summaryrefslogtreecommitdiff
path: root/src/charon/encoding/payloads/encryption_payload.c
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2008-07-09 21:02:41 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2008-07-09 21:02:41 +0000
commitdb67c87db3c9089ea8d2e14f617bf3d9e2af261f (patch)
tree665c0caea83d34c11c1517c4c57137bb58cba6fb /src/charon/encoding/payloads/encryption_payload.c
parent1c088a8b6237ec67f63c23f97a0f2dc4e99af869 (diff)
downloadvyos-strongswan-db67c87db3c9089ea8d2e14f617bf3d9e2af261f.tar.gz
vyos-strongswan-db67c87db3c9089ea8d2e14f617bf3d9e2af261f.zip
[svn-upgrade] Integrating new upstream version, strongswan (4.2.4)
Diffstat (limited to 'src/charon/encoding/payloads/encryption_payload.c')
-rw-r--r--src/charon/encoding/payloads/encryption_payload.c69
1 files changed, 22 insertions, 47 deletions
diff --git a/src/charon/encoding/payloads/encryption_payload.c b/src/charon/encoding/payloads/encryption_payload.c
index 23b6e8d9f..7237c69c5 100644
--- a/src/charon/encoding/payloads/encryption_payload.c
+++ b/src/charon/encoding/payloads/encryption_payload.c
@@ -1,10 +1,3 @@
-/**
- * @file encryption_payload.c
- *
- * @brief Implementation of encryption_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: encryption_payload.c 3862 2008-04-22 07:14:24Z martin $
*/
#include <stddef.h>
@@ -32,7 +27,6 @@
#include <encoding/generator.h>
#include <encoding/parser.h>
#include <utils/iterator.h>
-#include <utils/randomizer.h>
#include <crypto/signers/signer.h>
@@ -327,8 +321,7 @@ static void generate(private_encryption_payload_t *this)
static status_t encrypt(private_encryption_payload_t *this)
{
chunk_t iv, padding, to_crypt, result;
- randomizer_t *randomizer;
- status_t status;
+ rng_t *rng;
size_t block_size;
if (this->signer == NULL || this->crypter == NULL)
@@ -338,8 +331,12 @@ static status_t encrypt(private_encryption_payload_t *this)
}
/* for random data in iv and padding */
- randomizer = randomizer_create();
-
+ rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+ if (!rng)
+ {
+ DBG1(DBG_ENC, "could not encrypt, no RNG found");
+ return FAILED;
+ }
/* build payload chunk */
generate(this);
@@ -349,12 +346,7 @@ static status_t encrypt(private_encryption_payload_t *this)
/* build padding */
block_size = this->crypter->get_block_size(this->crypter);
padding.len = block_size - ((this->decrypted.len + 1) % block_size);
- status = randomizer->allocate_pseudo_random_bytes(randomizer, padding.len, &padding);
- if (status != SUCCESS)
- {
- randomizer->destroy(randomizer);
- return status;
- }
+ rng->allocate_bytes(rng, padding.len, &padding);
/* concatenate payload data, padding, padding len */
to_crypt.len = this->decrypted.len + padding.len + 1;
@@ -366,28 +358,17 @@ static status_t encrypt(private_encryption_payload_t *this)
/* build iv */
iv.len = block_size;
- status = randomizer->allocate_pseudo_random_bytes(randomizer, iv.len, &iv);
- randomizer->destroy(randomizer);
- if (status != SUCCESS)
- {
- chunk_free(&to_crypt);
- chunk_free(&padding);
- return status;
- }
+ rng->allocate_bytes(rng, iv.len, &iv);
+ rng->destroy(rng);
DBG3(DBG_ENC, "data before encryption with padding %B", &to_crypt);
/* encrypt to_crypt chunk */
free(this->encrypted.ptr);
- status = this->crypter->encrypt(this->crypter, to_crypt, iv, &result);
+ this->crypter->encrypt(this->crypter, to_crypt, iv, &result);
free(padding.ptr);
free(to_crypt.ptr);
- if (status != SUCCESS)
- {
- DBG2(DBG_ENC, "encryption failed");
- free(iv.ptr);
- return status;
- }
+
DBG3(DBG_ENC, "data after encryption %B", &result);
/* build encrypted result with iv and signature */
@@ -459,7 +440,6 @@ static status_t decrypt(private_encryption_payload_t *this)
{
chunk_t iv, concatenated;
u_int8_t padding_length;
- status_t status;
DBG2(DBG_ENC, "decrypting encryption payload");
DBG3(DBG_ENC, "data before decryption with IV and (invalid) signature %B",
@@ -478,12 +458,11 @@ static status_t decrypt(private_encryption_payload_t *this)
/* point concatenated to data + padding + padding_length*/
concatenated.ptr = this->encrypted.ptr + iv.len;
- concatenated.len = this->encrypted.len - iv.len - this->signer->get_block_size(this->signer);
+ concatenated.len = this->encrypted.len - iv.len -
+ this->signer->get_block_size(this->signer);
- /* check the size of input:
- * concatenated must be at least on block_size of crypter
- */
- if (concatenated.len < iv.len)
+ /* concatenated must be a multiple of block_size of crypter */
+ if (concatenated.len < iv.len || concatenated.len % iv.len)
{
DBG1(DBG_ENC, "could not decrypt, invalid input");
return FAILED;
@@ -494,18 +473,14 @@ static status_t decrypt(private_encryption_payload_t *this)
DBG3(DBG_ENC, "data before decryption %B", &concatenated);
- status = this->crypter->decrypt(this->crypter, concatenated, iv, &(this->decrypted));
- if (status != SUCCESS)
- {
- DBG1(DBG_ENC, "could not decrypt, decryption failed");
- return FAILED;
- }
+ this->crypter->decrypt(this->crypter, concatenated, iv, &this->decrypted);
+
DBG3(DBG_ENC, "data after decryption with padding %B", &this->decrypted);
-
/* get padding length, sits just bevore signature */
padding_length = *(this->decrypted.ptr + this->decrypted.len - 1);
- /* add one byte to the padding length, since the padding_length field is not included */
+ /* add one byte to the padding length, since the padding_length field is
+ * not included */
padding_length++;
this->decrypted.len -= padding_length;