split encrypt/decrypt functionality of crypto_cbc()
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 14 May 2009 19:03:39 +0000 (21:03 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 14 May 2009 19:04:49 +0000 (21:04 +0200)
src/pluto/crypto.c
src/pluto/crypto.h
src/pluto/demux.c
src/pluto/ipsec_doi.c

index b3bb3b5..cb28c16 100644 (file)
@@ -544,42 +544,6 @@ static void do_3des(u_int8_t *buf, size_t buf_len, u_int8_t *key,
                (des_cblock *)iv, enc);
 }
 
-void crypto_cbc_encrypt(const struct encrypt_desc *e, bool enc, u_int8_t *buf,
-                                               size_t size, struct state *st)
-{
-       chunk_t data = { buf, size };
-       chunk_t iv;
-    char *new_iv;
-       size_t crypter_block_size;
-       encryption_algorithm_t enc_alg;
-       crypter_t *crypter;
-
-       enc_alg = oakley_to_encryption_algorithm(e->algo_id);
-       crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, st->st_enc_key.len);
-       crypter->set_key(crypter, st->st_enc_key);
-       crypter_block_size = crypter->get_block_size(crypter);
-
-       /* form iv by truncation */
-       passert(st->st_new_iv_len >= crypter_block_size);
-       st->st_new_iv_len = crypter_block_size;
-       iv = chunk_create(st->st_new_iv, st->st_new_iv_len);
-
-       if (enc)
-       {
-               crypter->encrypt(crypter, data, iv, NULL);
-           new_iv = data.ptr + data.len - crypter_block_size;
-       }
-       else
-       {
-               new_iv = alloca(crypter_block_size);
-           memcpy(new_iv, data.ptr + data.len - crypter_block_size,
-                          crypter_block_size);
-               crypter->decrypt(crypter, data, iv, NULL);
-       }
-       crypter->destroy(crypter);
-    memcpy(st->st_new_iv, new_iv, crypter_block_size);
-}
-
 encryption_algorithm_t oakley_to_encryption_algorithm(int alg)
 {
        switch (alg)
index c07f695..8aecd41 100644 (file)
@@ -48,8 +48,6 @@ extern const struct oakley_group_desc oakley_group[OAKLEY_GROUP_SIZE];
 
 struct state;   /* forward declaration, dammit */
 
-void crypto_cbc_encrypt(const struct encrypt_desc *e, bool enc, u_int8_t *buf, size_t size, struct state *st);
-
 #define update_iv(st)   memcpy((st)->st_iv, (st)->st_new_iv \
        , (st)->st_iv_len = (st)->st_new_iv_len)
 
index fef9b98..53b44a0 100644 (file)
@@ -1780,9 +1780,17 @@ process_packet(struct msg_digest **mdp)
                 * the last phase 1 block, not the last block sent.
                 */
                {
-                       const struct encrypt_desc *e = st->st_oakley.encrypter;
+                       size_t crypter_block_size;
+                       encryption_algorithm_t enc_alg;
+                       crypter_t *crypter;
+                       chunk_t data, iv;
+                   char *new_iv;
 
-                       if (pbs_left(&md->message_pbs) % e->enc_blocksize != 0)
+                       enc_alg = oakley_to_encryption_algorithm(st->st_oakley.encrypt);
+                       crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, st->st_enc_key.len);
+                       crypter_block_size = crypter->get_block_size(crypter);
+
+                       if (pbs_left(&md->message_pbs) % crypter_block_size != 0)
                        {
                                loglog(RC_LOG_SERIOUS, "malformed message: not a multiple of encryption blocksize");
                                SEND_NOTIFICATION(PAYLOAD_MALFORMED);
@@ -1795,6 +1803,8 @@ process_packet(struct msg_digest **mdp)
                        md->raw_packet = chunk_create(md->packet_pbs.start, pbs_room(&md->packet_pbs));
                        md->raw_packet = chunk_clone(md->raw_packet);
 
+                       data = chunk_create(md->message_pbs.cur, pbs_left(&md->message_pbs));
+
                        /* Decrypt everything after header */
                        if (!new_iv_set)
                        {
@@ -1803,8 +1813,19 @@ process_packet(struct msg_digest **mdp)
                                st->st_new_iv_len = st->st_iv_len;
                                memcpy(st->st_new_iv, st->st_iv, st->st_new_iv_len);
                        }
-                       crypto_cbc_encrypt(e, FALSE, md->message_pbs.cur, 
-                                                       pbs_left(&md->message_pbs) , st);
+
+                       /* form iv by truncation */
+                       st->st_new_iv_len = crypter_block_size;
+                       iv = chunk_create(st->st_new_iv, st->st_new_iv_len);
+                       new_iv = alloca(crypter_block_size);
+                       memcpy(new_iv, data.ptr + data.len - crypter_block_size,
+                                  crypter_block_size);
+
+                       crypter->set_key(crypter, st->st_enc_key);      
+                       crypter->decrypt(crypter, data, iv, NULL);
+                       crypter->destroy(crypter);
+
+               memcpy(st->st_new_iv, new_iv, crypter_block_size);
                        if (restore_iv)
                        {
                                memcpy(st->st_new_iv, new_iv, new_iv_len);
index 8bc1eb2..69ceb17 100644 (file)
@@ -1857,18 +1857,25 @@ static notification_t accept_nonce(struct msg_digest *md, chunk_t *dest,
 bool
 encrypt_message(pb_stream *pbs, struct state *st)
 {
-       const struct encrypt_desc *e = st->st_oakley.encrypter;
        u_int8_t *enc_start = pbs->start + sizeof(struct isakmp_hdr);
        size_t enc_len = pbs_offset(pbs) - sizeof(struct isakmp_hdr);
+       chunk_t data, iv;
+    char *new_iv;
+       size_t crypter_block_size;
+       encryption_algorithm_t enc_alg;
+       crypter_t *crypter;
 
        DBG_cond_dump(DBG_CRYPT | DBG_RAW, "encrypting:\n", enc_start, enc_len);
+       enc_alg = oakley_to_encryption_algorithm(st->st_oakley.encrypt);
+       crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, st->st_enc_key.len);
+       crypter_block_size = crypter->get_block_size(crypter);
 
        /* Pad up to multiple of encryption blocksize.
         * See the description associated with the definition of
         * struct isakmp_hdr in packet.h.
         */
        {
-               size_t padding = pad_up(enc_len, e->enc_blocksize);
+               size_t padding = pad_up(enc_len, crypter_block_size);
 
                if (padding != 0)
                {
@@ -1879,10 +1886,18 @@ encrypt_message(pb_stream *pbs, struct state *st)
        }
 
        DBG(DBG_CRYPT, DBG_log("encrypting using %s", enum_show(&oakley_enc_names, st->st_oakley.encrypt)));
+       data = chunk_create(enc_start, enc_len);
 
-       /* e->crypt(TRUE, enc_start, enc_len, st); */
-       crypto_cbc_encrypt(e, TRUE, enc_start, enc_len, st);
+       /* form iv by truncation */
+       st->st_new_iv_len = crypter_block_size;
+       iv = chunk_create(st->st_new_iv, st->st_new_iv_len);
 
+       crypter->set_key(crypter, st->st_enc_key);
+       crypter->encrypt(crypter, data, iv, NULL);
+       crypter->destroy(crypter);
+       new_iv = data.ptr + data.len - crypter_block_size;
+       memcpy(st->st_new_iv, new_iv, crypter_block_size);
        update_iv(st);
        DBG_cond_dump(DBG_CRYPT, "next IV:", st->st_iv, st->st_iv_len);
        close_message(pbs);