diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 8b6aa8bbd..e1e33c19f 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -21,6 +21,7 @@ crypto/signers/signer.c crypto/signers/signer.h \ crypto/crypto_factory.c crypto/crypto_factory.h \ crypto/crypto_tester.c crypto/crypto_tester.h \ crypto/diffie_hellman.c crypto/diffie_hellman.h \ +crypto/aead.c crypto/aead.h \ crypto/transform.c crypto/transform.h \ credentials/credential_factory.c credentials/credential_factory.h \ credentials/builder.c credentials/builder.h \ diff --git a/src/libstrongswan/crypto/aead.c b/src/libstrongswan/crypto/aead.c new file mode 100644 index 000000000..51cb05909 --- /dev/null +++ b/src/libstrongswan/crypto/aead.c @@ -0,0 +1,162 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "aead.h" + +#include + +typedef struct private_aead_t private_aead_t; + +/** + * Private data of an aead_t object. + */ +struct private_aead_t { + + /** + * Public aead_t interface. + */ + aead_t public; + + /** + * traditional crypter + */ + crypter_t *crypter; + + /** + * draditional signer + */ + signer_t *signer; +}; + +METHOD(aead_t, encrypt, void, + private_aead_t *this, chunk_t plain, chunk_t assoc, chunk_t iv, + chunk_t *encrypted) +{ + chunk_t encr, sig; + + this->signer->get_signature(this->signer, assoc, NULL); + this->signer->get_signature(this->signer, iv, NULL); + + if (encrypted) + { + this->crypter->encrypt(this->crypter, plain, iv, &encr); + this->signer->allocate_signature(this->signer, encr, &sig); + *encrypted = chunk_cat("cmm", iv, encr, sig); + } + else + { + this->crypter->encrypt(this->crypter, plain, iv, NULL); + this->signer->get_signature(this->signer, plain, plain.ptr + plain.len); + } +} + +METHOD(aead_t, decrypt, bool, + private_aead_t *this, chunk_t encrypted, chunk_t assoc, chunk_t iv, + chunk_t *plain) +{ + chunk_t sig; + size_t bs; + + bs = this->crypter->get_block_size(this->crypter); + sig.len = this->signer->get_block_size(this->signer); + if (sig.len > encrypted.len || (encrypted.len - sig.len) % bs) + { + DBG1(DBG_LIB, "invalid encrypted data length %d with block size %d", + encrypted.len - sig.len, bs); + return FALSE; + } + chunk_split(encrypted, "mm", encrypted.len - sig.len, + &encrypted, sig.len, &sig); + + this->signer->get_signature(this->signer, assoc, NULL); + this->signer->get_signature(this->signer, iv, NULL); + if (!this->signer->verify_signature(this->signer, encrypted, sig)) + { + DBG1(DBG_LIB, "MAC verification failed"); + return FALSE; + } + this->crypter->decrypt(this->crypter, encrypted, iv, plain); + return TRUE; +} + +METHOD(aead_t, get_block_size, size_t, + private_aead_t *this) +{ + return this->crypter->get_block_size(this->crypter); +} + +METHOD(aead_t, get_icv_size, size_t, + private_aead_t *this) +{ + return this->signer->get_block_size(this->signer); +} + +METHOD(aead_t, get_iv_size, size_t, + private_aead_t *this) +{ + return this->crypter->get_iv_size(this->crypter); +} + +METHOD(aead_t, get_key_size, size_t, + private_aead_t *this) +{ + return this->crypter->get_key_size(this->crypter) + + this->signer->get_key_size(this->signer); +} + +METHOD(aead_t, set_key, void, + private_aead_t *this, chunk_t key) +{ + chunk_t sig, enc; + + chunk_split(key, "mm", this->signer->get_key_size(this->signer), &sig, + this->crypter->get_key_size(this->crypter), &enc); + + this->signer->set_key(this->signer, sig); + this->crypter->set_key(this->crypter, enc); +} + +METHOD(aead_t, destroy, void, + private_aead_t *this) +{ + this->crypter->destroy(this->crypter); + this->signer->destroy(this->signer); + free(this); +} + +/** + * See header + */ +aead_t *aead_create(crypter_t *crypter, signer_t *signer) +{ + private_aead_t *this; + + INIT(this, + .public = { + .encrypt = _encrypt, + .decrypt = _decrypt, + .get_block_size = _get_block_size, + .get_icv_size = _get_icv_size, + .get_iv_size = _get_iv_size, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, + .crypter = crypter, + .signer = signer, + ); + + return &this->public; +} diff --git a/src/libstrongswan/crypto/aead.h b/src/libstrongswan/crypto/aead.h new file mode 100644 index 000000000..d560381d9 --- /dev/null +++ b/src/libstrongswan/crypto/aead.h @@ -0,0 +1,119 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup aead aead + * @{ @ingroup crypto + */ + +#ifndef AEAD_H_ +#define AEAD_H_ + +typedef struct aead_t aead_t; + +#include +#include +#include + +/** + * Authenticated encryption / authentication decryption interface. + */ +struct aead_t { + + /** + * Encrypt and sign data, sign associated data. + * + * The plain data must be a multiple of get_block_size(), the IV must + * have a length of get_iv_size(). + * If encrypted is NULL, the encryption is done inline. The buffer must + * have space for additional get_icv_size() data, the ICV value is + * appended silently to the plain chunk. + * + * @param plain data to encrypt and sign + * @param assoc associated data to sign + * @param iv initialization vector + * @param encrypted allocated encryption result + */ + void (*encrypt)(aead_t *this, chunk_t plain, chunk_t assoc, chunk_t iv, + chunk_t *encrypted); + + /** + * Decrypt and verify data, verify associated data. + * + * The IV must have a length of get_iv_size(). + * If plain is NULL, the decryption is done inline. The decrypted data + * is returned in the encrypted chunk, the last get_icv_size() bytes + * contain the verified ICV. + * + * @param encrypted data to encrypt and verify + * @param assoc associated data to verify + * @param iv initialization vector + * @param plain allocated result, if successful + * @return TRUE if MAC verification successful + */ + bool (*decrypt)(aead_t *this, chunk_t encrypted, chunk_t assoc, chunk_t iv, + chunk_t *plain); + + /** + * Get the block size for encryption. + * + * @return block size in bytes + */ + size_t (*get_block_size)(aead_t *this); + + /** + * Get the integrity check value size of the algorithm. + * + * @return ICV size in bytes + */ + size_t (*get_icv_size)(aead_t *this); + + /** + * Get the size of the initialization vector. + * + * @return IV size in bytes + */ + size_t (*get_iv_size)(aead_t *this); + + /** + * Get the size of the key material (for encryption and authentication). + * + * @return key size in bytes + */ + size_t (*get_key_size)(aead_t *this); + + /** + * Set the key for encryption and authentication. + * + * @param key encryption and authentication key + */ + void (*set_key)(aead_t *this, chunk_t key); + + /** + * Destroy a aead_t. + */ + void (*destroy)(aead_t *this); +}; + +/** + * Create a aead instance using traditional transforms. + * + * @param crypter encryption transform for this aead + * @param signer integrity tranform for this aead + * @return aead transform + */ +aead_t *aead_create(crypter_t *crypter, signer_t *signer); + +#endif /** AEAD_H_ @}*/