projects
/
tinc
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
a0f795f
)
Use counter mode encryption.
author
Guus Sliepen
<guus@tinc-vpn.org>
Thu, 6 Oct 2011 07:34:34 +0000
(09:34 +0200)
committer
Guus Sliepen
<guus@tinc-vpn.org>
Thu, 6 Oct 2011 07:34:34 +0000
(09:34 +0200)
src/sptps.c
patch
|
blob
|
history
diff --git
a/src/sptps.c
b/src/sptps.c
index
dc602e3
..
dbb5424
100644
(file)
--- a/
src/sptps.c
+++ b/
src/sptps.c
@@
-45,7
+45,7
@@
char *logfilename;
Maybe do add some alert messages to give helpful error messages? Not more than TLS sends.
Maybe do add some alert messages to give helpful error messages? Not more than TLS sends.
- Use counter mode instead of OFB.
+ Use counter mode instead of OFB.
(done)
Make sure ECC operations are fixed time (aka prevent side-channel attacks).
*/
Make sure ECC operations are fixed time (aka prevent side-channel attacks).
*/
@@
-78,7
+78,7
@@
static bool send_record_priv(sptps_t *s, uint8_t type, const char *data, uint16_
if(!digest_create(&s->outdigest, plaintext, len + 7, plaintext + 7 + len))
return false;
if(!digest_create(&s->outdigest, plaintext, len + 7, plaintext + 7 + len))
return false;
- if(!cipher_
encrypt(&s->outcipher, plaintext + 4, sizeof ciphertext, ciphertext, NULL, false
))
+ if(!cipher_
counter_xor(&s->outcipher, plaintext + 4, sizeof ciphertext, ciphertext
))
return false;
return s->send_data(s->handle, ciphertext, len + 19);
return false;
return s->send_data(s->handle, ciphertext, len + 19);
@@
-149,8
+149,8
@@
static bool generate_key_material(sptps_t *s, const char *shared, size_t len) {
// Initialise cipher and digest structures if necessary
if(!s->outstate) {
bool result
// Initialise cipher and digest structures if necessary
if(!s->outstate) {
bool result
- = cipher_open_by_name(&s->incipher, "aes-256-
of
b")
- && cipher_open_by_name(&s->outcipher, "aes-256-
of
b")
+ = cipher_open_by_name(&s->incipher, "aes-256-
ec
b")
+ && cipher_open_by_name(&s->outcipher, "aes-256-
ec
b")
&& digest_open_by_name(&s->indigest, "sha256", 16)
&& digest_open_by_name(&s->outdigest, "sha256", 16);
if(!result)
&& digest_open_by_name(&s->indigest, "sha256", 16)
&& digest_open_by_name(&s->outdigest, "sha256", 16);
if(!result)
@@
-251,17
+251,17
@@
static bool receive_sig(sptps_t *s, const char *data, uint16_t len) {
// TODO: only set new keys after ACK has been set/received
if(s->initiator) {
bool result
// TODO: only set new keys after ACK has been set/received
if(s->initiator) {
bool result
- = cipher_set_
key(&s->incipher, s->key, false
)
+ = cipher_set_
counter_key(&s->incipher, s->key
)
&& digest_set_key(&s->indigest, s->key + cipher_keylength(&s->incipher), digest_keylength(&s->indigest))
&& digest_set_key(&s->indigest, s->key + cipher_keylength(&s->incipher), digest_keylength(&s->indigest))
- && cipher_set_
key(&s->outcipher, s->key + cipher_keylength(&s->incipher) + digest_keylength(&s->indigest), true
)
+ && cipher_set_
counter_key(&s->outcipher, s->key + cipher_keylength(&s->incipher) + digest_keylength(&s->indigest)
)
&& digest_set_key(&s->outdigest, s->key + cipher_keylength(&s->incipher) + digest_keylength(&s->indigest) + cipher_keylength(&s->outcipher), digest_keylength(&s->outdigest));
if(!result)
return false;
} else {
bool result
&& digest_set_key(&s->outdigest, s->key + cipher_keylength(&s->incipher) + digest_keylength(&s->indigest) + cipher_keylength(&s->outcipher), digest_keylength(&s->outdigest));
if(!result)
return false;
} else {
bool result
- = cipher_set_
key(&s->outcipher, s->key, true
)
+ = cipher_set_
counter_key(&s->outcipher, s->key
)
&& digest_set_key(&s->outdigest, s->key + cipher_keylength(&s->outcipher), digest_keylength(&s->outdigest))
&& digest_set_key(&s->outdigest, s->key + cipher_keylength(&s->outcipher), digest_keylength(&s->outdigest))
- && cipher_set_
key(&s->incipher, s->key + cipher_keylength(&s->outcipher) + digest_keylength(&s->outdigest), false
)
+ && cipher_set_
counter_key(&s->incipher, s->key + cipher_keylength(&s->outcipher) + digest_keylength(&s->outdigest)
)
&& digest_set_key(&s->indigest, s->key + cipher_keylength(&s->outcipher) + digest_keylength(&s->outdigest) + cipher_keylength(&s->incipher), digest_keylength(&s->indigest));
if(!result)
return false;
&& digest_set_key(&s->indigest, s->key + cipher_keylength(&s->outcipher) + digest_keylength(&s->outdigest) + cipher_keylength(&s->incipher), digest_keylength(&s->indigest));
if(!result)
return false;
@@
-326,7
+326,7
@@
bool receive_data(sptps_t *s, const char *data, size_t len) {
toread = len;
if(s->instate) {
toread = len;
if(s->instate) {
- if(!cipher_
decrypt(&s->incipher, data, toread, s->inbuf + s->buflen, NULL, false
))
+ if(!cipher_
counter_xor(&s->incipher, data, toread, s->inbuf + s->buflen
))
return false;
} else {
memcpy(s->inbuf + s->buflen, data, toread);
return false;
} else {
memcpy(s->inbuf + s->buflen, data, toread);
@@
-366,7
+366,7
@@
bool receive_data(sptps_t *s, const char *data, size_t len) {
toread = len;
if(s->instate) {
toread = len;
if(s->instate) {
- if(!cipher_
decrypt(&s->incipher, data, toread, s->inbuf + s->buflen, NULL, false
))
+ if(!cipher_
counter_xor(&s->incipher, data, toread, s->inbuf + s->buflen
))
return false;
} else {
memcpy(s->inbuf + s->buflen, data, toread);
return false;
} else {
memcpy(s->inbuf + s->buflen, data, toread);