X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fgcrypt%2Fcipher.c;h=0f7b008db94cd26e5f120102d462633b60483e1b;hb=77cd819058de43a5fcea54300dde50e03088c318;hp=3eed8e9570d2755ef166d05d48714fd18cc7bfed;hpb=a03991b7911a5f0afbf1269ac47143d09be76c52;p=tinc diff --git a/src/gcrypt/cipher.c b/src/gcrypt/cipher.c index 3eed8e95..0f7b008d 100644 --- a/src/gcrypt/cipher.c +++ b/src/gcrypt/cipher.c @@ -36,20 +36,20 @@ static struct { {NULL, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CFB, 93}, {NULL, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB, 94}, - {NULL, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 418}, - {"aes", GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 419}, - {NULL, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CFB, 421}, - {NULL, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_OFB, 420}, - - {NULL, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_ECB, 422}, - {"aes192", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC, 423}, - {NULL, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CFB, 425}, - {NULL, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_OFB, 424}, - - {NULL, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_ECB, 426}, - {"aes256", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 427}, - {NULL, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB, 429}, - {NULL, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB, 428}, + {"aes-128-ecb", GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 418}, + {"aes-128-cbc", GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 419}, + {"aes-128-cfb", GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CFB, 421}, + {"aes-128-ofb", GCRY_CIPHER_AES, GCRY_CIPHER_MODE_OFB, 420}, + + {"aes-192-ecb", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_ECB, 422}, + {"aes-192-cbc", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC, 423}, + {"aes-192-cfb", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CFB, 425}, + {"aes-192-ofb", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_OFB, 424}, + + {"aes-256-ecb", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_ECB, 426}, + {"aes-256-cbc", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 427}, + {"aes-256-cfb", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB, 429}, + {"aes-256-ofb", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB, 428}, }; static bool nametocipher(const char *name, int *algo, int *mode) { @@ -147,13 +147,44 @@ void cipher_close(cipher_t *cipher) { } free(cipher->key); - cipher->key = NULL; + + memset(cipher, 0, sizeof(*cipher)); } size_t cipher_keylength(const cipher_t *cipher) { + if(!cipher) { + return 0; + } + return cipher->keylen + cipher->blklen; } +uint64_t cipher_budget(const cipher_t *cipher) { + if(!cipher) { + return UINT64_MAX; // NULL cipher + } + + size_t ivlen = cipher->blklen; + size_t blklen = cipher->blklen; + + size_t len = blklen > 1 + ? blklen + : ivlen > 1 ? ivlen : 8; + size_t bits = len * 4 - 1; + + return bits < 64 + ? UINT64_C(1) << bits + : UINT64_MAX; +} + +size_t cipher_blocksize(const cipher_t *cipher) { + if(!cipher || !cipher->blklen) { + return 1; + } + + return cipher->blklen; +} + void cipher_get_key(const cipher_t *cipher, void *key) { memcpy(key, cipher->key, cipher->keylen + cipher->blklen); } @@ -168,10 +199,14 @@ bool cipher_set_key(cipher_t *cipher, void *key, bool encrypt) { } bool cipher_set_key_from_rsa(cipher_t *cipher, void *key, size_t len, bool encrypt) { - memcpy(cipher->key, key + len - cipher->keylen, cipher->keylen + cipher->blklen); - memcpy(cipher->key + cipher->keylen, key + len - cipher->keylen - cipher->blklen, cipher->blklen); - + memcpy(cipher->key, + key + len - cipher->keylen, + cipher->keylen); gcry_cipher_setkey(cipher->handle, cipher->key, cipher->keylen); + + memcpy(cipher->key + cipher->keylen, + key + len - cipher->blklen - cipher->keylen, + cipher->blklen); gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen); return true; @@ -261,7 +296,7 @@ bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou size_t origlen = inlen - padbyte; - for(int i = inlen - 1; i >= origlen; i--) + for(size_t i = inlen - 1; i >= origlen; i--) if(((uint8_t *)outdata)[i] != padbyte) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while decrypting: invalid padding"); return false; @@ -276,6 +311,10 @@ bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou } int cipher_get_nid(const cipher_t *cipher) { + if(!cipher || !cipher->nid) { + return 0; + } + return cipher->nid; }