aes: Added AES_ECB support
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 21 Nov 2019 20:35:07 +0000 (21:35 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 28 Nov 2019 16:03:09 +0000 (17:03 +0100)
src/libstrongswan/plugins/aes/aes_crypter.c
src/libstrongswan/plugins/aes/aes_plugin.c

index 243a142..fc1d16c 100644 (file)
@@ -70,6 +70,11 @@ struct private_aes_crypter_t {
        * Key size of this AES cypher object.
        */
        uint32_t key_size;
+
+       /**
+       * Does AES mode require an IV
+       */
+       bool has_iv;
 };
 
 /**
@@ -804,26 +809,29 @@ METHOD(crypter_t, decrypt, bool,
        in = data.ptr;
 
        pos = data.len-16;
-       in += pos;
+       in  += pos;
        out += pos;
        while (pos >= 0)
        {
                decrypt_block(this, in, out);
-               if (pos==0)
+               if (this->has_iv)
                {
-                       iv_i=(const uint32_t*) (iv.ptr);
-               }
-               else
-               {
-                       iv_i=(const uint32_t*) (in-16);
+                       if (pos == 0)
+                       {
+                               iv_i = (const uint32_t*) (iv.ptr);
+                       }
+                       else
+                       {
+                               iv_i = (const uint32_t*) (in-16);
+                       }
+                       *((uint32_t *)(&out[ 0])) ^= iv_i[0];
+                       *((uint32_t *)(&out[ 4])) ^= iv_i[1];
+                       *((uint32_t *)(&out[ 8])) ^= iv_i[2];
+                       *((uint32_t *)(&out[12])) ^= iv_i[3];
                }
-               *((uint32_t *)(&out[ 0])) ^= iv_i[0];
-               *((uint32_t *)(&out[ 4])) ^= iv_i[1];
-               *((uint32_t *)(&out[ 8])) ^= iv_i[2];
-               *((uint32_t *)(&out[12])) ^= iv_i[3];
-               in-=16;
-               out-=16;
-               pos-=16;
+               in-=  16;
+               out-= 16;
+               pos-= 16;
        }
        return TRUE;
 }
@@ -835,7 +843,7 @@ METHOD(crypter_t, encrypt, bool,
        const uint32_t *iv_i;
        uint8_t *in, *out;
 
-       in = data.ptr;
+       in  = data.ptr;
        out = data.ptr;
        if (encrypted)
        {
@@ -843,25 +851,36 @@ METHOD(crypter_t, encrypt, bool,
                out = encrypted->ptr;
        }
 
-       pos=0;
-       while(pos<data.len)
+       pos = 0;
+       while (pos < data.len)
        {
-               if (pos==0)
+               if (this->has_iv)
                {
-                       iv_i=(const uint32_t*) iv.ptr;
+                       if (pos == 0)
+                       {
+                               iv_i = (const uint32_t*) iv.ptr;
+                       }
+                       else
+                       {
+                               iv_i = (const uint32_t*) (out-16);
+                       }
+                       *((uint32_t *)(&out[ 0])) = iv_i[0]^*((const uint32_t *)(&in[ 0]));
+                       *((uint32_t *)(&out[ 4])) = iv_i[1]^*((const uint32_t *)(&in[ 4]));
+                       *((uint32_t *)(&out[ 8])) = iv_i[2]^*((const uint32_t *)(&in[ 8]));
+                       *((uint32_t *)(&out[12])) = iv_i[3]^*((const uint32_t *)(&in[12]));
                }
                else
                {
-                       iv_i=(const uint32_t*) (out-16);
+                       *((uint32_t *)(&out[ 0])) = *((const uint32_t *)(&in[ 0]));
+                       *((uint32_t *)(&out[ 4])) = *((const uint32_t *)(&in[ 4]));
+                       *((uint32_t *)(&out[ 8])) = *((const uint32_t *)(&in[ 8]));
+                       *((uint32_t *)(&out[12])) = *((const uint32_t *)(&in[12]));
+
                }
-               *((uint32_t *)(&out[ 0])) = iv_i[0]^*((const uint32_t *)(&in[ 0]));
-               *((uint32_t *)(&out[ 4])) = iv_i[1]^*((const uint32_t *)(&in[ 4]));
-               *((uint32_t *)(&out[ 8])) = iv_i[2]^*((const uint32_t *)(&in[ 8]));
-               *((uint32_t *)(&out[12])) = iv_i[3]^*((const uint32_t *)(&in[12]));
                encrypt_block(this, out, out);
-               in+=16;
-               out+=16;
-               pos+=16;
+               in+=  16;
+               out+= 16;
+               pos+= 16;
        }
        return TRUE;
 }
@@ -875,7 +894,7 @@ METHOD(crypter_t, get_block_size, size_t,
 METHOD(crypter_t, get_iv_size, size_t,
        private_aes_crypter_t *this)
 {
-       return AES_BLOCK_SIZE;
+       return this->has_iv ? AES_BLOCK_SIZE : 0;
 }
 
 METHOD(crypter_t, get_key_size, size_t,
@@ -978,11 +997,20 @@ METHOD(crypter_t, destroy, void,
 aes_crypter_t *aes_crypter_create(encryption_algorithm_t algo, size_t key_size)
 {
        private_aes_crypter_t *this;
+       bool has_iv;
 
-       if (algo != ENCR_AES_CBC)
+       switch (algo)
        {
-               return NULL;
+               case ENCR_AES_CBC:
+                       has_iv = TRUE;
+                       break;
+               case ENCR_AES_ECB:
+                       has_iv = FALSE;
+                       break;
+               default:
+                       return NULL;
        }
+
        switch (key_size)
        {
                case 0:
@@ -1010,6 +1038,7 @@ aes_crypter_t *aes_crypter_create(encryption_algorithm_t algo, size_t key_size)
                },
                .key_size = key_size,
                .aes_Nkey = key_size / 4,
+               .has_iv = has_iv,
        );
 
        return &this->public;
index bfb356e..27dbd18 100644 (file)
@@ -45,6 +45,9 @@ METHOD(plugin_t, get_features, int,
                        PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16),
                        PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24),
                        PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32),
+                       PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 16),
+                       PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 24),
+                       PLUGIN_PROVIDE(CRYPTER, ENCR_AES_ECB, 32),
        };
        *features = f;
        return countof(f);