X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fopenssl%2Fcipher.c;h=04aee27e4c55fad2f9244fbac28b1a3a6e1d8f7f;hp=5d9bebcdb68e9b4f8d1cbfac05c4c1768fa31655;hb=d4410d0cce40929db9a0ce7042ef962f1867234d;hpb=c7752ca73e582d63412e7f40984cff2fca02c22f diff --git a/src/openssl/cipher.c b/src/openssl/cipher.c index 5d9bebcd..04aee27e 100644 --- a/src/openssl/cipher.c +++ b/src/openssl/cipher.c @@ -30,15 +30,8 @@ struct cipher { EVP_CIPHER_CTX ctx; const EVP_CIPHER *cipher; - struct cipher_counter *counter; }; -typedef struct cipher_counter { - unsigned char counter[CIPHER_MAX_IV_SIZE]; - unsigned char block[CIPHER_MAX_IV_SIZE]; - int n; -} cipher_counter_t; - static cipher_t *cipher_open(const EVP_CIPHER *evp_cipher) { cipher_t *cipher = xzalloc(sizeof *cipher); cipher->cipher = evp_cipher; @@ -76,7 +69,6 @@ void cipher_close(cipher_t *cipher) { return; EVP_CIPHER_CTX_cleanup(&cipher->ctx); - free(cipher->counter); free(cipher); } @@ -84,7 +76,14 @@ size_t cipher_keylength(const cipher_t *cipher) { if(!cipher || !cipher->cipher) return 0; - return cipher->cipher->key_len + cipher->cipher->block_size; + return cipher->cipher->key_len + cipher->cipher->iv_len; +} + +size_t cipher_blocksize(const cipher_t *cipher) { + if(!cipher || !cipher->cipher) + return 1; + + return cipher->cipher->block_size; } bool cipher_set_key(cipher_t *cipher, void *key, bool encrypt) { @@ -117,70 +116,6 @@ bool cipher_set_key_from_rsa(cipher_t *cipher, void *key, size_t len, bool encry return false; } -bool cipher_set_counter(cipher_t *cipher, const void *counter, size_t len) { - if(len > cipher->cipher->block_size - 4) { - logger(DEBUG_ALWAYS, LOG_ERR, "Counter too long"); - abort(); - } - - memcpy(cipher->counter->counter + cipher->cipher->block_size - len, counter, len); - memset(cipher->counter->counter, 0, 4); - cipher->counter->n = 0; - - return true; -} - -bool cipher_set_counter_key(cipher_t *cipher, void *key) { - int result = EVP_EncryptInit_ex(&cipher->ctx, cipher->cipher, NULL, (unsigned char *)key, NULL); - if(!result) { - logger(DEBUG_ALWAYS, LOG_ERR, "Error while setting key: %s", ERR_error_string(ERR_get_error(), NULL)); - return false; - } - - if(!cipher->counter) - cipher->counter = xzalloc(sizeof *cipher->counter); - else - cipher->counter->n = 0; - - memcpy(cipher->counter->counter, (unsigned char *)key + cipher->cipher->key_len, cipher->cipher->block_size); - - return true; -} - -bool cipher_counter_xor(cipher_t *cipher, const void *indata, size_t inlen, void *outdata) { - if(!cipher->counter) { - logger(DEBUG_ALWAYS, LOG_ERR, "Counter not initialized"); - return false; - } - - const unsigned char *in = indata; - unsigned char *out = outdata; - - while(inlen--) { - // Encrypt the new counter value if we need it - if(!cipher->counter->n) { - int len; - if(!EVP_EncryptUpdate(&cipher->ctx, cipher->counter->block, &len, cipher->counter->counter, cipher->cipher->block_size)) { - logger(DEBUG_ALWAYS, LOG_ERR, "Error while encrypting: %s", ERR_error_string(ERR_get_error(), NULL)); - return false; - } - - // Increase the counter value - for(int i = 0; i < cipher->cipher->block_size; i++) - if(++cipher->counter->counter[i]) - break; - } - - *out++ = *in++ ^ cipher->counter->block[cipher->counter->n++]; - - if(cipher->counter->n >= cipher->cipher->block_size) - cipher->counter->n = 0; - } - - return true; -} - - bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) { if(oneshot) { int len, pad;