From f73fba54dc8b30c6482e1e8abf15bbf455592fcd Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Sun, 28 Nov 2010 11:42:20 +0000 Subject: [svn-upgrade] new version strongswan (4.5.0) --- src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c | 173 ++++++++++++++++++++++ 1 file changed, 173 insertions(+) create mode 100644 src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c (limited to 'src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c') diff --git a/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c new file mode 100644 index 000000000..ddcae423b --- /dev/null +++ b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c @@ -0,0 +1,173 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ctr_ipsec_crypter.h" + +typedef struct private_ctr_ipsec_crypter_t private_ctr_ipsec_crypter_t; + +/** + * Private data of an ctr_ipsec_crypter_t object. + */ +struct private_ctr_ipsec_crypter_t { + + /** + * Public ctr_ipsec_crypter_t interface. + */ + ctr_ipsec_crypter_t public; + + /** + * Underlying CBC crypter + */ + crypter_t *crypter; + + /** + * counter state + */ + struct { + char nonce[4]; + char iv[8]; + u_int32_t counter; + } __attribute__((packed)) state; +}; + +/** + * Do the CTR crypto operation + */ +static void crypt_ctr(private_ctr_ipsec_crypter_t *this, + chunk_t in, chunk_t out) +{ + size_t is, bs; + chunk_t state; + + is = this->crypter->get_iv_size(this->crypter); + bs = sizeof(this->state); + + this->state.counter = htonl(1); + state = chunk_create((char*)&this->state, bs); + + while (in.len > 0) + { + char iv[is], block[bs]; + + memset(iv, 0, is); + memcpy(block, state.ptr, bs); + this->crypter->encrypt(this->crypter, + chunk_create(block, bs), chunk_create(iv, is), NULL); + chunk_increment(state); + + if (in.ptr != out.ptr) + { + memcpy(out.ptr, in.ptr, min(in.len, bs)); + } + memxor(out.ptr, block, min(in.len, bs)); + in = chunk_skip(in, bs); + out = chunk_skip(out, bs); + } +} + +METHOD(crypter_t, crypt, void, + private_ctr_ipsec_crypter_t *this, chunk_t in, chunk_t iv, chunk_t *out) +{ + memcpy(this->state.iv, iv.ptr, sizeof(this->state.iv)); + + if (out) + { + *out = chunk_alloc(in.len); + crypt_ctr(this, in, *out); + } + else + { + crypt_ctr(this, in, in); + } +} + +METHOD(crypter_t, get_block_size, size_t, + private_ctr_ipsec_crypter_t *this) +{ + return 1; +} + +METHOD(crypter_t, get_iv_size, size_t, + private_ctr_ipsec_crypter_t *this) +{ + return sizeof(this->state.iv); +} + +METHOD(crypter_t, get_key_size, size_t, + private_ctr_ipsec_crypter_t *this) +{ + return this->crypter->get_key_size(this->crypter) + + sizeof(this->state.nonce); +} + +METHOD(crypter_t, set_key, void, + private_ctr_ipsec_crypter_t *this, chunk_t key) +{ + memcpy(this->state.nonce, key.ptr + key.len - sizeof(this->state.nonce), + sizeof(this->state.nonce)); + key.len -= sizeof(this->state.nonce); + this->crypter->set_key(this->crypter, key); +} + +METHOD(crypter_t, destroy, void, + private_ctr_ipsec_crypter_t *this) +{ + this->crypter->destroy(this->crypter); + free(this); +} + +/** + * See header + */ +ctr_ipsec_crypter_t *ctr_ipsec_crypter_create(encryption_algorithm_t algo, + size_t key_size) +{ + private_ctr_ipsec_crypter_t *this; + + switch (algo) + { + case ENCR_AES_CTR: + algo = ENCR_AES_CBC; + break; + case ENCR_CAMELLIA_CTR: + algo = ENCR_CAMELLIA_CBC; + break; + default: + return NULL; + } + + INIT(this, + .public = { + .crypter = { + .encrypt = _crypt, + .decrypt = _crypt, + .get_block_size = _get_block_size, + .get_iv_size = _get_iv_size, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, + }, + .crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size), + ); + + if (!this->crypter) + { + free(this); + return NULL; + } + + return &this->public; +} -- cgit v1.2.3