diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2008-07-09 21:02:41 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2008-07-09 21:02:41 +0000 |
commit | db67c87db3c9089ea8d2e14f617bf3d9e2af261f (patch) | |
tree | 665c0caea83d34c11c1517c4c57137bb58cba6fb /src/charon/encoding/payloads/encryption_payload.c | |
parent | 1c088a8b6237ec67f63c23f97a0f2dc4e99af869 (diff) | |
download | vyos-strongswan-db67c87db3c9089ea8d2e14f617bf3d9e2af261f.tar.gz vyos-strongswan-db67c87db3c9089ea8d2e14f617bf3d9e2af261f.zip |
[svn-upgrade] Integrating new upstream version, strongswan (4.2.4)
Diffstat (limited to 'src/charon/encoding/payloads/encryption_payload.c')
-rw-r--r-- | src/charon/encoding/payloads/encryption_payload.c | 69 |
1 files changed, 22 insertions, 47 deletions
diff --git a/src/charon/encoding/payloads/encryption_payload.c b/src/charon/encoding/payloads/encryption_payload.c index 23b6e8d9f..7237c69c5 100644 --- a/src/charon/encoding/payloads/encryption_payload.c +++ b/src/charon/encoding/payloads/encryption_payload.c @@ -1,10 +1,3 @@ -/** - * @file encryption_payload.c - * - * @brief Implementation of encryption_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: encryption_payload.c 3862 2008-04-22 07:14:24Z martin $ */ #include <stddef.h> @@ -32,7 +27,6 @@ #include <encoding/generator.h> #include <encoding/parser.h> #include <utils/iterator.h> -#include <utils/randomizer.h> #include <crypto/signers/signer.h> @@ -327,8 +321,7 @@ static void generate(private_encryption_payload_t *this) static status_t encrypt(private_encryption_payload_t *this) { chunk_t iv, padding, to_crypt, result; - randomizer_t *randomizer; - status_t status; + rng_t *rng; size_t block_size; if (this->signer == NULL || this->crypter == NULL) @@ -338,8 +331,12 @@ static status_t encrypt(private_encryption_payload_t *this) } /* for random data in iv and padding */ - randomizer = randomizer_create(); - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); + if (!rng) + { + DBG1(DBG_ENC, "could not encrypt, no RNG found"); + return FAILED; + } /* build payload chunk */ generate(this); @@ -349,12 +346,7 @@ static status_t encrypt(private_encryption_payload_t *this) /* build padding */ block_size = this->crypter->get_block_size(this->crypter); padding.len = block_size - ((this->decrypted.len + 1) % block_size); - status = randomizer->allocate_pseudo_random_bytes(randomizer, padding.len, &padding); - if (status != SUCCESS) - { - randomizer->destroy(randomizer); - return status; - } + rng->allocate_bytes(rng, padding.len, &padding); /* concatenate payload data, padding, padding len */ to_crypt.len = this->decrypted.len + padding.len + 1; @@ -366,28 +358,17 @@ static status_t encrypt(private_encryption_payload_t *this) /* build iv */ iv.len = block_size; - status = randomizer->allocate_pseudo_random_bytes(randomizer, iv.len, &iv); - randomizer->destroy(randomizer); - if (status != SUCCESS) - { - chunk_free(&to_crypt); - chunk_free(&padding); - return status; - } + rng->allocate_bytes(rng, iv.len, &iv); + rng->destroy(rng); DBG3(DBG_ENC, "data before encryption with padding %B", &to_crypt); /* encrypt to_crypt chunk */ free(this->encrypted.ptr); - status = this->crypter->encrypt(this->crypter, to_crypt, iv, &result); + this->crypter->encrypt(this->crypter, to_crypt, iv, &result); free(padding.ptr); free(to_crypt.ptr); - if (status != SUCCESS) - { - DBG2(DBG_ENC, "encryption failed"); - free(iv.ptr); - return status; - } + DBG3(DBG_ENC, "data after encryption %B", &result); /* build encrypted result with iv and signature */ @@ -459,7 +440,6 @@ static status_t decrypt(private_encryption_payload_t *this) { chunk_t iv, concatenated; u_int8_t padding_length; - status_t status; DBG2(DBG_ENC, "decrypting encryption payload"); DBG3(DBG_ENC, "data before decryption with IV and (invalid) signature %B", @@ -478,12 +458,11 @@ static status_t decrypt(private_encryption_payload_t *this) /* point concatenated to data + padding + padding_length*/ concatenated.ptr = this->encrypted.ptr + iv.len; - concatenated.len = this->encrypted.len - iv.len - this->signer->get_block_size(this->signer); + concatenated.len = this->encrypted.len - iv.len - + this->signer->get_block_size(this->signer); - /* check the size of input: - * concatenated must be at least on block_size of crypter - */ - if (concatenated.len < iv.len) + /* concatenated must be a multiple of block_size of crypter */ + if (concatenated.len < iv.len || concatenated.len % iv.len) { DBG1(DBG_ENC, "could not decrypt, invalid input"); return FAILED; @@ -494,18 +473,14 @@ static status_t decrypt(private_encryption_payload_t *this) DBG3(DBG_ENC, "data before decryption %B", &concatenated); - status = this->crypter->decrypt(this->crypter, concatenated, iv, &(this->decrypted)); - if (status != SUCCESS) - { - DBG1(DBG_ENC, "could not decrypt, decryption failed"); - return FAILED; - } + this->crypter->decrypt(this->crypter, concatenated, iv, &this->decrypted); + DBG3(DBG_ENC, "data after decryption with padding %B", &this->decrypted); - /* get padding length, sits just bevore signature */ padding_length = *(this->decrypted.ptr + this->decrypted.len - 1); - /* add one byte to the padding length, since the padding_length field is not included */ + /* add one byte to the padding length, since the padding_length field is + * not included */ padding_length++; this->decrypted.len -= padding_length; |