#include <crypto/hashers/hasher.h>
#include <crypto/crypters/crypter.h>
+#define PKCS5_SALT_LEN 8 /* bytes */
+
static logger_t *logger = NULL;
/**
{
hasher_t *hasher;
crypter_t *crypter;
+ chunk_t salt = { iv->ptr, PKCS5_SALT_LEN };
chunk_t hash;
chunk_t decrypted;
chunk_t key = {alloca(key_size), key_size};
hash.len = hasher->get_hash_size(hasher);
hash.ptr = alloca(hash.len);
hasher->get_hash(hasher, *passphrase, NULL);
- hasher->get_hash(hasher, *iv, hash.ptr);
+ hasher->get_hash(hasher, salt, hash.ptr);
memcpy(key.ptr, hash.ptr, hash.len);
- printf("hash.len: %d, key.len: %d, iv.len: %d\n", hash.len, key.len, iv->len);
if (key.len > hash.len)
{
hasher->get_hash(hasher, hash, NULL);
hasher->get_hash(hasher, *passphrase, NULL);
- hasher->get_hash(hasher, *iv, hash.ptr);
+ hasher->get_hash(hasher, salt, hash.ptr);
memcpy(key.ptr + hash.len, hash.ptr, key.len - hash.len);
}
hasher->destroy(hasher);
/* decrypt blob */
crypter = crypter_create(alg, key_size);
crypter->set_key(crypter, key);
- logger->log_chunk(logger, CONTROL, " cipher text:", *blob);
if (crypter->decrypt(crypter, *blob, *iv, &decrypted) != SUCCESS)
{
return "data size is not multiple of block size";
}
memcpy(blob->ptr, decrypted.ptr, blob->len);
- logger->log_chunk(logger, CONTROL, " plain text:", *blob);
chunk_free(&decrypted);
/* determine amount of padding */
alg = ENCR_AES_CBC;
key_size = 16;
}
+ else if (match("AES-192-CBC", &dek))
+ {
+ alg = ENCR_AES_CBC;
+ key_size = 24;
+ }
else if (match("AES-256-CBC", &dek))
{
alg = ENCR_AES_CBC;
projects / strongswan.git / commitdiff