X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fgcrypt%2Fcipher.c;h=176b62b19e95ef258f26c704c2d291312527485f;hp=518879bdedbb489cd839430e83a536a24013b292;hb=b0ffeb7eeb21920842382c302ca15ec0d758e9b6;hpb=761517c21c37a808a19b487aa116c3c19439feca

diff --git a/src/gcrypt/cipher.c b/src/gcrypt/cipher.c
index 518879bd..176b62b1 100644
--- a/src/gcrypt/cipher.c
+++ b/src/gcrypt/cipher.c
@@ -1,6 +1,6 @@
 /*
     cipher.c -- Symmetric block cipher handling
-    Copyright (C) 2007 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2007-2012 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -55,7 +55,7 @@ static struct {
 static bool nametocipher(const char *name, int *algo, int *mode) {
 	size_t i;
 
-	for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) {
+	for(i = 0; i < sizeof(ciphertable) / sizeof(*ciphertable); i++) {
 		if(ciphertable[i].name && !strcasecmp(name, ciphertable[i].name)) {
 			*algo = ciphertable[i].algo;
 			*mode = ciphertable[i].mode;
@@ -69,7 +69,7 @@ static bool nametocipher(const char *name, int *algo, int *mode) {
 static bool nidtocipher(int nid, int *algo, int *mode) {
 	size_t i;
 
-	for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) {
+	for(i = 0; i < sizeof(ciphertable) / sizeof(*ciphertable); i++) {
 		if(nid == ciphertable[i].nid) {
 			*algo = ciphertable[i].algo;
 			*mode = ciphertable[i].mode;
@@ -83,7 +83,7 @@ static bool nidtocipher(int nid, int *algo, int *mode) {
 static bool ciphertonid(int algo, int mode, int *nid) {
 	size_t i;
 
-	for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) {
+	for(i = 0; i < sizeof(ciphertable) / sizeof(*ciphertable); i++) {
 		if(algo == ciphertable[i].algo && mode == ciphertable[i].mode) {
 			*nid = ciphertable[i].nid;
 			return true;
@@ -97,21 +97,19 @@ static bool cipher_open(cipher_t *cipher, int algo, int mode) {
 	gcry_error_t err;
 
 	if(!ciphertonid(algo, mode, &cipher->nid)) {
-		logger(LOG_DEBUG, "Cipher %d mode %d has no corresponding nid!", algo, mode);
+		logger(DEBUG_ALWAYS, LOG_DEBUG, "Cipher %d mode %d has no corresponding nid!", algo, mode);
 		return false;
 	}
 
 	if((err = gcry_cipher_open(&cipher->handle, algo, mode, 0))) {
-		logger(LOG_DEBUG, "Unable to intialise cipher %d mode %d: %s", algo, mode, gcry_strerror(err));
+		logger(DEBUG_ALWAYS, LOG_DEBUG, "Unable to initialise cipher %d mode %d: %s", algo, mode, gcry_strerror(err));
 		return false;
 	}
 
 	cipher->keylen = gcry_cipher_get_algo_keylen(algo);
-	if(mode == GCRY_CIPHER_MODE_ECB || mode == GCRY_CIPHER_MODE_CBC)
-		cipher->blklen = gcry_cipher_get_algo_blklen(algo);
-	else
-		cipher->blklen = 0;
+	cipher->blklen = gcry_cipher_get_algo_blklen(algo);
 	cipher->key = xmalloc(cipher->keylen + cipher->blklen);
+	cipher->padding = mode == GCRY_CIPHER_MODE_ECB || mode == GCRY_CIPHER_MODE_CBC;
 
 	return true;
 }
@@ -120,7 +118,7 @@ bool cipher_open_by_name(cipher_t *cipher, const char *name) {
 	int algo, mode;
 
 	if(!nametocipher(name, &algo, &mode)) {
-		logger(LOG_DEBUG, "Unknown cipher name '%s'!", name);
+		logger(DEBUG_ALWAYS, LOG_DEBUG, "Unknown cipher name '%s'!", name);
 		return false;
 	}
 
@@ -131,7 +129,7 @@ bool cipher_open_by_nid(cipher_t *cipher, int nid) {
 	int algo, mode;
 
 	if(!nidtocipher(nid, &algo, &mode)) {
-		logger(LOG_DEBUG, "Unknown cipher ID %d!", nid);
+		logger(DEBUG_ALWAYS, LOG_DEBUG, "Unknown cipher ID %d!", nid);
 		return false;
 	}
 
@@ -190,62 +188,90 @@ bool cipher_regenerate_key(cipher_t *cipher, bool encrypt) {
 	return true;
 }
 
-static bool cipher_add_padding(cipher_t *cipher, void *indata, size_t inlen, size_t *outlen) {
-	size_t reqlen;
+bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) {
+	gcry_error_t err;
+	uint8_t pad[cipher->blklen];
 
-	if(cipher->blklen == 1) {
-		*outlen = inlen;
-		return true;
-	}
+	if(cipher->padding) {
+		if(!oneshot) {
+			return false;
+		}
 
-	reqlen = ((inlen + 1) / cipher->blklen) * cipher->blklen;
-	if(reqlen > *outlen)
-		return false;
+		size_t reqlen = ((inlen + cipher->blklen) / cipher->blklen) * cipher->blklen;
 
-	// add padding
+		if(*outlen < reqlen) {
+			logger(DEBUG_ALWAYS, LOG_ERR, "Error while encrypting: not enough room for padding");
+			return false;
+		}
 
-	*outlen = reqlen;
-	return true;
-}
+		uint8_t padbyte = reqlen - inlen;
+		inlen = reqlen - cipher->blklen;
 
-static bool cipher_remove_padding(cipher_t *cipher, void *indata, size_t inlen, size_t *outlen) {
-	size_t origlen;
+		for(int i = 0; i < cipher->blklen; i++)
+			if(i < cipher->blklen - padbyte) {
+				pad[i] = ((uint8_t *)indata)[inlen + i];
+			} else {
+				pad[i] = padbyte;
+			}
+	}
 
-	if(cipher->blklen == 1) {
-		*outlen = inlen;
-		return true;
+	if(oneshot) {
+		gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
 	}
 
-	if(inlen % cipher->blklen)
+	if((err = gcry_cipher_encrypt(cipher->handle, outdata, *outlen, indata, inlen))) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "Error while encrypting: %s", gcry_strerror(err));
 		return false;
+	}
+
+	if(cipher->padding) {
+		if((err = gcry_cipher_encrypt(cipher->handle, outdata + inlen, cipher->blklen, pad, cipher->blklen))) {
+			logger(DEBUG_ALWAYS, LOG_ERR, "Error while encrypting: %s", gcry_strerror(err));
+			return false;
+		}
 
-	// check and remove padding
+		inlen += cipher->blklen;
+	}
 
-	*outlen = origlen;
+	*outlen = inlen;
 	return true;
 }
 
-bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) {
+bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) {
 	gcry_error_t err;
 
-	// To be fixed
+	if(oneshot) {
+		gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
+	}
 
-	if((err = gcry_cipher_encrypt(cipher->handle, outdata, inlen, indata, inlen))) {
-		logger(LOG_ERR, "Error while encrypting: %s", gcry_strerror(err));
+	if((err = gcry_cipher_decrypt(cipher->handle, outdata, *outlen, indata, inlen))) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "Error while decrypting: %s", gcry_strerror(err));
 		return false;
 	}
 
-	return true;
-}
+	if(cipher->padding) {
+		if(!oneshot) {
+			return false;
+		}
 
-bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) {
-	gcry_error_t err;
+		uint8_t padbyte = ((uint8_t *)outdata)[inlen - 1];
 
-	// To be fixed
+		if(padbyte == 0 || padbyte > cipher->blklen || padbyte > inlen) {
+			logger(DEBUG_ALWAYS, LOG_ERR, "Error while decrypting: invalid padding");
+			return false;
+		}
 
-	if((err = gcry_cipher_decrypt(cipher->handle, outdata, inlen, indata, inlen))) {
-		logger(LOG_ERR, "Error while decrypting: %s", gcry_strerror(err));
-		return false;
+		size_t origlen = inlen - padbyte;
+
+		for(int i = inlen - 1; i >= origlen; i--)
+			if(((uint8_t *)outdata)[i] != padbyte) {
+				logger(DEBUG_ALWAYS, LOG_ERR, "Error while decrypting: invalid padding");
+				return false;
+			}
+
+		*outlen = origlen;
+	} else {
+		*outlen = inlen;
 	}
 
 	return true;