the MD5 and SHA-1 cryptographic hash algorithms are included.

The libmodcrypt.a library and associated headers are available through the Expansion Pack.

The xcrypt_key_setup subroutine is used to setup a key schedule for any of the block cipher algorithms. It stores the key schedule in the xcrypt_key data structure that is passed in. If key scheduling is done for HMAC, set the dir parameter of xcrypt_key_setup to NULL. Note that when using the Twofish method, the keymat parameter should also be set to NULL. The xcrypt_key_setup subroutine expects the keymat pointer to point to a PKCS#8 object when used with public key encryption. Then the keysize parameter indicates the size of the PCKS#8 object, not the size of the key.

The xcrypt_encrypt subroutine encrypts a buffer. Data can be encrypted using the CBC mode (Cipher Block Chaining), EBC mode (Electronic Codebook) or CBF1 mode. Note that when EBC mode is being used, no initalization vector is required.

The xcrypt_decrypt subroutine decrypts a buffer. Data can be encrypted using the CBC mode (Cipher Block Chaining), EBC mode (Electronic Codebook) or CBF1 mode. If the xcrypt_encrypt subroutine is called with padding on, the xcrypt_decrypt subroutine must also be called with padding on. It is the caller's responsibility to determine whether padding is used. Note that when EBC mode is being used, no initalization vector is required.

The xcrypt_hash subroutine hashes a buffer using either the MD5 or SHA-1 algorithm.

The xcrypt_malloc subroutine dynamically allocates the least size bytes of memory to provide blocks of blocksize bytes. For example, if size is 105 and blocksize is 10, the xcrypt_malloc subroutine will return at least 110 bytes of memory (11 blocks, each 10 bytes in size). The xcrypt_malloc subroutine should be used when you need xcrypt to pad buffers. It will make sure that enough memory is allocated for the data to be encrypted, plus the padding.

The xcrypt_free subroutine overwrites and frees dynamically allocated memory.

The xcrypt_printb subroutine prints a buffer to the screen in hexadecimal notation.

The xcrypt_mac subroutine provides the caller with a Message Authentication Code (MAC). DES is the only algorithm that is supported.

The xcrypt_hmac subroutine provides the caller with a Hashed Message Authentication Code (HMAC). The algorithm used is MD5 or SHA-1.

The xcrypt_sign subroutine allows the caller to sign data using public key mechanisms.

The xcrypt_verify subroutine allows the caller to verify private key signatures.

The xcrypt_dh_keygen subroutine returns the private key object to be used in Diffie Helman key agreement. The dh parameter should point to NULL. The keysize parameter can be KEY_512, KEY_1024, or KEY_2048.

The xcrypt_dh subroutine allows the caller to execute the two steps to compute a shared secret through the Diffie-Hellman key agreement algorithm. If in is NULL, then out contains the public shared object to be transmitted to the other party involved in the key agreement. Otherwise, in points to the public shared object received from another party, and out points to the shared private key.

The xcrypt_btoa subroutine returns a string representing the buffer in hexadecimal. Note that the dest parameter must point to a buffer of size * 2 + 1.

The xcrypt_randbuff subroutine fills a buffer with random data.

Parameters

Item Description
alg Specifies the cipher to use. Use the symbolic constants that are described below:
RIJNDAEL
Rijndael (AES) block cipher. Supports key sizes of 128, 192, and 256 bits.
MARS
Mars block cipher. Supports key sizes of 128, 192, and 256 bits.
TWOFISH
Twofish block cipher. Supports key sizes of 128, 192, and 256 bits.
SEAL
SEAL stream cipher. Supports key sizes of 128, 192, and 256 bits.
SHA1
SHA-1 one-way hash function. Arbitrary lengths are permitted.
MD5
MD5 one-way hash function. Arbitrary lengths are permitted.
DES
Data Encryption Standard. Supports key sizes of 64 bits.
TDES
Triple Data Encryption Standard. Supports key sizes of 64 and 128 bits.
MAC_DES
Message Authentication Code using the DES algorithm. Supports key sizes of 64 bits.
CAST5
CAST encryption algorithm. Supports key sizes of 40, 80, and 128 bits.
RSA
Rivest, Shamir Adleman. The keysize passed to xcrypt_key_setup should be the size of the PKCS#8 object.
DSA
Digital Signature Algorithm. The keysize passed to xcrypt_key_setup should be the size of the PKCS#8 object.
key Points to the key instance to set up. Use for encryption or decryption.
keymat Points to the key material used to build the key schedule.
keysize Size of the keymat parameter. Use the symbolic constants described below:
KEY_64
64 bit key
KEY_80
80 bit key
KEY_128
128 bit key
KEY_192
192 bit key
KEY_256
256 bit key
dir The direction (encryption or decryption). Use the symbolic constants described below:
DIR_ENCRYPT
Encrypt
DIR_DECRYPT
Decrypt
mode Specifies the mode of operation. Use the symbolic constants described below:
MODE_ECB
Ciphering in ECB mode
MODE_CBC
Ciphering in CBC mode
MODE_CFB1
Ciphering in 1-bit CFB mode
IV Points to the buffer holding the initialization vector.
Note: When using ECB mode, the IV parameter should point to NULL.
in Points to the buffer holding the data to encrypt, decrypt, or hash.
insize Contains the size of the in parameter.
mac Points to an output buffer that will hold the MAC.
out Points to a preallocated output buffer.
padding Specifies whether xcrypt should pad the buffers or not. Use the symbolic constants described below:
TRUE
True
FALSE
False
pp A double pointer to the destination.
sig Points to an output buffer that holds the RSA signature.
sigsize The size of sig in bytes.
size Contains the amount of memory to allocate, deallocate, print the contents of, or convert to a string.
blocksize Contains the size of the blocks. Use the symbolic constants described below:
BITS_32
32 bits
BITS_80
80 bits
BITS_128
128 bits
BITS_160
160 bits
BITS_192
192 bits
BITS_256
256 bits
DES_BLOCKSIZE
64 bits
p Points to the memory to overwrite and free.
buff Points to a buffer to print or convert to a string.
dest Points to a preallocated destination buffer.
dh_pk Refers to the private key object to be passed to xcrypt_dh. The private key object is obtained by calling xcrypt_dh_keygen before calling xcryp.

Return Values

The xcrypt_key_setup, xcrypt_hash and xcrypt_dh_keygen subroutines return 0 on success. The xcrypt_malloc subroutine returns the amount of memory allocated on success. The xcrypt_encrypt subroutine returns the amount of data encrypted on success. The xcrypt_decrypt subroutine returns the amount of data decrypted on success.

Upon success, the xcrypt_mac subroutine returns the size of mac in bytes; the xcrypt_hmac subroutine returns the size of hashed mac in bytes; the xcrypt_sig subroutine returns the size of signature; and the xcrypt_dh subroutine returns the number of bytes written to out. The xcrypt_verify subroutine returns a value of 1 to indicate successful signal verification.

On failure the above subroutines return the following error codes:

Error Codes

xcrypt_key_setup:
Item Description
BAD_ALIGN32 A parameter is not aligned on a 32 bit boundary.
BAD_KEY_DIR The dir parameter is not valid
BAD_KEY_INSTANCE The key parameter is not valid
BAD_KEY_MAT The keysize parameter is not valid or the key parameter is corrupt.
xcrypt_encrypt:
Item Description
BAD_ALG The alg parameter is not valid.
BAD_CIPHER_MODE The mode parameter is not valid.
BAD_CIPHER_STATE The key parameter is not valid.
BAD_INPUT_LEN The insize parameter is not a multiple of of the blocksize being used by a block cipher for encryption or decryption.
BAD_IV The IV parameter is set to NULL when the mode parameter is set to MODE_CBC.
BAD_IV_MAT The IV parameter is not valid.
BAD_KEY_INSTANCE The key parameter is not valid.
xcrypt_decrypt:
Item Description
BAD_ALG The alg parameter is not valid.
BAD_CIPHER_MODE The mode parameter is not valid.
BAD_CIPHER_STATE The key parameter is not valid.
BAD_INPUT_LEN The insize parameter is not a multiple of of the blocksize being used by a block cipher for encryption or decryption.
BAD_IV The IV parameter is set to NULL when the mode parameter is set to MODE_CBC.
BAD_IV_MAT The IV parameter is not valid.
BAD_KEY_INSTANCE The key parameter is not valid.
xcrypt_hash:
Item Description
BAD_ALG The alg parameter is not valid.
xcrypt_malloc:
Item Description
BAD_MEM_ALLOC The system could not allocate size bytes.