X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fgcrypt%2Fcipher.c;h=ce93fb1b8e60bf49d7e39fba3aba048eab2c1b1a;hb=d917c8cb6b69475d568ccbe82389b9f2b3eb5e80;hp=77add6c3284dc568d3414b19a92b2dad247f5be9;hpb=08aabbf9317806bc50a9a6693ca866c8936ce26b;p=tinc diff --git a/src/gcrypt/cipher.c b/src/gcrypt/cipher.c index 77add6c3..ce93fb1b 100644 --- a/src/gcrypt/cipher.c +++ b/src/gcrypt/cipher.c @@ -12,11 +12,9 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id$ + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "system.h" @@ -99,21 +97,19 @@ static bool cipher_open(cipher_t *cipher, int algo, int mode) { gcry_error_t err; if(!ciphertonid(algo, mode, &cipher->nid)) { - logger(LOG_DEBUG, _("Cipher %d mode %d has no corresponding nid!"), algo, mode); + logger(DEBUG_ALWAYS, LOG_DEBUG, "Cipher %d mode %d has no corresponding nid!", algo, mode); return false; } if((err = gcry_cipher_open(&cipher->handle, algo, mode, 0))) { - logger(LOG_DEBUG, _("Unable to intialise cipher %d mode %d: %s"), algo, mode, gcry_strerror(err)); + logger(DEBUG_ALWAYS, LOG_DEBUG, "Unable to intialise cipher %d mode %d: %s", algo, mode, gcry_strerror(err)); return false; } cipher->keylen = gcry_cipher_get_algo_keylen(algo); - if(mode == GCRY_CIPHER_MODE_ECB || mode == GCRY_CIPHER_MODE_CBC) - cipher->blklen = gcry_cipher_get_algo_blklen(algo); - else - cipher->blklen = 0; + cipher->blklen = gcry_cipher_get_algo_blklen(algo); cipher->key = xmalloc(cipher->keylen + cipher->blklen); + cipher->padding = mode == GCRY_CIPHER_MODE_ECB || mode == GCRY_CIPHER_MODE_CBC; return true; } @@ -122,7 +118,7 @@ bool cipher_open_by_name(cipher_t *cipher, const char *name) { int algo, mode; if(!nametocipher(name, &algo, &mode)) { - logger(LOG_DEBUG, _("Unknown cipher name '%s'!"), name); + logger(DEBUG_ALWAYS, LOG_DEBUG, "Unknown cipher name '%s'!", name); return false; } @@ -133,7 +129,7 @@ bool cipher_open_by_nid(cipher_t *cipher, int nid) { int algo, mode; if(!nidtocipher(nid, &algo, &mode)) { - logger(LOG_DEBUG, _("Unknown cipher ID %d!"), nid); + logger(DEBUG_ALWAYS, LOG_DEBUG, "Unknown cipher ID %d!", nid); return false; } @@ -192,63 +188,85 @@ bool cipher_regenerate_key(cipher_t *cipher, bool encrypt) { return true; } -static bool cipher_add_padding(cipher_t *cipher, void *indata, size_t inlen, size_t *outlen) { - size_t reqlen; - - if(cipher->blklen == 1) { - *outlen = inlen; - return true; - } +bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) { + gcry_error_t err; + uint8_t pad[cipher->blklen]; - reqlen = ((inlen + 1) / cipher->blklen) * cipher->blklen; - if(reqlen > *outlen) - return false; + if(cipher->padding) { + if(!oneshot) + return false; - // add padding + size_t reqlen = ((inlen + cipher->blklen) / cipher->blklen) * cipher->blklen; - *outlen = reqlen; - return true; -} + if(*outlen < reqlen) { + logger(DEBUG_ALWAYS, LOG_ERR, "Error while encrypting: not enough room for padding"); + return false; + } -static bool cipher_remove_padding(cipher_t *cipher, void *indata, size_t inlen, size_t *outlen) { - size_t origlen; + uint8_t padbyte = reqlen - inlen; + inlen = reqlen - cipher->blklen; - if(cipher->blklen == 1) { - *outlen = inlen; - return true; + for(int i = 0; i < cipher->blklen; i++) + if(i < cipher->blklen - padbyte) + pad[i] = ((uint8_t *)indata)[inlen + i]; + else + pad[i] = padbyte; } - if(inlen % cipher->blklen) + if(oneshot) + gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen); + + if((err = gcry_cipher_encrypt(cipher->handle, outdata, *outlen, indata, inlen))) { + logger(DEBUG_ALWAYS, LOG_ERR, "Error while encrypting: %s", gcry_strerror(err)); return false; + } + + if(cipher->padding) { + if((err = gcry_cipher_encrypt(cipher->handle, outdata + inlen, cipher->blklen, pad, cipher->blklen))) { + logger(DEBUG_ALWAYS, LOG_ERR, "Error while encrypting: %s", gcry_strerror(err)); + return false; + } - // check and remove padding + inlen += cipher->blklen; + } - *outlen = origlen; + *outlen = inlen; return true; } -bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) { +bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) { gcry_error_t err; - // To be fixed + if(oneshot) + gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen); - if((err = gcry_cipher_encrypt(cipher->handle, outdata, inlen, indata, inlen))) { - logger(LOG_ERR, _("Error while encrypting: %s"), gcry_strerror(err)); + if((err = gcry_cipher_decrypt(cipher->handle, outdata, *outlen, indata, inlen))) { + logger(DEBUG_ALWAYS, LOG_ERR, "Error while decrypting: %s", gcry_strerror(err)); return false; } - return true; -} + if(cipher->padding) { + if(!oneshot) + return false; -bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) { - gcry_error_t err; + uint8_t padbyte = ((uint8_t *)outdata)[inlen - 1]; - // To be fixed + if(padbyte == 0 || padbyte > cipher->blklen || padbyte > inlen) { + logger(DEBUG_ALWAYS, LOG_ERR, "Error while decrypting: invalid padding"); + return false; + } - if((err = gcry_cipher_decrypt(cipher->handle, outdata, inlen, indata, inlen))) { - logger(LOG_ERR, _("Error while decrypting: %s"), gcry_strerror(err)); - return false; - } + size_t origlen = inlen - padbyte; + + for(int i = inlen - 1; i >= origlen; i--) + if(((uint8_t *)outdata)[i] != padbyte) { + logger(DEBUG_ALWAYS, LOG_ERR, "Error while decrypting: invalid padding"); + return false; + } + + *outlen = origlen; + } else + *outlen = inlen; return true; }