cleaned up pluto's crypto framework
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 14 May 2009 20:56:10 +0000 (22:56 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 14 May 2009 20:56:10 +0000 (22:56 +0200)
13 files changed:
src/libstrongswan/crypto/crypters/crypter.h
src/libstrongswan/plugins/aes/aes_crypter.c
src/libstrongswan/plugins/blowfish/blowfish_crypter.c
src/libstrongswan/plugins/des/des_crypter.c
src/libstrongswan/plugins/serpent/serpent_crypter.c
src/libstrongswan/plugins/twofish/twofish_crypter.c
src/pluto/alg/ike_alg_aes.c
src/pluto/alg/ike_alg_blowfish.c
src/pluto/alg/ike_alg_serpent.c
src/pluto/alg/ike_alg_twofish.c
src/pluto/crypto.c
src/pluto/crypto.h
src/pluto/ike_alg.h

index f2b18d3..2879e24 100644 (file)
@@ -61,6 +61,12 @@ enum encryption_algorithm_t {
     ENCR_TWOFISH_CBC =      1027
 };
 
+#define DES_BLOCK_SIZE                  8
+#define BLOWFISH_BLOCK_SIZE             8
+#define AES_BLOCK_SIZE                 16
+#define SERPENT_BLOCK_SIZE             16
+#define TWOFISH_BLOCK_SIZE             16
+
 /**
  * enum name for encryption_algorithm_t.
  */
index 375bd74..c5b0917 100644 (file)
@@ -32,8 +32,6 @@
 #define AES_KS_LENGTH   120
 #define AES_RC_LENGTH    29
 
-#define AES_BLOCK_SIZE 16
-
 typedef struct private_aes_crypter_t private_aes_crypter_t;
 
 /**
index 01e6cf5..5064bfe 100644 (file)
@@ -64,8 +64,6 @@
  
 #include "blowfish_crypter.h"
 
-#define BLOWFISH_BLOCK_SIZE            8
-
 typedef struct private_blowfish_crypter_t private_blowfish_crypter_t;
 
 /**
index 7a382df..680fe8b 100644 (file)
@@ -60,7 +60,7 @@
 
 #include "des_crypter.h"
 
-typedef u_char des_cblock[8];
+typedef u_char des_cblock[DES_BLOCK_SIZE];
 
 typedef struct des_ks_struct {
        des_cblock _;
index 613c337..660a3db 100644 (file)
@@ -18,8 +18,6 @@
 #include "serpent_crypter.h"
 #include "serpent.h"
 
-#define SERPENT_BLOCK_SIZE 16
-
 typedef struct private_serpent_crypter_t private_serpent_crypter_t;
 
 /**
index 898ac89..854c99e 100644 (file)
@@ -18,8 +18,6 @@
 #include "twofish_crypter.h"
 #include "twofish.h"
 
-#define TWOFISH_BLOCK_SIZE 16
-
 typedef struct private_twofish_crypter_t private_twofish_crypter_t;
 
 /**
index c635af7..8ed00c5 100644 (file)
@@ -7,52 +7,24 @@
 #include "constants.h"
 #include "defs.h"
 #include "log.h"
-#include "libaes/aes_cbc.h"
 #include "alg_info.h"
 #include "ike_alg.h"
 
-#define  AES_CBC_BLOCK_SIZE    (128/BITS_PER_BYTE)
 #define  AES_KEY_MIN_LEN       128
 #define  AES_KEY_DEF_LEN       128
 #define  AES_KEY_MAX_LEN       256
 
-static void
-do_aes(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc)
-{
-    aes_context aes_ctx;
-    char iv_bak[AES_CBC_BLOCK_SIZE];
-    char *new_iv = NULL;       /* logic will avoid copy to NULL */
-
-    aes_set_key(&aes_ctx, key, key_size, 0);
-
-    /* 
-     * my AES cbc does not touch passed IV (optimization for
-     * ESP handling), so I must "emulate" des-like IV
-     * crunching
-     */
-    if (!enc)
-       memcpy(new_iv=iv_bak, (char*) buf + buf_len - AES_CBC_BLOCK_SIZE
-               , AES_CBC_BLOCK_SIZE);
-
-    SS_AES_cbc_encrypt(&aes_ctx, buf, buf, buf_len, iv, enc);
-
-    if (enc)
-       new_iv = (char*) buf + buf_len-AES_CBC_BLOCK_SIZE;
-
-    memcpy(iv, new_iv, AES_CBC_BLOCK_SIZE);
-}
-
 struct encrypt_desc algo_aes =
 {
        algo_type:      IKE_ALG_ENCRYPT,
        algo_id:        OAKLEY_AES_CBC,
        algo_next:      NULL, 
-       enc_ctxsize:    sizeof(aes_context),
-       enc_blocksize:  AES_CBC_BLOCK_SIZE,
-       keyminlen:      AES_KEY_MIN_LEN,
-       keydeflen:      AES_KEY_DEF_LEN,
-       keymaxlen:      AES_KEY_MAX_LEN,
-       do_crypt:       do_aes,
+
+       enc_blocksize:  AES_BLOCK_SIZE,
+       keyminlen:              AES_KEY_MIN_LEN,
+       keydeflen:              AES_KEY_DEF_LEN,
+       keymaxlen:              AES_KEY_MAX_LEN,
+       enc_testvectors: NULL
 };
 
 int ike_alg_aes_init(void);
index 3172cd8..427e1c9 100644 (file)
@@ -7,11 +7,9 @@
 #include "constants.h"
 #include "defs.h"
 #include "log.h"
-#include "libblowfish/blowfish.h"
 #include "alg_info.h"
 #include "ike_alg.h"
 
-#define  BLOWFISH_CBC_BLOCK_SIZE       8       /* block size */
 #define  BLOWFISH_KEY_MIN_LEN  128
 #define  BLOWFISH_KEY_MAX_LEN  448
 
@@ -91,26 +89,16 @@ static const enc_testvector_t bf_enc_testvectors[] = {
        { 0, NULL, NULL, 0, NULL, NULL }
 };
 
-static void
-do_blowfish(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc)
-{
-    BF_KEY bf_ctx;
-
-    BF_set_key(&bf_ctx, key_size , key);
-    BF_cbc_encrypt(buf, buf, buf_len, &bf_ctx, iv, enc);
-}
-
 struct encrypt_desc algo_blowfish =
 {
        algo_type: IKE_ALG_ENCRYPT,
        algo_id:   OAKLEY_BLOWFISH_CBC,
        algo_next: NULL, 
-       enc_ctxsize: sizeof(BF_KEY),
-       enc_blocksize: BLOWFISH_CBC_BLOCK_SIZE,
-       keyminlen: BLOWFISH_KEY_MIN_LEN,
-       keydeflen: BLOWFISH_KEY_MIN_LEN,
-       keymaxlen: BLOWFISH_KEY_MAX_LEN,
-       do_crypt: do_blowfish,
+
+       enc_blocksize:  BLOWFISH_BLOCK_SIZE,
+       keyminlen:              BLOWFISH_KEY_MIN_LEN,
+       keydeflen:              BLOWFISH_KEY_MIN_LEN,
+       keymaxlen:              BLOWFISH_KEY_MAX_LEN,
        enc_testvectors: bf_enc_testvectors,
 };
 
index c7b6cfe..4bcd739 100644 (file)
@@ -7,53 +7,23 @@
 #include "constants.h"
 #include "defs.h"
 #include "log.h"
-#include "libserpent/serpent_cbc.h"
 #include "alg_info.h"
 #include "ike_alg.h"
 
-#define  SERPENT_CBC_BLOCK_SIZE        (128/BITS_PER_BYTE)
 #define  SERPENT_KEY_MIN_LEN   128
 #define  SERPENT_KEY_DEF_LEN   128
 #define  SERPENT_KEY_MAX_LEN   256
 
-static void
-do_serpent(u_int8_t *buf, size_t buf_size, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc)
-{
-    serpent_context serpent_ctx;
-    char iv_bak[SERPENT_CBC_BLOCK_SIZE];
-    char *new_iv = NULL;       /* logic will avoid copy to NULL */
-
-
-    serpent_set_key(&serpent_ctx, key, key_size);
-    /* 
-     * my SERPENT cbc does not touch passed IV (optimization for
-     * ESP handling), so I must "emulate" des-like IV
-     * crunching
-     */
-    if (!enc)
-           memcpy(new_iv=iv_bak, 
-                           (char*) buf + buf_size-SERPENT_CBC_BLOCK_SIZE,
-                           SERPENT_CBC_BLOCK_SIZE);
-
-    serpent_cbc_encrypt(&serpent_ctx, buf, buf, buf_size, iv, enc);
-
-    if (enc)
-           new_iv = (char*) buf + buf_size-SERPENT_CBC_BLOCK_SIZE;
-
-    memcpy(iv, new_iv, SERPENT_CBC_BLOCK_SIZE);
-}
-
 struct encrypt_desc encrypt_desc_serpent =
 {
        algo_type:      IKE_ALG_ENCRYPT,
        algo_id:        OAKLEY_SERPENT_CBC,
        algo_next:      NULL,
-       enc_ctxsize:    sizeof(struct serpent_context),
-       enc_blocksize:  SERPENT_CBC_BLOCK_SIZE,
-       keyminlen:      SERPENT_KEY_MIN_LEN,
-       keydeflen:      SERPENT_KEY_DEF_LEN,
-       keymaxlen:      SERPENT_KEY_MAX_LEN,
-       do_crypt:       do_serpent,
+
+       enc_blocksize:  SERPENT_BLOCK_SIZE,
+       keyminlen:              SERPENT_KEY_MIN_LEN,
+       keydeflen:              SERPENT_KEY_DEF_LEN,
+       keymaxlen:              SERPENT_KEY_MAX_LEN,
        enc_testvectors: NULL           
 };
 
index 9d40e3e..38ba4ad 100644 (file)
 #include "alg_info.h"
 #include "ike_alg.h"
 
-#define  TWOFISH_CBC_BLOCK_SIZE        (128/BITS_PER_BYTE)
 #define  TWOFISH_KEY_MIN_LEN   128
 #define  TWOFISH_KEY_DEF_LEN   128
 #define  TWOFISH_KEY_MAX_LEN   256
 
-static void
-do_twofish(u_int8_t *buf, size_t buf_size, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc)
-{
-    twofish_context twofish_ctx;
-    char iv_bak[TWOFISH_CBC_BLOCK_SIZE];
-    char *new_iv = NULL;       /* logic will avoid copy to NULL */
-
-    twofish_set_key(&twofish_ctx, key, key_size);
-    /* 
-     * my TWOFISH cbc does not touch passed IV (optimization for
-     * ESP handling), so I must "emulate" des-like IV
-     * crunching
-     */
-    if (!enc)
-           memcpy(new_iv=iv_bak, 
-                           (char*) buf + buf_size-TWOFISH_CBC_BLOCK_SIZE,
-                           TWOFISH_CBC_BLOCK_SIZE);
-
-    twofish_cbc_encrypt(&twofish_ctx, buf, buf, buf_size, iv, enc);
-
-    if (enc)
-           new_iv = (char*) buf + buf_size-TWOFISH_CBC_BLOCK_SIZE;
-
-    memcpy(iv, new_iv, TWOFISH_CBC_BLOCK_SIZE);
-}
-
 struct encrypt_desc encrypt_desc_twofish = 
 {
        algo_type:      IKE_ALG_ENCRYPT,
        algo_id:        OAKLEY_TWOFISH_CBC,
        algo_next:      NULL,
-       enc_ctxsize:    sizeof(twofish_context),
-       enc_blocksize:  TWOFISH_CBC_BLOCK_SIZE,
-       keydeflen:      TWOFISH_KEY_MIN_LEN,
-       keyminlen:      TWOFISH_KEY_DEF_LEN,
-       keymaxlen:      TWOFISH_KEY_MAX_LEN,
-       do_crypt:       do_twofish,
+
+       enc_blocksize:  TWOFISH_BLOCK_SIZE,
+       keydeflen:              TWOFISH_KEY_MIN_LEN,
+       keyminlen:              TWOFISH_KEY_DEF_LEN,
+       keymaxlen:              TWOFISH_KEY_MAX_LEN,
        enc_testvectors: NULL
 };
 
@@ -61,12 +33,12 @@ struct encrypt_desc encrypt_desc_twofish_ssh =
        algo_type:      IKE_ALG_ENCRYPT,
        algo_id:        OAKLEY_TWOFISH_CBC_SSH,
        algo_next:      NULL,
-       enc_ctxsize:    sizeof(twofish_context),
-        enc_blocksize:         TWOFISH_CBC_BLOCK_SIZE,
-        keydeflen:     TWOFISH_KEY_MIN_LEN,
-        keyminlen:     TWOFISH_KEY_DEF_LEN,
-       keymaxlen:      TWOFISH_KEY_MAX_LEN,
-       do_crypt:       do_twofish,
+
+       enc_blocksize:  TWOFISH_BLOCK_SIZE,
+       keydeflen:              TWOFISH_KEY_MIN_LEN,
+       keyminlen:              TWOFISH_KEY_DEF_LEN,
+       keymaxlen:              TWOFISH_KEY_MAX_LEN,
+       enc_testvectors: NULL
 };
 
 int ike_alg_twofish_init(void);
index cb28c16..68d1cfd 100644 (file)
@@ -24,8 +24,6 @@
 
 #include <errno.h>
 
-#include <crypto/hashers/hasher.h>
-
 #include "constants.h"
 #include "defs.h"
 #include "state.h"
@@ -48,19 +46,16 @@ static MP_INT
 
 MP_INT groupgenerator;  /* MODP group generator (2) */
 
-static void do_3des(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc);
-
 static struct encrypt_desc crypto_encryptor_3des =
 {       
                algo_type:      IKE_ALG_ENCRYPT,
                algo_id:        OAKLEY_3DES_CBC, 
                algo_next:      NULL,
-               enc_ctxsize:    sizeof(des_key_schedule) * 3,
-               enc_blocksize:  DES_CBC_BLOCK_SIZE, 
-               keydeflen:      DES_CBC_BLOCK_SIZE * 3 * BITS_PER_BYTE,
-               keyminlen:      DES_CBC_BLOCK_SIZE * 3 * BITS_PER_BYTE,
-               keymaxlen:      DES_CBC_BLOCK_SIZE * 3 * BITS_PER_BYTE,
-               do_crypt:       do_3des,
+
+               enc_blocksize:  DES_BLOCK_SIZE, 
+               keydeflen:              DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
+               keyminlen:              DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
+               keymaxlen:              DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
                enc_testvectors: NULL
 };
 
@@ -508,42 +503,6 @@ const struct oakley_group_desc *lookup_group(u_int16_t group)
  * This must already be initialized.
  */
 
-/* encrypt or decrypt part of an IKE message using DES
- * See RFC 2409 "IKE" Appendix B
- */
-static void __attribute__ ((unused))
-do_des(bool enc, void *buf, size_t buf_len, struct state *st)
-{
-       des_key_schedule ks;
-
-       (void) des_set_key((des_cblock *)st->st_enc_key.ptr, ks);
-
-       passert(st->st_new_iv_len >= DES_CBC_BLOCK_SIZE);
-       st->st_new_iv_len = DES_CBC_BLOCK_SIZE;     /* truncate */
-
-       des_ncbc_encrypt((des_cblock *)buf, (des_cblock *)buf, buf_len,
-               ks,
-               (des_cblock *)st->st_new_iv, enc);
-}
-
-/* encrypt or decrypt part of an IKE message using 3DES
- * See RFC 2409 "IKE" Appendix B
- */
-static void do_3des(u_int8_t *buf, size_t buf_len, u_int8_t *key,
-                                       size_t key_size, u_int8_t *iv, bool enc)
-{
-       des_key_schedule ks[3];
-
-       passert (!key_size || (key_size==(DES_CBC_BLOCK_SIZE * 3)))
-       (void) des_set_key((des_cblock *)key + 0, ks[0]);
-       (void) des_set_key((des_cblock *)key + 1, ks[1]);
-       (void) des_set_key((des_cblock *)key + 2, ks[2]);
-
-       des_ede3_cbc_encrypt((des_cblock *)buf, (des_cblock *)buf, buf_len,
-               ks[0], ks[1], ks[2],
-               (des_cblock *)iv, enc);
-}
-
 encryption_algorithm_t oakley_to_encryption_algorithm(int alg)
 {
        switch (alg)
index 8aecd41..ae05524 100644 (file)
@@ -12,7 +12,7 @@
  * for more details.
  */
 
-#include <crypto/hashers/hasher.h>
+#include <crypto/crypters/crypter.h>
 #include <crypto/hashers/hasher.h>
 #include <crypto/prfs/prf.h>
 
index 4bc1f90..c690d41 100644 (file)
@@ -39,12 +39,10 @@ struct encrypt_desc {
        u_int16_t algo_id;
        struct ike_alg *algo_next;
 
-       size_t enc_ctxsize;
        size_t enc_blocksize;
        u_int keydeflen;
        u_int keymaxlen;
        u_int keyminlen;
-       void (*do_crypt)(u_int8_t *dat, size_t datasize, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc);
        const enc_testvector_t *enc_testvectors;
 };
 
@@ -69,6 +67,7 @@ struct hash_desc {
        u_int16_t algo_type;
        u_int16_t algo_id;
        struct ike_alg *algo_next;
+
        size_t hash_digest_size;
        const hash_testvector_t *hash_testvectors;
        const hmac_testvector_t *hmac_testvectors;