X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fgcrypt%2Fcipher.c;h=c1ecf50a5c94f7cb82eedfae8a341c2f2a9546ef;hb=28b7a53b693f6b4e70218a926e68a36ece54cda1;hp=83065317494ef7c3006ca720cd425d7c973d03c0;hpb=2c6b2d70e6640f39563ad7bb0aa0ba87f883848c;p=tinc

diff --git a/src/gcrypt/cipher.c b/src/gcrypt/cipher.c
index 83065317..c1ecf50a 100644
--- a/src/gcrypt/cipher.c
+++ b/src/gcrypt/cipher.c
@@ -1,6 +1,6 @@
 /*
     cipher.c -- Symmetric block cipher handling
-    Copyright (C) 2007-2012 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2007-2022 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -17,11 +17,12 @@
     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 
-#include "system.h"
+#include "../system.h"
 
 #include "cipher.h"
-#include "logger.h"
-#include "xalloc.h"
+#include "../cipher.h"
+#include "../logger.h"
+#include "../xalloc.h"
 
 static struct {
 	const char *name;
@@ -36,26 +37,24 @@ static struct {
 	{NULL, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CFB, 93},
 	{NULL, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB, 94},
 
-	{NULL, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 418},
-	{"aes", GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 419},
-	{NULL, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CFB, 421},
-	{NULL, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_OFB, 420},
+	{"aes-128-ecb", GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 418},
+	{"aes-128-cbc", GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 419},
+	{"aes-128-cfb", GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CFB, 421},
+	{"aes-128-ofb", GCRY_CIPHER_AES, GCRY_CIPHER_MODE_OFB, 420},
 
-	{NULL, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_ECB, 422},
-	{"aes192", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC, 423},
-	{NULL, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CFB, 425},
-	{NULL, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_OFB, 424},
+	{"aes-192-ecb", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_ECB, 422},
+	{"aes-192-cbc", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC, 423},
+	{"aes-192-cfb", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CFB, 425},
+	{"aes-192-ofb", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_OFB, 424},
 
-	{NULL, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_ECB, 426},
-	{"aes256", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 427},
-	{NULL, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB, 429},
-	{NULL, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB, 428},
+	{"aes-256-ecb", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_ECB, 426},
+	{"aes-256-cbc", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 427},
+	{"aes-256-cfb", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB, 429},
+	{"aes-256-ofb", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB, 428},
 };
 
 static bool nametocipher(const char *name, int *algo, int *mode) {
-	size_t i;
-
-	for(i = 0; i < sizeof(ciphertable) / sizeof(*ciphertable); i++) {
+	for(size_t i = 0; i < sizeof(ciphertable) / sizeof(*ciphertable); i++) {
 		if(ciphertable[i].name && !strcasecmp(name, ciphertable[i].name)) {
 			*algo = ciphertable[i].algo;
 			*mode = ciphertable[i].mode;
@@ -67,9 +66,7 @@ static bool nametocipher(const char *name, int *algo, int *mode) {
 }
 
 static bool nidtocipher(int nid, int *algo, int *mode) {
-	size_t i;
-
-	for(i = 0; i < sizeof(ciphertable) / sizeof(*ciphertable); i++) {
+	for(size_t i = 0; i < sizeof(ciphertable) / sizeof(*ciphertable); i++) {
 		if(nid == ciphertable[i].nid) {
 			*algo = ciphertable[i].algo;
 			*mode = ciphertable[i].mode;
@@ -81,9 +78,7 @@ static bool nidtocipher(int nid, int *algo, int *mode) {
 }
 
 static bool ciphertonid(int algo, int mode, int *nid) {
-	size_t i;
-
-	for(i = 0; i < sizeof(ciphertable) / sizeof(*ciphertable); i++) {
+	for(size_t i = 0; i < sizeof(ciphertable) / sizeof(*ciphertable); i++) {
 		if(algo == ciphertable[i].algo && mode == ciphertable[i].mode) {
 			*nid = ciphertable[i].nid;
 			return true;
@@ -136,10 +131,6 @@ bool cipher_open_by_nid(cipher_t *cipher, int nid) {
 	return cipher_open(cipher, algo, mode);
 }
 
-bool cipher_open_blowfish_ofb(cipher_t *cipher) {
-	return cipher_open(cipher, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB);
-}
-
 void cipher_close(cipher_t *cipher) {
 	if(cipher->handle) {
 		gcry_cipher_close(cipher->handle);
@@ -147,18 +138,47 @@ void cipher_close(cipher_t *cipher) {
 	}
 
 	free(cipher->key);
-	cipher->key = NULL;
+
+	memset(cipher, 0, sizeof(*cipher));
 }
 
 size_t cipher_keylength(const cipher_t *cipher) {
+	if(!cipher) {
+		return 0;
+	}
+
 	return cipher->keylen + cipher->blklen;
 }
 
-void cipher_get_key(const cipher_t *cipher, void *key) {
-	memcpy(key, cipher->key, cipher->keylen + cipher->blklen);
+uint64_t cipher_budget(const cipher_t *cipher) {
+	if(!cipher) {
+		return UINT64_MAX; // NULL cipher
+	}
+
+	size_t ivlen = cipher->blklen;
+	size_t blklen = cipher->blklen;
+
+	size_t len = blklen > 1
+	             ? blklen
+	             : ivlen > 1 ? ivlen : 8;
+	size_t bits = len * 4 - 1;
+
+	return bits < 64
+	       ? UINT64_C(1) << bits
+	       : UINT64_MAX;
+}
+
+size_t cipher_blocksize(const cipher_t *cipher) {
+	if(!cipher || !cipher->blklen) {
+		return 1;
+	}
+
+	return cipher->blklen;
 }
 
 bool cipher_set_key(cipher_t *cipher, void *key, bool encrypt) {
+	(void)encrypt;
+
 	memcpy(cipher->key, key, cipher->keylen + cipher->blklen);
 
 	gcry_cipher_setkey(cipher->handle, cipher->key, cipher->keylen);
@@ -168,19 +188,12 @@ bool cipher_set_key(cipher_t *cipher, void *key, bool encrypt) {
 }
 
 bool cipher_set_key_from_rsa(cipher_t *cipher, void *key, size_t len, bool encrypt) {
-	memcpy(cipher->key, key + len - cipher->keylen, cipher->keylen + cipher->blklen);
-	memcpy(cipher->key + cipher->keylen, key + len - cipher->keylen - cipher->blklen, cipher->blklen);
+	(void)encrypt;
 
+	memcpy(cipher->key, (char *)key + len - cipher->keylen, cipher->keylen);
 	gcry_cipher_setkey(cipher->handle, cipher->key, cipher->keylen);
-	gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
-
-	return true;
-}
-
-bool cipher_regenerate_key(cipher_t *cipher, bool encrypt) {
-	gcry_create_nonce(cipher->key, cipher->keylen + cipher->blklen);
 
-	gcry_cipher_setkey(cipher->handle, cipher->key, cipher->keylen);
+	memcpy((char *)cipher->key + cipher->keylen, (char *)key + len - cipher->blklen - cipher->keylen, cipher->blklen);
 	gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
 
 	return true;
@@ -223,7 +236,7 @@ bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou
 	}
 
 	if(cipher->padding) {
-		if((err = gcry_cipher_encrypt(cipher->handle, outdata + inlen, cipher->blklen, pad, cipher->blklen))) {
+		if((err = gcry_cipher_encrypt(cipher->handle, (char *)outdata + inlen, cipher->blklen, pad, cipher->blklen))) {
 			logger(DEBUG_ALWAYS, LOG_ERR, "Error while encrypting: %s", gcry_strerror(err));
 			return false;
 		}
@@ -276,6 +289,10 @@ bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou
 }
 
 int cipher_get_nid(const cipher_t *cipher) {
+	if(!cipher || !cipher->nid) {
+		return 0;
+	}
+
 	return cipher->nid;
 }