ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Add a return value to crypter_t.encrypt

This commit is contained in:
Martin Willi 2012-07-06 15:54:03 +02:00
parent c3858662d2
commit e35abbe588
21 changed files with 233 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
scripts/crypt_burn.c
View File

@ -104,9 +104,12 @@ int main(int argc, char *argv[])
while (i--)
{
crypter->encrypt(crypter,
chunk_create(buffer, sizeof(buffer) / bs * bs),
chunk_create(iv, crypter->get_iv_size(crypter)), NULL);
if (!crypter->encrypt(crypter,
chunk_create(buffer, sizeof(buffer) / bs * bs),
chunk_create(iv, crypter->get_iv_size(crypter)), NULL))
{
continue;
}
crypter->decrypt(crypter,
chunk_create(buffer, sizeof(buffer) / bs * bs),
chunk_create(iv, crypter->get_iv_size(crypter)), NULL);

8
src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
View File

@ -337,9 +337,15 @@ static status_t ChallengeResponse(chunk_t challenge_hash, chunk_t password_hash,
for (i = 0; i < 3; i++)
{
chunk_t expanded, encrypted;
expanded = ExpandDESKey(keys[i]);
crypter->set_key(crypter, expanded);
crypter->encrypt(crypter, challenge_hash, chunk_empty, &encrypted);
if (!crypter->encrypt(crypter, challenge_hash, chunk_empty, &encrypted))
{
chunk_clear(&expanded);
crypter->destroy(crypter);
return FAILED;
}
memcpy(&response->ptr[i * 8], encrypted.ptr, encrypted.len);
chunk_clear(&encrypted);
chunk_clear(&expanded);

3
src/libcharon/sa/ikev1/keymat_v1.c
View File

@ -167,8 +167,7 @@ METHOD(aead_t, encrypt, bool,
private_aead_t *this, chunk_t plain, chunk_t assoc, chunk_t iv,
chunk_t *encrypted)
{
this->crypter->encrypt(this->crypter, plain, iv, encrypted);
return TRUE;
return this->crypter->encrypt(this->crypter, plain, iv, encrypted);
}
METHOD(aead_t, decrypt, bool,

5
src/libsimaka/simaka_message.c
View File

@ -780,7 +780,10 @@ METHOD(simaka_message_t, generate, bool,
out = chunk_skip(out, iv.len);
/* inline encryption */
crypter->encrypt(crypter, encr, iv, NULL);
if (!crypter->encrypt(crypter, encr, iv, NULL))
{
return FALSE;
}
/* add ENCR_DATA attribute */
hdr = (attr_hdr_t*)out.ptr;

10
src/libstrongswan/crypto/aead.c
View File

@ -54,17 +54,21 @@ METHOD(aead_t, encrypt, bool,
if (encrypted)
{
this->crypter->encrypt(this->crypter, plain, iv, &encr);
if (!this->crypter->encrypt(this->crypter, plain, iv, &encr))
{
return FALSE;
}
if (!this->signer->allocate_signature(this->signer, encr, &sig))
{
free(encr.ptr);
return FALSE;
}
*encrypted = chunk_cat("cmm", iv, encr, sig);
}
else
{
this->crypter->encrypt(this->crypter, plain, iv, NULL);
if (!this->signer->get_signature(this->signer,
if (!this->crypter->encrypt(this->crypter, plain, iv, NULL) ||
!this->signer->get_signature(this->signer,
plain, plain.ptr + plain.len))
{
return FALSE;

4
src/libstrongswan/crypto/crypters/crypter.h
View File

@ -90,8 +90,10 @@ struct crypter_t {
* @param data data to encrypt
* @param iv initializing vector
* @param encrypted chunk to allocate encrypted data, or NULL
* @return TRUE if encryption successful
*/
void (*encrypt) (crypter_t *this, chunk_t data, chunk_t iv,
__attribute__((warn_unused_result))
bool (*encrypt) (crypter_t *this, chunk_t data, chunk_t iv,
chunk_t *encrypted);
/**

16
src/libstrongswan/crypto/crypto_tester.c
View File

@ -160,8 +160,10 @@ static u_int bench_crypter(private_crypto_tester_t *this,
start_timing(&start);
while (end_timing(&start) < this->bench_time)
{
crypter->encrypt(crypter, buf, chunk_from_thing(iv), NULL);
runs++;
if (crypter->encrypt(crypter, buf, chunk_from_thing(iv), NULL))
{
runs++;
}
crypter->decrypt(crypter, buf, chunk_from_thing(iv), NULL);
runs++;
}
@ -215,7 +217,10 @@ METHOD(crypto_tester_t, test_crypter, bool,
/* allocated encryption */
plain = chunk_create(vector->plain, vector->len);
crypter->encrypt(crypter, plain, iv, &cipher);
if (!crypter->encrypt(crypter, plain, iv, &cipher))
{
failed = TRUE;
}
if (!memeq(vector->cipher, cipher.ptr, cipher.len))
{
failed = TRUE;
@ -235,7 +240,10 @@ METHOD(crypto_tester_t, test_crypter, bool,
failed = TRUE;
}
/* inline encryption */
crypter->encrypt(crypter, plain, iv, NULL);
if (!crypter->encrypt(crypter, plain, iv, NULL))
{
failed = TRUE;
}
if (!memeq(vector->cipher, plain.ptr, plain.len))
{
failed = TRUE;

9
src/libstrongswan/crypto/pkcs7.c
View File

@ -831,7 +831,14 @@ METHOD(pkcs7_t, build_envelopedData, bool,
/* symmetric encryption of data object */
crypter->set_key(crypter, symmetricKey);
crypter->encrypt(crypter, in, iv, &out);
if (!crypter->encrypt(crypter, in, iv, &out))
{
crypter->destroy(crypter);
chunk_clear(&in);
chunk_clear(&symmetricKey);
chunk_free(&iv);
return FALSE;
}
crypter->destroy(crypter);
chunk_clear(&in);
DBG3(DBG_LIB, " encrypted data: %B", &out);

3
src/libstrongswan/plugins/aes/aes_crypter.c
View File

@ -1373,7 +1373,7 @@ METHOD(crypter_t, decrypt, void,
}
}
METHOD(crypter_t, encrypt, void,
METHOD(crypter_t, encrypt, bool,
private_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
int pos;
@ -1408,6 +1408,7 @@ METHOD(crypter_t, encrypt, void,
out+=16;
pos+=16;
}
return TRUE;
}
METHOD(crypter_t, get_block_size, size_t,

3
src/libstrongswan/plugins/af_alg/af_alg_crypter.c
View File

@ -145,7 +145,7 @@ METHOD(crypter_t, decrypt, void,
}
}
METHOD(crypter_t, encrypt, void,
METHOD(crypter_t, encrypt, bool,
private_af_alg_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
if (dst)
@ -157,6 +157,7 @@ METHOD(crypter_t, encrypt, void,
{
this->ops->crypt(this->ops, ALG_OP_ENCRYPT, iv, data, data.ptr);
}
return TRUE;
}
METHOD(crypter_t, get_block_size, size_t,

4
src/libstrongswan/plugins/blowfish/blowfish_crypter.c
View File

@ -110,7 +110,7 @@ METHOD(crypter_t, decrypt, void,
free(iv.ptr);
}
METHOD(crypter_t, encrypt, void,
METHOD(crypter_t, encrypt, bool,
private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
chunk_t *encrypted)
{
@ -131,6 +131,8 @@ METHOD(crypter_t, encrypt, void,
BF_cbc_encrypt(in, out, data.len, &this->schedule, iv.ptr, 1);
free(iv.ptr);
return TRUE;
}
METHOD(crypter_t, get_block_size, size_t,

65
src/libstrongswan/plugins/ccm/ccm_aead.c
View File

@ -126,7 +126,7 @@ static void build_ctr(private_ccm_aead_t *this, u_int32_t i, chunk_t iv,
/**
* En-/Decrypt data
*/
static void crypt_data(private_ccm_aead_t *this, chunk_t iv,
static bool crypt_data(private_ccm_aead_t *this, chunk_t iv,
chunk_t in, chunk_t out)
{
char ctr[BLOCK_SIZE];
@ -139,8 +139,11 @@ static void crypt_data(private_ccm_aead_t *this, chunk_t iv,
while (in.len > 0)
{
memcpy(block, ctr, BLOCK_SIZE);
this->crypter->encrypt(this->crypter, chunk_from_thing(block),
chunk_from_thing(zero), NULL);
if (!this->crypter->encrypt(this->crypter, chunk_from_thing(block),
chunk_from_thing(zero), NULL))
{
return FALSE;
}
chunk_increment(chunk_from_thing(ctr));
if (in.ptr != out.ptr)
@ -151,12 +154,13 @@ static void crypt_data(private_ccm_aead_t *this, chunk_t iv,
in = chunk_skip(in, BLOCK_SIZE);
out = chunk_skip(out, BLOCK_SIZE);
}
return TRUE;
}
/**
* En-/Decrypt the ICV
*/
static void crypt_icv(private_ccm_aead_t *this, chunk_t iv, char *icv)
static bool crypt_icv(private_ccm_aead_t *this, chunk_t iv, char *icv)
{
char ctr[BLOCK_SIZE];
char zero[BLOCK_SIZE];
@ -164,15 +168,19 @@ static void crypt_icv(private_ccm_aead_t *this, chunk_t iv, char *icv)
build_ctr(this, 0, iv, ctr);
memset(zero, 0, BLOCK_SIZE);
this->crypter->encrypt(this->crypter, chunk_from_thing(ctr),
chunk_from_thing(zero), NULL);
if (!this->crypter->encrypt(this->crypter, chunk_from_thing(ctr),
chunk_from_thing(zero), NULL))
{
return FALSE;
}
memxor(icv, ctr, this->icv_size);
return TRUE;
}
/**
* Create the ICV
*/
static void create_icv(private_ccm_aead_t *this, chunk_t plain, chunk_t assoc,
static bool create_icv(private_ccm_aead_t *this, chunk_t plain, chunk_t assoc,
chunk_t iv, char *icv)
{
char zero[BLOCK_SIZE];
@ -217,14 +225,19 @@ static void create_icv(private_ccm_aead_t *this, chunk_t plain, chunk_t assoc,
memset(pos, 0, len);
/* encrypt inline with CBC, zero IV */
this->crypter->encrypt(this->crypter, chunk, chunk_from_thing(zero), NULL);
if (!this->crypter->encrypt(this->crypter, chunk,
chunk_from_thing(zero), NULL))
{
free(chunk.ptr);
return FALSE;
}
/* copy last icv_size bytes as ICV to output */
memcpy(icv, chunk.ptr + chunk.len - BLOCK_SIZE, this->icv_size);
/* encrypt the ICV value */
crypt_icv(this, iv, icv);
free(chunk.ptr);
/* encrypt the ICV value */
return crypt_icv(this, iv, icv);
}
/**
@ -235,9 +248,8 @@ static bool verify_icv(private_ccm_aead_t *this, chunk_t plain, chunk_t assoc,
{
char buf[this->icv_size];
create_icv(this, plain, assoc, iv, buf);
return memeq(buf, icv, this->icv_size);
return create_icv(this, plain, assoc, iv, buf) &&
memeq(buf, icv, this->icv_size);
}
METHOD(aead_t, encrypt, bool,
@ -247,15 +259,11 @@ METHOD(aead_t, encrypt, bool,
if (encrypted)
{
*encrypted = chunk_alloc(plain.len + this->icv_size);
create_icv(this, plain, assoc, iv, encrypted->ptr + plain.len);
crypt_data(this, iv, plain, *encrypted);
return create_icv(this, plain, assoc, iv, encrypted->ptr + plain.len) &&
crypt_data(this, iv, plain, *encrypted);
}
else
{
create_icv(this, plain, assoc, iv, plain.ptr + plain.len);
crypt_data(this, iv, plain, plain);
}
return TRUE;
return create_icv(this, plain, assoc, iv, plain.ptr + plain.len) &&
crypt_data(this, iv, plain, plain);
}
METHOD(aead_t, decrypt, bool,
@ -270,16 +278,13 @@ METHOD(aead_t, decrypt, bool,
if (plain)
{
*plain = chunk_alloc(encrypted.len);
crypt_data(this, iv, encrypted, *plain);
return verify_icv(this, *plain, assoc, iv,
encrypted.ptr + encrypted.len);
}
else
{
crypt_data(this, iv, encrypted, encrypted);
return verify_icv(this, encrypted, assoc, iv,
return crypt_data(this, iv, encrypted, *plain) &&
verify_icv(this, *plain, assoc, iv,
encrypted.ptr + encrypted.len);
}
return crypt_data(this, iv, encrypted, encrypted) &&
verify_icv(this, encrypted, assoc, iv,
encrypted.ptr + encrypted.len);
}
METHOD(aead_t, get_block_size, size_t,

37
src/libstrongswan/plugins/cmac/cmac.c
View File

@ -75,7 +75,7 @@ struct private_mac_t {
/**
* process supplied data, but do not run final operation
*/
static void update(private_mac_t *this, chunk_t data)
static bool update(private_mac_t *this, chunk_t data)
{
chunk_t iv;
@ -83,7 +83,7 @@ static void update(private_mac_t *this, chunk_t data)
{ /* no complete block (or last block), just copy into remaining */
memcpy(this->remaining + this->remaining_bytes, data.ptr, data.len);
this->remaining_bytes += data.len;
return;
return TRUE;
}
iv = chunk_alloca(this->b);
@ -100,7 +100,10 @@ static void update(private_mac_t *this, chunk_t data)
this->b - this->remaining_bytes);
data = chunk_skip(data, this->b - this->remaining_bytes);
memxor(this->t, this->remaining, this->b);
this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
if (!this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL))
{
return FALSE;
}
/* process blocks M_2 ... M_n-1 */
while (data.len > this->b)
@ -108,18 +111,23 @@ static void update(private_mac_t *this, chunk_t data)
memcpy(this->remaining, data.ptr, this->b);
data = chunk_skip(data, this->b);
memxor(this->t, this->remaining, this->b);
this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
if (!this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL))
{
return FALSE;
}
}
/* store remaining bytes of block M_n */
memcpy(this->remaining, data.ptr, data.len);
this->remaining_bytes = data.len;
return TRUE;
}
/**
* process last block M_last
*/
static void final(private_mac_t *this, u_int8_t *out)
static bool final(private_mac_t *this, u_int8_t *out)
{
chunk_t iv;
@ -156,24 +164,32 @@ static void final(private_mac_t *this, u_int8_t *out)
* T := AES-128(K,T);
*/
memxor(this->t, this->remaining, this->b);
this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
if (!this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL))
{
return FALSE;
}
memcpy(out, this->t, this->b);
/* reset state */
memset(this->t, 0, this->b);
this->remaining_bytes = 0;
return TRUE;
}
METHOD(mac_t, get_mac, bool,
private_mac_t *this, chunk_t data, u_int8_t *out)
{
/* update T, do not process last block */
update(this, data);
if (!update(this, data))
{
return FALSE;
}
if (out)
{ /* if not in append mode, process last block and output result */
final(this, out);
return final(this, out);
}
return TRUE;
}
@ -264,7 +280,10 @@ METHOD(mac_t, set_key, bool,
l = chunk_alloca(this->b);
memset(l.ptr, 0, l.len);
this->k->set_key(this->k, resized);
this->k->encrypt(this->k, l, iv, NULL);
if (!this->k->encrypt(this->k, l, iv, NULL))
{
return FALSE;
}
derive_key(l);
memcpy(this->k1, l.ptr, l.len);
derive_key(l);

19
src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c
View File

@ -45,7 +45,7 @@ struct private_ctr_ipsec_crypter_t {
/**
* Do the CTR crypto operation
*/
static void crypt_ctr(private_ctr_ipsec_crypter_t *this,
static bool crypt_ctr(private_ctr_ipsec_crypter_t *this,
chunk_t in, chunk_t out)
{
size_t is, bs;
@ -63,8 +63,11 @@ static void crypt_ctr(private_ctr_ipsec_crypter_t *this,
memset(iv, 0, is);
memcpy(block, state.ptr, bs);
this->crypter->encrypt(this->crypter,
chunk_create(block, bs), chunk_create(iv, is), NULL);
if (!this->crypter->encrypt(this->crypter, chunk_create(block, bs),
chunk_create(iv, is), NULL))
{
return FALSE;
}
chunk_increment(state);
if (in.ptr != out.ptr)
@ -75,9 +78,10 @@ static void crypt_ctr(private_ctr_ipsec_crypter_t *this,
in = chunk_skip(in, bs);
out = chunk_skip(out, bs);
}
return TRUE;
}
METHOD(crypter_t, crypt, void,
METHOD(crypter_t, crypt, bool,
private_ctr_ipsec_crypter_t *this, chunk_t in, chunk_t iv, chunk_t *out)
{
memcpy(this->state.iv, iv.ptr, sizeof(this->state.iv));
@ -85,12 +89,9 @@ METHOD(crypter_t, crypt, void,
if (out)
{
*out = chunk_alloc(in.len);
crypt_ctr(this, in, *out);
}
else
{
crypt_ctr(this, in, in);
return crypt_ctr(this, in, *out);
}
return crypt_ctr(this, in, in);
}
METHOD(crypter_t, get_block_size, size_t,

9
src/libstrongswan/plugins/des/des_crypter.c
View File

@ -1434,7 +1434,7 @@ METHOD(crypter_t, decrypt, void,
}
METHOD(crypter_t, encrypt, void,
METHOD(crypter_t, encrypt, bool,
private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
des_cblock ivb;
@ -1449,6 +1449,7 @@ METHOD(crypter_t, encrypt, void,
memcpy(&ivb, iv.ptr, sizeof(des_cblock));
des_cbc_encrypt((des_cblock*)(data.ptr), (des_cblock*)out,
data.len, this->ks, &ivb, DES_ENCRYPT);
return TRUE;
}
METHOD(crypter_t, decrypt_ecb, void,
@ -1466,7 +1467,7 @@ METHOD(crypter_t, decrypt_ecb, void,
data.len, this->ks, DES_DECRYPT);
}
METHOD(crypter_t, encrypt_ecb, void,
METHOD(crypter_t, encrypt_ecb, bool,
private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
u_int8_t *out;
@ -1479,6 +1480,7 @@ METHOD(crypter_t, encrypt_ecb, void,
}
des_ecb_encrypt((des_cblock*)(data.ptr), (des_cblock*)out,
data.len, this->ks, DES_ENCRYPT);
return TRUE;
}
METHOD(crypter_t, decrypt3, void,
@ -1499,7 +1501,7 @@ METHOD(crypter_t, decrypt3, void,
&ivb, DES_DECRYPT);
}
METHOD(crypter_t, encrypt3, void,
METHOD(crypter_t, encrypt3, bool,
private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
des_cblock ivb;
@ -1515,6 +1517,7 @@ METHOD(crypter_t, encrypt3, void,
des_ede3_cbc_encrypt((des_cblock*)(data.ptr), (des_cblock*)out,
data.len, this->ks3[0], this->ks3[1], this->ks3[2],
&ivb, DES_ENCRYPT);
return TRUE;
}
METHOD(crypter_t, get_block_size, size_t,

61
src/libstrongswan/plugins/gcm/gcm_aead.c
View File

@ -149,7 +149,7 @@ static void ghash(private_gcm_aead_t *this, chunk_t x, char *res)
/**
* GCTR function, en-/decrypts x inline
*/
static void gctr(private_gcm_aead_t *this, char *icb, chunk_t x)
static bool gctr(private_gcm_aead_t *this, char *icb, chunk_t x)
{
char cb[BLOCK_SIZE], iv[BLOCK_SIZE], tmp[BLOCK_SIZE];
@ -159,12 +159,16 @@ static void gctr(private_gcm_aead_t *this, char *icb, chunk_t x)
while (x.len)
{
memcpy(tmp, cb, BLOCK_SIZE);
this->crypter->encrypt(this->crypter, chunk_from_thing(tmp),
chunk_from_thing(iv), NULL);
if (!this->crypter->encrypt(this->crypter, chunk_from_thing(tmp),
chunk_from_thing(iv), NULL))
{
return FALSE;
}
memxor(x.ptr, tmp, min(BLOCK_SIZE, x.len));
chunk_increment(chunk_from_thing(cb));
x = chunk_skip(x, BLOCK_SIZE);
}
return TRUE;
}
/**
@ -180,21 +184,21 @@ static void create_j(private_gcm_aead_t *this, char *iv, char *j)
/**
* Create GHASH subkey H
*/
static void create_h(private_gcm_aead_t *this, char *h)
static bool create_h(private_gcm_aead_t *this, char *h)
{
char zero[BLOCK_SIZE];
memset(zero, 0, BLOCK_SIZE);
memset(h, 0, BLOCK_SIZE);
this->crypter->encrypt(this->crypter, chunk_create(h, BLOCK_SIZE),
chunk_from_thing(zero), NULL);
return this->crypter->encrypt(this->crypter, chunk_create(h, BLOCK_SIZE),
chunk_from_thing(zero), NULL);
}
/**
* Encrypt/decrypt
*/
static void crypt(private_gcm_aead_t *this, char *j, chunk_t in, chunk_t out)
static bool crypt(private_gcm_aead_t *this, char *j, chunk_t in, chunk_t out)
{
char icb[BLOCK_SIZE];
@ -206,13 +210,13 @@ static void crypt(private_gcm_aead_t *this, char *j, chunk_t in, chunk_t out)
{
memcpy(out.ptr, in.ptr, in.len);
}
gctr(this, icb, out);
return gctr(this, icb, out);
}
/**
* Create ICV
*/
static void create_icv(private_gcm_aead_t *this, chunk_t assoc, chunk_t crypt,
static bool create_icv(private_gcm_aead_t *this, chunk_t assoc, chunk_t crypt,
char *j, char *icv)
{
size_t assoc_pad, crypt_pad;
@ -249,9 +253,12 @@ static void create_icv(private_gcm_aead_t *this, chunk_t assoc, chunk_t crypt,
ghash(this, chunk, s);
free(chunk.ptr);
gctr(this, j, chunk_from_thing(s));
if (!gctr(this, j, chunk_from_thing(s)))
{
return FALSE;
}
memcpy(icv, s, this->icv_size);
return TRUE;
}
/**
@ -262,9 +269,8 @@ static bool verify_icv(private_gcm_aead_t *this, chunk_t assoc, chunk_t crypt,
{
char tmp[this->icv_size];
create_icv(this, assoc, crypt, j, tmp);
return memeq(tmp, icv, this->icv_size);
return create_icv(this, assoc, crypt, j, tmp) &&
memeq(tmp, icv, this->icv_size);
}
METHOD(aead_t, encrypt, bool,
@ -278,17 +284,13 @@ METHOD(aead_t, encrypt, bool,
if (encrypted)
{
*encrypted = chunk_alloc(plain.len + this->icv_size);
crypt(this, j, plain, *encrypted);
create_icv(this, assoc,
chunk_create(encrypted->ptr, encrypted->len - this->icv_size),
j, encrypted->ptr + encrypted->len - this->icv_size);
return crypt(this, j, plain, *encrypted) &&
create_icv(this, assoc,
chunk_create(encrypted->ptr, encrypted->len - this->icv_size),
j, encrypted->ptr + encrypted->len - this->icv_size);
}
else
{
crypt(this, j, plain, plain);
create_icv(this, assoc, plain, j, plain.ptr + plain.len);
}
return TRUE;
return crypt(this, j, plain, plain) &&
create_icv(this, assoc, plain, j, plain.ptr + plain.len);
}
METHOD(aead_t, decrypt, bool,
@ -312,13 +314,9 @@ METHOD(aead_t, decrypt, bool,
if (plain)
{
*plain = chunk_alloc(encrypted.len);
crypt(this, j, encrypted, *plain);
return crypt(this, j, encrypted, *plain);
}
else
{
crypt(this, j, encrypted, encrypted);
}
return TRUE;
return crypt(this, j, encrypted, encrypted);
}
METHOD(aead_t, get_block_size, size_t,
@ -351,8 +349,7 @@ METHOD(aead_t, set_key, bool,
memcpy(this->salt, key.ptr + key.len - SALT_SIZE, SALT_SIZE);
key.len -= SALT_SIZE;
this->crypter->set_key(this->crypter, key);
create_h(this, this->h);
return TRUE;
return create_h(this, this->h);
}
METHOD(aead_t, destroy, void,

25
src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
View File

@ -59,18 +59,15 @@ struct private_gcrypt_crypter_t {
/**
* Set the IV for en/decryption
*/
static void set_iv(private_gcrypt_crypter_t *this, chunk_t iv)
static bool set_iv(private_gcrypt_crypter_t *this, chunk_t iv)
{
if (this->ctr_mode)
{
memcpy(this->ctr.iv, iv.ptr, sizeof(this->ctr.iv));
this->ctr.counter = htonl(1);
gcry_cipher_setctr(this->h, &this->ctr, sizeof(this->ctr));
}
else
{
gcry_cipher_setiv(this->h, iv.ptr, iv.len);
return gcry_cipher_setctr(this->h, &this->ctr, sizeof(this->ctr)) == 0;
}
return gcry_cipher_setiv(this->h, iv.ptr, iv.len) == 0;
}
METHOD(crypter_t, decrypt, void,
@ -89,20 +86,20 @@ METHOD(crypter_t, decrypt, void,
}
}
METHOD(crypter_t, encrypt, void,
METHOD(crypter_t, encrypt, bool,
private_gcrypt_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
set_iv(this, iv);
if (!set_iv(this, iv))
{
return FALSE;
}
if (dst)
{
*dst = chunk_alloc(data.len);
gcry_cipher_encrypt(this->h, dst->ptr, dst->len, data.ptr, data.len);
}
else
{
gcry_cipher_encrypt(this->h, data.ptr, data.len, NULL, 0);
return gcry_cipher_encrypt(this->h, dst->ptr, dst->len,
data.ptr, data.len) == 0;
}
return gcry_cipher_encrypt(this->h, data.ptr, data.len, NULL, 0) == 0;
}
METHOD(crypter_t, get_block_size, size_t,

21
src/libstrongswan/plugins/openssl/openssl_crypter.c
View File

@ -90,7 +90,7 @@ static char* lookup_algorithm(u_int16_t ikev2_algo, size_t *key_size)
/**
* Do the actual en/decryption in an EVP context
*/
static void crypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv,
static bool crypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv,
chunk_t *dst, int enc)
{
int len;
@ -104,13 +104,14 @@ static void crypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv,
}
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
EVP_CipherInit_ex(&ctx, this->cipher, NULL, NULL, NULL, enc);
EVP_CIPHER_CTX_set_padding(&ctx, 0); /* disable padding */
EVP_CIPHER_CTX_set_key_length(&ctx, this->key.len);
EVP_CipherInit_ex(&ctx, NULL, NULL, this->key.ptr, iv.ptr, enc);
EVP_CipherUpdate(&ctx, out, &len, data.ptr, data.len);
EVP_CipherFinal_ex(&ctx, out + len, &len); /* since padding is disabled this does nothing */
EVP_CIPHER_CTX_cleanup(&ctx);
return EVP_CipherInit_ex(&ctx, this->cipher, NULL, NULL, NULL, enc) &&
EVP_CIPHER_CTX_set_padding(&ctx, 0) /* disable padding */ &&
EVP_CIPHER_CTX_set_key_length(&ctx, this->key.len) &&
EVP_CipherInit_ex(&ctx, NULL, NULL, this->key.ptr, iv.ptr, enc) &&
EVP_CipherUpdate(&ctx, out, &len, data.ptr, data.len) &&
/* since padding is disabled this does nothing */
EVP_CipherFinal_ex(&ctx, out + len, &len) &&
EVP_CIPHER_CTX_cleanup(&ctx);
}
METHOD(crypter_t, decrypt, void,
@ -119,10 +120,10 @@ METHOD(crypter_t, decrypt, void,
crypt(this, data, iv, dst, 0);
}
METHOD(crypter_t, encrypt, void,
METHOD(crypter_t, encrypt, bool,
private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
crypt(this, data, iv, dst, 1);
return crypt(this, data, iv, dst, 1);
}
METHOD(crypter_t, get_block_size, size_t,

3
src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
View File

@ -115,10 +115,11 @@ METHOD(crypter_t, decrypt, void,
crypt(this, iv.ptr, data, dst, TRUE);
}
METHOD(crypter_t, encrypt, void,
METHOD(crypter_t, encrypt, bool,
private_padlock_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
crypt(this, iv.ptr, data, dst, FALSE);
return TRUE;
}
METHOD(crypter_t, get_block_size, size_t,

51
src/libstrongswan/plugins/xcbc/xcbc.c
View File

@ -81,7 +81,7 @@ struct private_mac_t {
/**
* xcbc supplied data, but do not run final operation
*/
static void update(private_mac_t *this, chunk_t data)
static bool update(private_mac_t *this, chunk_t data)
{
chunk_t iv;
@ -94,7 +94,7 @@ static void update(private_mac_t *this, chunk_t data)
{ /* no complete block, just copy into remaining */
memcpy(this->remaining + this->remaining_bytes, data.ptr, data.len);
this->remaining_bytes += data.len;
return;
return TRUE;
}
iv = chunk_alloca(this->b);
@ -110,7 +110,10 @@ static void update(private_mac_t *this, chunk_t data)
this->b - this->remaining_bytes);
data = chunk_skip(data, this->b - this->remaining_bytes);
memxor(this->e, this->remaining, this->b);
this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL);
if (!this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL))
{
return FALSE;
}
/* process blocks M[2] ... M[n-1] */
while (data.len > this->b)
@ -118,18 +121,24 @@ static void update(private_mac_t *this, chunk_t data)
memcpy(this->remaining, data.ptr, this->b);
data = chunk_skip(data, this->b);
memxor(this->e, this->remaining, this->b);
this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL);
if (!this->k1->encrypt(this->k1, chunk_create(this->e, this->b),
iv, NULL))
{
return FALSE;
}
}
/* store remaining bytes of block M[n] */
memcpy(this->remaining, data.ptr, data.len);
this->remaining_bytes = data.len;
return TRUE;
}
/**
* run last round, data is in this->e
*/
static void final(private_mac_t *this, u_int8_t *out)
static bool final(private_mac_t *this, u_int8_t *out)
{
chunk_t iv;
@ -145,7 +154,6 @@ static void final(private_mac_t *this, u_int8_t *out)
*/
memxor(this->e, this->remaining, this->b);
memxor(this->e, this->k2, this->b);
this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL);
}
else
{
@ -168,7 +176,10 @@ static void final(private_mac_t *this, u_int8_t *out)
*/
memxor(this->e, this->remaining, this->b);
memxor(this->e, this->k3, this->b);
this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL);
}
if (!this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL))
{
return FALSE;
}
memcpy(out, this->e, this->b);
@ -177,17 +188,22 @@ static void final(private_mac_t *this, u_int8_t *out)
memset(this->e, 0, this->b);
this->remaining_bytes = 0;
this->zero = TRUE;
return TRUE;
}
METHOD(mac_t, get_mac, bool,
private_mac_t *this, chunk_t data, u_int8_t *out)
{
/* update E, do not process last block */
update(this, data);
if (!update(this, data))
{
return FALSE;
}
if (out)
{ /* if not in append mode, process last block and output result */
final(this, out);
return final(this, out);
}
return TRUE;
}
@ -236,13 +252,18 @@ METHOD(mac_t, set_key, bool,
* K2 = 0x02020202020202020202020202020202 encrypted with Key K
* K3 = 0x03030303030303030303030303030303 encrypted with Key K
*/
this->k1->set_key(this->k1, lengthened);
memset(this->k2, 0x02, this->b);
this->k1->encrypt(this->k1, chunk_create(this->k2, this->b), iv, NULL);
memset(this->k3, 0x03, this->b);
this->k1->encrypt(this->k1, chunk_create(this->k3, this->b), iv, NULL);
memset(k1.ptr, 0x01, this->b);
this->k1->encrypt(this->k1, k1, iv, NULL);
memset(this->k2, 0x02, this->b);
memset(this->k3, 0x03, this->b);
this->k1->set_key(this->k1, lengthened);
if (!this->k1->encrypt(this->k1, chunk_create(this->k2, this->b), iv, NULL) ||
!this->k1->encrypt(this->k1, chunk_create(this->k3, this->b), iv, NULL) ||
!this->k1->encrypt(this->k1, k1, iv, NULL))
{
return FALSE;
}
this->k1->set_key(this->k1, k1);
memwipe(k1.ptr, k1.len);

11
src/libtls/tls_protection.c
View File

@ -256,7 +256,16 @@ METHOD(tls_protection_t, build, status_t,
*data = chunk_cat("mmcc", *data, mac, padding,
chunk_from_thing(padding_length));
/* encrypt inline */
this->crypter_out->encrypt(this->crypter_out, *data, iv, NULL);
if (!this->crypter_out->encrypt(this->crypter_out, *data,
iv, NULL))
{
if (!this->iv_out.len)
{
free(iv.ptr);
}
free(data->ptr);
return FAILED;
}
if (this->iv_out.len)
{ /* next record IV is last ciphertext block of this record */