}
cipher->keylen = gcry_cipher_get_algo_keylen(algo);
- if(mode == GCRY_CIPHER_MODE_ECB || mode == GCRY_CIPHER_MODE_CBC)
- cipher->blklen = gcry_cipher_get_algo_blklen(algo);
- else
- cipher->blklen = 0;
+ cipher->blklen = gcry_cipher_get_algo_blklen(algo);
cipher->key = xmalloc(cipher->keylen + cipher->blklen);
+ cipher->padding = mode == GCRY_CIPHER_MODE_ECB || mode == GCRY_CIPHER_MODE_CBC;
return true;
}
return true;
}
-static bool cipher_add_padding(cipher_t *cipher, void *indata, size_t inlen, size_t *outlen) {
- size_t reqlen;
-
- if(cipher->blklen == 1) {
- *outlen = inlen;
- return true;
- }
+bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) {
+ gcry_error_t err;
+ uint8_t pad[cipher->blklen];
- reqlen = ((inlen + 1) / cipher->blklen) * cipher->blklen;
- if(reqlen > *outlen)
- return false;
+ if(cipher->padding) {
+ if(!oneshot)
+ return false;
- // add padding
+ size_t reqlen = ((inlen + cipher->blklen) / cipher->blklen) * cipher->blklen;
- *outlen = reqlen;
- return true;
-}
+ if(*outlen < reqlen) {
+ logger(LOG_ERR, "Error while encrypting: not enough room for padding");
+ return false;
+ }
-static bool cipher_remove_padding(cipher_t *cipher, void *indata, size_t inlen, size_t *outlen) {
- size_t origlen;
+ uint8_t padbyte = reqlen - inlen;
+ inlen = reqlen - cipher->blklen;
- if(cipher->blklen == 1) {
- *outlen = inlen;
- return true;
+ for(int i = 0; i < cipher->blklen; i++)
+ if(i < cipher->blklen - padbyte)
+ pad[i] = ((uint8_t *)indata)[inlen + i];
+ else
+ pad[i] = padbyte;
}
+
+ if(oneshot)
+ gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
- if(inlen % cipher->blklen)
+ if((err = gcry_cipher_encrypt(cipher->handle, outdata, *outlen, indata, inlen))) {
+ logger(LOG_ERR, "Error while encrypting: %s", gcry_strerror(err));
return false;
+ }
- // check and remove padding
-
- *outlen = origlen;
- return true;
-}
-
-bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) {
- gcry_error_t err;
-
- // To be fixed
+ if(cipher->padding) {
+ if((err = gcry_cipher_encrypt(cipher->handle, outdata + inlen, cipher->blklen, pad, cipher->blklen))) {
+ logger(LOG_ERR, "Error while encrypting: %s", gcry_strerror(err));
+ return false;
+ }
- if((err = gcry_cipher_encrypt(cipher->handle, outdata, inlen, indata, inlen))) {
- logger(LOG_ERR, "Error while encrypting: %s", gcry_strerror(err));
- return false;
+ inlen += cipher->blklen;
}
+ *outlen = inlen;
return true;
}
bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) {
gcry_error_t err;
- // To be fixed
+ if(oneshot)
+ gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
- if((err = gcry_cipher_decrypt(cipher->handle, outdata, inlen, indata, inlen))) {
+ if((err = gcry_cipher_decrypt(cipher->handle, outdata, *outlen, indata, inlen))) {
logger(LOG_ERR, "Error while decrypting: %s", gcry_strerror(err));
return false;
}
+ if(cipher->padding) {
+ if(!oneshot)
+ return false;
+
+ uint8_t padbyte = ((uint8_t *)outdata)[inlen - 1];
+
+ if(padbyte == 0 || padbyte > cipher->blklen || padbyte > inlen) {
+ logger(LOG_ERR, "Error while decrypting: invalid padding");
+ return false;
+ }
+
+ size_t origlen = inlen - padbyte;
+
+ for(int i = inlen - 1; i >= origlen; i--)
+ if(((uint8_t *)outdata)[i] != padbyte) {
+ logger(LOG_ERR, "Error while decrypting: invalid padding");
+ return false;
+ }
+
+ *outlen = origlen;
+ } else
+ *outlen = inlen;
+
return true;
}
projects / tinc / blobdiff