summaryrefslogtreecommitdiff
path: root/src/libcharon/encoding/payloads/encryption_payload.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/encoding/payloads/encryption_payload.c')
-rw-r--r--src/libcharon/encoding/payloads/encryption_payload.c610
1 files changed, 239 insertions, 371 deletions
diff --git a/src/libcharon/encoding/payloads/encryption_payload.c b/src/libcharon/encoding/payloads/encryption_payload.c
index 2adbb88b9..3b23ea9fb 100644
--- a/src/libcharon/encoding/payloads/encryption_payload.c
+++ b/src/libcharon/encoding/payloads/encryption_payload.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005-2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
@@ -24,9 +25,6 @@
#include <utils/linked_list.h>
#include <encoding/generator.h>
#include <encoding/parser.h>
-#include <utils/iterator.h>
-#include <crypto/signers/signer.h>
-
typedef struct private_encryption_payload_t private_encryption_payload_t;
@@ -50,9 +48,9 @@ struct private_encryption_payload_t {
u_int8_t next_payload;
/**
- * Critical flag.
+ * Flags, including reserved bits
*/
- bool critical;
+ u_int8_t flags;
/**
* Length of this payload
@@ -60,28 +58,17 @@ struct private_encryption_payload_t {
u_int16_t payload_length;
/**
- * Chunk containing the iv, data, padding,
- * and (an eventually not calculated) signature.
+ * Chunk containing the IV, plain, padding and ICV.
*/
chunk_t encrypted;
/**
- * Chunk containing the data in decrypted (unpadded) form.
- */
- chunk_t decrypted;
-
- /**
- * Signer set by set_signer.
+ * AEAD transform to use
*/
- signer_t *signer;
+ aead_t *aead;
/**
- * Crypter, supplied by encrypt/decrypt
- */
- crypter_t *crypter;
-
- /**
- * Contained payloads of this encrpytion_payload.
+ * Contained payloads
*/
linked_list_t *payloads;
};
@@ -91,25 +78,16 @@ struct private_encryption_payload_t {
*
* The defined offsets are the positions in a object of type
* private_encryption_payload_t.
- *
*/
encoding_rule_t encryption_payload_encodings[] = {
/* 1 Byte next payload type, stored in the field next_payload */
{ U_INT_8, offsetof(private_encryption_payload_t, next_payload) },
- /* the critical bit */
- { FLAG, offsetof(private_encryption_payload_t, critical) },
- /* 7 Bit reserved bits, nowhere stored */
- { RESERVED_BIT, 0 },
- { RESERVED_BIT, 0 },
- { RESERVED_BIT, 0 },
- { RESERVED_BIT, 0 },
- { RESERVED_BIT, 0 },
- { RESERVED_BIT, 0 },
- { RESERVED_BIT, 0 },
+ /* Critical and 7 reserved bits, all stored for reconstruction */
+ { U_INT_8, offsetof(private_encryption_payload_t, flags) },
/* Length of the whole encryption payload*/
{ PAYLOAD_LENGTH, offsetof(private_encryption_payload_t, payload_length) },
/* encrypted data, stored in a chunk. contains iv, data, padding */
- { ENCRYPTED_DATA, offsetof(private_encryption_payload_t, encrypted) },
+ { ENCRYPTED_DATA, offsetof(private_encryption_payload_t, encrypted) },
};
/*
@@ -131,108 +109,90 @@ encoding_rule_t encryption_payload_encodings[] = {
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
-/**
- * Implementation of payload_t.verify.
- */
-static status_t verify(private_encryption_payload_t *this)
+METHOD(payload_t, verify, status_t,
+ private_encryption_payload_t *this)
{
return SUCCESS;
}
-/**
- * Implementation of payload_t.get_encoding_rules.
- */
-static void get_encoding_rules(private_encryption_payload_t *this, encoding_rule_t **rules, size_t *rule_count)
+METHOD(payload_t, get_encoding_rules, void,
+ private_encryption_payload_t *this, encoding_rule_t **rules,
+ size_t *count)
{
*rules = encryption_payload_encodings;
- *rule_count = sizeof(encryption_payload_encodings) / sizeof(encoding_rule_t);
+ *count = countof(encryption_payload_encodings);
}
-/**
- * Implementation of payload_t.get_type.
- */
-static payload_type_t get_type(private_encryption_payload_t *this)
+METHOD(payload_t, get_type, payload_type_t,
+ private_encryption_payload_t *this)
{
return ENCRYPTED;
}
-/**
- * Implementation of payload_t.get_next_type.
- */
-static payload_type_t get_next_type(private_encryption_payload_t *this)
+METHOD(payload_t, get_next_type, payload_type_t,
+ private_encryption_payload_t *this)
{
- /* returns first contained payload here */
- return (this->next_payload);
+ return this->next_payload;
}
-/**
- * Implementation of payload_t.set_next_type.
- */
-static void set_next_type(private_encryption_payload_t *this, payload_type_t type)
+METHOD(payload_t, set_next_type, void,
+ private_encryption_payload_t *this, payload_type_t type)
{
- /* set next type is not allowed, since this payload MUST be the last one
- * and so nothing is done in here*/
+ /* the next payload is set during add */
}
/**
- * (re-)compute the lenght of the whole payload
+ * Compute the lenght of the whole payload
*/
static void compute_length(private_encryption_payload_t *this)
{
- iterator_t *iterator;
- payload_t *current_payload;
- size_t block_size, length = 0;
- iterator = this->payloads->create_iterator(this->payloads, TRUE);
+ enumerator_t *enumerator;
+ payload_t *payload;
+ size_t bs, length = 0;
- /* count payload length */
- while (iterator->iterate(iterator, (void **) &current_payload))
+ if (this->encrypted.len)
{
- length += current_payload->get_length(current_payload);
+ length = this->encrypted.len;
}
- iterator->destroy(iterator);
-
- if (this->crypter && this->signer)
+ else
{
- /* append one byte for padding length */
- length++;
- /* append padding */
- block_size = this->crypter->get_block_size(this->crypter);
- length += block_size - length % block_size;
- /* add iv */
- length += block_size;
- /* add signature */
- length += this->signer->get_block_size(this->signer);
+ enumerator = this->payloads->create_enumerator(this->payloads);
+ while (enumerator->enumerate(enumerator, &payload))
+ {
+ length += payload->get_length(payload);
+ }
+ enumerator->destroy(enumerator);
+
+ if (this->aead)
+ {
+ /* append padding */
+ bs = this->aead->get_block_size(this->aead);
+ length += bs - (length % bs);
+ /* add iv */
+ length += this->aead->get_iv_size(this->aead);
+ /* add icv */
+ length += this->aead->get_icv_size(this->aead);
+ }
}
length += ENCRYPTION_PAYLOAD_HEADER_LENGTH;
this->payload_length = length;
}
-/**
- * Implementation of payload_t.get_length.
- */
-static size_t get_length(private_encryption_payload_t *this)
+METHOD2(payload_t, encryption_payload_t, get_length, size_t,
+ private_encryption_payload_t *this)
{
compute_length(this);
return this->payload_length;
}
-/**
- * Implementation of payload_t.create_payload_iterator.
- */
-static iterator_t *create_payload_iterator (private_encryption_payload_t *this, bool forward)
-{
- return (this->payloads->create_iterator(this->payloads, forward));
-}
-
-/**
- * Implementation of payload_t.add_payload.
- */
-static void add_payload(private_encryption_payload_t *this, payload_t *payload)
+METHOD(encryption_payload_t, add_payload, void,
+ private_encryption_payload_t *this, payload_t *payload)
{
payload_t *last_payload;
+
if (this->payloads->get_count(this->payloads) > 0)
{
- this->payloads->get_last(this->payloads,(void **) &last_payload);
+ this->payloads->get_last(this->payloads, (void **)&last_payload);
last_payload->set_next_type(last_payload, payload->get_type(payload));
}
else
@@ -240,339 +200,255 @@ static void add_payload(private_encryption_payload_t *this, payload_t *payload)
this->next_payload = payload->get_type(payload);
}
payload->set_next_type(payload, NO_PAYLOAD);
- this->payloads->insert_last(this->payloads, (void*)payload);
+ this->payloads->insert_last(this->payloads, payload);
compute_length(this);
}
-/**
- * Implementation of encryption_payload_t.remove_first_payload.
- */
-static status_t remove_first_payload(private_encryption_payload_t *this, payload_t **payload)
+METHOD(encryption_payload_t, remove_payload, payload_t *,
+ private_encryption_payload_t *this)
{
- return this->payloads->remove_first(this->payloads, (void**)payload);
-}
+ payload_t *payload;
-/**
- * Implementation of encryption_payload_t.get_payload_count.
- */
-static size_t get_payload_count(private_encryption_payload_t *this)
-{
- return this->payloads->get_count(this->payloads);
+ if (this->payloads->remove_first(this->payloads,
+ (void**)&payload) == SUCCESS)
+ {
+ return payload;
+ }
+ return NULL;
}
/**
- * Generate payload before encryption.
+ * Generate payload before encryption
*/
-static void generate(private_encryption_payload_t *this)
+static chunk_t generate(private_encryption_payload_t *this,
+ generator_t *generator)
{
- payload_t *current_payload, *next_payload;
- generator_t *generator;
- iterator_t *iterator;
-
- /* recalculate length before generating */
- compute_length(this);
+ payload_t *current, *next;
+ enumerator_t *enumerator;
+ u_int32_t *lenpos;
+ chunk_t chunk = chunk_empty;
- /* create iterator */
- iterator = this->payloads->create_iterator(this->payloads, TRUE);
-
- /* get first payload */
- if (iterator->iterate(iterator, (void**)&current_payload))
- {
- this->next_payload = current_payload->get_type(current_payload);
- }
- else
+ enumerator = this->payloads->create_enumerator(this->payloads);
+ if (enumerator->enumerate(enumerator, &current))
{
- /* no paylads? */
- DBG2(DBG_ENC, "generating contained payloads, but none available");
- free(this->decrypted.ptr);
- this->decrypted = chunk_empty;
- iterator->destroy(iterator);
- return;
- }
+ this->next_payload = current->get_type(current);
- generator = generator_create();
+ while (enumerator->enumerate(enumerator, &next))
+ {
+ current->set_next_type(current, next->get_type(next));
+ generator->generate_payload(generator, current);
+ current = next;
+ }
+ current->set_next_type(current, NO_PAYLOAD);
+ generator->generate_payload(generator, current);
- /* build all payload, except last */
- while(iterator->iterate(iterator, (void**)&next_payload))
- {
- current_payload->set_next_type(current_payload, next_payload->get_type(next_payload));
- generator->generate_payload(generator, current_payload);
- current_payload = next_payload;
+ chunk = generator->get_chunk(generator, &lenpos);
+ DBG2(DBG_ENC, "generated content in encryption payload");
}
- iterator->destroy(iterator);
-
- /* build last payload */
- current_payload->set_next_type(current_payload, NO_PAYLOAD);
- generator->generate_payload(generator, current_payload);
-
- /* free already generated data */
- free(this->decrypted.ptr);
-
- generator->write_to_chunk(generator, &(this->decrypted));
- generator->destroy(generator);
- DBG2(DBG_ENC, "successfully generated content in encryption payload");
+ enumerator->destroy(enumerator);
+ return chunk;
}
/**
- * Implementation of encryption_payload_t.encrypt.
+ * Append the encryption payload header to the associated data
*/
-static status_t encrypt(private_encryption_payload_t *this)
+static chunk_t append_header(private_encryption_payload_t *this, chunk_t assoc)
{
- chunk_t iv, padding, to_crypt, result;
+ struct {
+ u_int8_t next_payload;
+ u_int8_t flags;
+ u_int16_t length;
+ } __attribute__((packed)) header = {
+ .next_payload = this->next_payload,
+ .flags = this->flags,
+ .length = htons(get_length(this)),
+ };
+ return chunk_cat("cc", assoc, chunk_from_thing(header));
+}
+
+METHOD(encryption_payload_t, encrypt, bool,
+ private_encryption_payload_t *this, chunk_t assoc)
+{
+ chunk_t iv, plain, padding, icv, crypt;
+ generator_t *generator;
rng_t *rng;
- size_t block_size;
+ size_t bs;
- if (this->signer == NULL || this->crypter == NULL)
+ if (this->aead == NULL)
{
- DBG1(DBG_ENC, "could not encrypt, signer/crypter not set");
- return INVALID_STATE;
+ DBG1(DBG_ENC, "encrypting encryption payload failed, transform missing");
+ return FALSE;
}
- /* for random data in iv and padding */
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
if (!rng)
{
- DBG1(DBG_ENC, "could not encrypt, no RNG found");
- return FAILED;
+ DBG1(DBG_ENC, "encrypting encryption payload failed, no RNG found");
+ return FALSE;
}
- /* build payload chunk */
- generate(this);
- DBG2(DBG_ENC, "encrypting payloads");
- DBG3(DBG_ENC, "data to encrypt %B", &this->decrypted);
+ assoc = append_header(this, assoc);
- /* build padding */
- block_size = this->crypter->get_block_size(this->crypter);
- padding.len = block_size - ((this->decrypted.len + 1) % block_size);
- rng->allocate_bytes(rng, padding.len, &padding);
-
- /* concatenate payload data, padding, padding len */
- to_crypt.len = this->decrypted.len + padding.len + 1;
- to_crypt.ptr = malloc(to_crypt.len);
-
- memcpy(to_crypt.ptr, this->decrypted.ptr, this->decrypted.len);
- memcpy(to_crypt.ptr + this->decrypted.len, padding.ptr, padding.len);
- *(to_crypt.ptr + to_crypt.len - 1) = padding.len;
+ generator = generator_create();
+ plain = generate(this, generator);
+ bs = this->aead->get_block_size(this->aead);
+ /* we need at least one byte padding to store the padding length */
+ padding.len = bs - (plain.len % bs);
+ iv.len = this->aead->get_iv_size(this->aead);
+ icv.len = this->aead->get_icv_size(this->aead);
+
+ /* prepare data to authenticate-encrypt:
+ * | IV | plain | padding | ICV |
+ * \____crypt______/ ^
+ * | /
+ * v /
+ * assoc -> + ------->/
+ */
+ free(this->encrypted.ptr);
+ this->encrypted = chunk_alloc(iv.len + plain.len + padding.len + icv.len);
+ iv.ptr = this->encrypted.ptr;
+ memcpy(iv.ptr + iv.len, plain.ptr, plain.len);
+ plain.ptr = iv.ptr + iv.len;
+ padding.ptr = plain.ptr + plain.len;
+ icv.ptr = padding.ptr + padding.len;
+ crypt = chunk_create(plain.ptr, plain.len + padding.len);
+ generator->destroy(generator);
- /* build iv */
- iv.len = block_size;
- rng->allocate_bytes(rng, iv.len, &iv);
+ rng->get_bytes(rng, iv.len, iv.ptr);
+ rng->get_bytes(rng, padding.len - 1, padding.ptr);
+ padding.ptr[padding.len - 1] = padding.len - 1;
rng->destroy(rng);
- DBG3(DBG_ENC, "data before encryption with padding %B", &to_crypt);
+ DBG3(DBG_ENC, "encryption payload encryption:");
+ DBG3(DBG_ENC, "IV %B", &iv);
+ DBG3(DBG_ENC, "plain %B", &plain);
+ DBG3(DBG_ENC, "padding %B", &padding);
+ DBG3(DBG_ENC, "assoc %B", &assoc);
- /* encrypt to_crypt chunk */
- free(this->encrypted.ptr);
- this->crypter->encrypt(this->crypter, to_crypt, iv, &result);
- free(padding.ptr);
- free(to_crypt.ptr);
-
- DBG3(DBG_ENC, "data after encryption %B", &result);
-
- /* build encrypted result with iv and signature */
- this->encrypted.len = iv.len + result.len + this->signer->get_block_size(this->signer);
- free(this->encrypted.ptr);
- this->encrypted.ptr = malloc(this->encrypted.len);
+ this->aead->encrypt(this->aead, crypt, assoc, iv, NULL);
- /* fill in result, signature is left out */
- memcpy(this->encrypted.ptr, iv.ptr, iv.len);
- memcpy(this->encrypted.ptr + iv.len, result.ptr, result.len);
+ DBG3(DBG_ENC, "encrypted %B", &crypt);
+ DBG3(DBG_ENC, "ICV %B", &icv);
- free(result.ptr);
- free(iv.ptr);
- DBG3(DBG_ENC, "data after encryption with IV and (invalid) signature %B",
- &this->encrypted);
+ free(assoc.ptr);
- return SUCCESS;
+ return TRUE;
}
/**
* Parse the payloads after decryption.
*/
-static status_t parse(private_encryption_payload_t *this)
+static status_t parse(private_encryption_payload_t *this, chunk_t plain)
{
parser_t *parser;
- status_t status;
- payload_type_t current_payload_type;
-
- /* build a parser on the decrypted data */
- parser = parser_create(this->decrypted);
+ payload_type_t type;
- current_payload_type = this->next_payload;
- /* parse all payloads */
- while (current_payload_type != NO_PAYLOAD)
+ parser = parser_create(plain);
+ type = this->next_payload;
+ while (type != NO_PAYLOAD)
{
- payload_t *current_payload;
+ payload_t *payload;
- status = parser->parse_payload(parser, current_payload_type, (payload_t**)&current_payload);
- if (status != SUCCESS)
+ if (parser->parse_payload(parser, type, &payload) != SUCCESS)
{
parser->destroy(parser);
return PARSE_ERROR;
}
-
- status = current_payload->verify(current_payload);
- if (status != SUCCESS)
+ if (payload->verify(payload) != SUCCESS)
{
DBG1(DBG_ENC, "%N verification failed",
- payload_type_names, current_payload->get_type(current_payload));
- current_payload->destroy(current_payload);
+ payload_type_names, payload->get_type(payload));
+ payload->destroy(payload);
parser->destroy(parser);
return VERIFY_ERROR;
}
-
- /* get next payload type */
- current_payload_type = current_payload->get_next_type(current_payload);
-
- this->payloads->insert_last(this->payloads,current_payload);
+ type = payload->get_next_type(payload);
+ this->payloads->insert_last(this->payloads, payload);
}
parser->destroy(parser);
- DBG2(DBG_ENC, "succesfully parsed content of encryption payload");
+ DBG2(DBG_ENC, "parsed content of encryption payload");
return SUCCESS;
}
-/**
- * Implementation of encryption_payload_t.encrypt.
- */
-static status_t decrypt(private_encryption_payload_t *this)
+METHOD(encryption_payload_t, decrypt, status_t,
+ private_encryption_payload_t *this, chunk_t assoc)
{
- chunk_t iv, concatenated;
- u_int8_t padding_length;
-
- DBG2(DBG_ENC, "decrypting encryption payload");
- DBG3(DBG_ENC, "data before decryption with IV and (invalid) signature %B",
- &this->encrypted);
+ chunk_t iv, plain, padding, icv, crypt;
+ size_t bs;
- if (this->signer == NULL || this->crypter == NULL)
+ if (this->aead == NULL)
{
- DBG1(DBG_ENC, "could not decrypt, no crypter/signer set");
+ DBG1(DBG_ENC, "decrypting encryption payload failed, transform missing");
return INVALID_STATE;
}
- /* get IV */
- iv.len = this->crypter->get_block_size(this->crypter);
+ /* prepare data to authenticate-decrypt:
+ * | IV | plain | padding | ICV |
+ * \____crypt______/ ^
+ * | /
+ * v /
+ * assoc -> + ------->/
+ */
+ bs = this->aead->get_block_size(this->aead);
+ iv.len = this->aead->get_iv_size(this->aead);
iv.ptr = this->encrypted.ptr;
+ icv.len = this->aead->get_icv_size(this->aead);
+ icv.ptr = this->encrypted.ptr + this->encrypted.len - icv.len;
+ crypt.ptr = iv.ptr + iv.len;
+ crypt.len = this->encrypted.len - iv.len;
- /* point concatenated to data + padding + padding_length*/
- concatenated.ptr = this->encrypted.ptr + iv.len;
- concatenated.len = this->encrypted.len - iv.len -
- this->signer->get_block_size(this->signer);
-
- /* concatenated must be a multiple of block_size of crypter */
- if (concatenated.len < iv.len || concatenated.len % iv.len)
+ if (iv.len + icv.len > this->encrypted.len ||
+ (crypt.len - icv.len) % bs)
{
- DBG1(DBG_ENC, "could not decrypt, invalid input");
+ DBG1(DBG_ENC, "decrypting encryption payload failed, invalid length");
return FAILED;
}
- /* free previus data, if any */
- free(this->decrypted.ptr);
-
- DBG3(DBG_ENC, "data before decryption %B", &concatenated);
-
- this->crypter->decrypt(this->crypter, concatenated, iv, &this->decrypted);
+ assoc = append_header(this, assoc);
- DBG3(DBG_ENC, "data after decryption with padding %B", &this->decrypted);
+ DBG3(DBG_ENC, "encryption payload decryption:");
+ DBG3(DBG_ENC, "IV %B", &iv);
+ DBG3(DBG_ENC, "encrypted %B", &crypt);
+ DBG3(DBG_ENC, "ICV %B", &icv);
+ DBG3(DBG_ENC, "assoc %B", &assoc);
- /* get padding length, sits just bevore signature */
- padding_length = *(this->decrypted.ptr + this->decrypted.len - 1);
- /* add one byte to the padding length, since the padding_length field is
- * not included */
- padding_length++;
-
- /* check size again */
- if (padding_length > concatenated.len || padding_length > this->decrypted.len)
+ if (!this->aead->decrypt(this->aead, crypt, assoc, iv, NULL))
{
- DBG1(DBG_ENC, "decryption failed, invalid padding length found. Invalid key?");
- /* decryption failed :-/ */
+ DBG1(DBG_ENC, "verifying encryption payload integrity failed");
+ free(assoc.ptr);
return FAILED;
}
- this->decrypted.len -= padding_length;
-
- /* free padding */
- this->decrypted.ptr = realloc(this->decrypted.ptr, this->decrypted.len);
- DBG3(DBG_ENC, "data after decryption without padding %B", &this->decrypted);
- DBG2(DBG_ENC, "decryption successful, trying to parse content");
- return parse(this);
-}
+ free(assoc.ptr);
-/**
- * Implementation of encryption_payload_t.set_transforms.
- */
-static void set_transforms(private_encryption_payload_t *this, crypter_t* crypter, signer_t* signer)
-{
- this->signer = signer;
- this->crypter = crypter;
-}
-
-/**
- * Implementation of encryption_payload_t.build_signature.
- */
-static status_t build_signature(private_encryption_payload_t *this, chunk_t data)
-{
- chunk_t data_without_sig = data;
- chunk_t sig;
-
- if (this->signer == NULL)
+ plain = chunk_create(crypt.ptr, crypt.len - icv.len);
+ padding.len = plain.ptr[plain.len - 1] + 1;
+ if (padding.len > plain.len)
{
- DBG1(DBG_ENC, "unable to build signature, no signer set");
- return INVALID_STATE;
+ DBG1(DBG_ENC, "decrypting encryption payload failed, "
+ "padding invalid %B", &crypt);
+ return PARSE_ERROR;
}
+ plain.len -= padding.len;
+ padding.ptr = plain.ptr + plain.len;
- sig.len = this->signer->get_block_size(this->signer);
- data_without_sig.len -= sig.len;
- sig.ptr = data.ptr + data_without_sig.len;
- DBG2(DBG_ENC, "building signature");
- this->signer->get_signature(this->signer, data_without_sig, sig.ptr);
- return SUCCESS;
+ DBG3(DBG_ENC, "plain %B", &plain);
+ DBG3(DBG_ENC, "padding %B", &padding);
+
+ return parse(this, plain);
}
-/**
- * Implementation of encryption_payload_t.verify_signature.
- */
-static status_t verify_signature(private_encryption_payload_t *this, chunk_t data)
+METHOD(encryption_payload_t, set_transform, void,
+ private_encryption_payload_t *this, aead_t* aead)
{
- chunk_t sig, data_without_sig;
- bool valid;
-
- if (this->signer == NULL)
- {
- DBG1(DBG_ENC, "unable to verify signature, no signer set");
- return INVALID_STATE;
- }
- /* find signature in data chunk */
- sig.len = this->signer->get_block_size(this->signer);
- if (data.len <= sig.len)
- {
- DBG1(DBG_ENC, "unable to verify signature, invalid input");
- return FAILED;
- }
- sig.ptr = data.ptr + data.len - sig.len;
-
- /* verify it */
- data_without_sig.len = data.len - sig.len;
- data_without_sig.ptr = data.ptr;
- valid = this->signer->verify_signature(this->signer, data_without_sig, sig);
-
- if (!valid)
- {
- DBG1(DBG_ENC, "signature verification failed");
- return FAILED;
- }
-
- DBG2(DBG_ENC, "signature verification successful");
- return SUCCESS;
+ this->aead = aead;
}
-/**
- * Implementation of payload_t.destroy.
- */
-static void destroy(private_encryption_payload_t *this)
+METHOD2(payload_t, encryption_payload_t, destroy, void,
+ private_encryption_payload_t *this)
{
this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy));
free(this->encrypted.ptr);
- free(this->decrypted.ptr);
free(this);
}
@@ -581,39 +457,31 @@ static void destroy(private_encryption_payload_t *this)
*/
encryption_payload_t *encryption_payload_create()
{
- private_encryption_payload_t *this = malloc_thing(private_encryption_payload_t);
-
- /* payload_t interface functions */
- this->public.payload_interface.verify = (status_t (*) (payload_t *))verify;
- this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules;
- this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length;
- this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type;
- this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
- this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
- this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
-
- /* public functions */
- this->public.create_payload_iterator = (iterator_t * (*) (encryption_payload_t *,bool)) create_payload_iterator;
- this->public.add_payload = (void (*) (encryption_payload_t *,payload_t *)) add_payload;
- this->public.remove_first_payload = (status_t (*)(encryption_payload_t*, payload_t **)) remove_first_payload;
- this->public.get_payload_count = (size_t (*)(encryption_payload_t*)) get_payload_count;
-
- this->public.encrypt = (status_t (*) (encryption_payload_t *)) encrypt;
- this->public.decrypt = (status_t (*) (encryption_payload_t *)) decrypt;
- this->public.set_transforms = (void (*) (encryption_payload_t*,crypter_t*,signer_t*)) set_transforms;
- this->public.build_signature = (status_t (*) (encryption_payload_t*, chunk_t)) build_signature;
- this->public.verify_signature = (status_t (*) (encryption_payload_t*, chunk_t)) verify_signature;
- this->public.destroy = (void (*) (encryption_payload_t *)) destroy;
-
- /* set default values of the fields */
- this->critical = FALSE;
- this->next_payload = NO_PAYLOAD;
- this->payload_length = ENCRYPTION_PAYLOAD_HEADER_LENGTH;
- this->encrypted = chunk_empty;
- this->decrypted = chunk_empty;
- this->signer = NULL;
- this->crypter = NULL;
- this->payloads = linked_list_create();
-
- return (&(this->public));
+ private_encryption_payload_t *this;
+
+ INIT(this,
+ .public = {
+ .payload_interface = {
+ .verify = _verify,
+ .get_encoding_rules = _get_encoding_rules,
+ .get_length = _get_length,
+ .get_next_type = _get_next_type,
+ .set_next_type = _set_next_type,
+ .get_type = _get_type,
+ .destroy = _destroy,
+ },
+ .get_length = _get_length,
+ .add_payload = _add_payload,
+ .remove_payload = _remove_payload,
+ .set_transform = _set_transform,
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .destroy = _destroy,
+ },
+ .next_payload = NO_PAYLOAD,
+ .payload_length = ENCRYPTION_PAYLOAD_HEADER_LENGTH,
+ .payloads = linked_list_create(),
+ );
+
+ return &this->public;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 13:00:16 +0000