summaryrefslogtreecommitdiffstats
path: root/src/methods/composed_gmac
diff options
context:
space:
mode:
authorMatthias Schiffer <mschiffer@universe-factory.net>2013-11-30 03:19:38 +0100
committerMatthias Schiffer <mschiffer@universe-factory.net>2013-11-30 03:36:22 +0100
commit8088a82a2a91d29967cef920ba780eecdf72518e (patch)
treed30768bff5805e1209d64e9c0e7e87c38cce0042 /src/methods/composed_gmac
parent1111dc8e5e9e78254c1a7a891d961713e1be9db0 (diff)
downloadfastd-8088a82a2a91d29967cef920ba780eecdf72518e.tar
fastd-8088a82a2a91d29967cef920ba780eecdf72518e.zip
Perform string-based lookup of method-related information only once
Diffstat (limited to 'src/methods/composed_gmac')
-rw-r--r--src/methods/composed_gmac/composed_gmac.c138
1 files changed, 62 insertions, 76 deletions
diff --git a/src/methods/composed_gmac/composed_gmac.c b/src/methods/composed_gmac/composed_gmac.c
index 0705b7d..d1627ee 100644
--- a/src/methods/composed_gmac/composed_gmac.c
+++ b/src/methods/composed_gmac/composed_gmac.c
@@ -25,36 +25,43 @@
#include "../../crypto.h"
+#include "../../method.h"
#include "../common.h"
static const fastd_block128_t ZERO_BLOCK = {};
+
+struct fastd_method_context {
+ const fastd_cipher_info_t *cipher_info;
+ const fastd_cipher_info_t *gmac_cipher_info;
+ const fastd_mac_info_t *ghash_info;
+};
+
struct fastd_method_session_state {
fastd_method_common_t common;
- const fastd_cipher_info_t *cipher_info;
+ const fastd_method_context_t *ctx;
+
const fastd_cipher_t *cipher;
fastd_cipher_state_t *cipher_state;
- const fastd_cipher_info_t *gmac_cipher_info;
const fastd_cipher_t *gmac_cipher;
fastd_cipher_state_t *gmac_cipher_state;
- const fastd_mac_info_t *ghash_info;
const fastd_mac_t *ghash;
fastd_mac_state_t *ghash_state;
};
-static bool cipher_get(fastd_context_t *ctx, const char *name,
- const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher,
- const fastd_cipher_info_t **gmac_cipher_info, const fastd_cipher_t **gmac_cipher) {
- if (!fastd_mac_info_get_by_name("ghash"))
+static bool method_create_by_name(const char *name, fastd_method_context_t **method_ctx) {
+ fastd_method_context_t ctx;
+
+ ctx.ghash_info = fastd_mac_info_get_by_name("ghash");
+ if (!ctx.ghash_info)
return false;
size_t len = strlen(name);
-
if (len < 5)
return false;
@@ -73,76 +80,52 @@ static bool cipher_get(fastd_context_t *ctx, const char *name,
*gmac_cipher_name = 0;
gmac_cipher_name++;
- const fastd_cipher_info_t *info = NULL;
- const fastd_cipher_info_t *gmac_info = NULL;
-
- if (ctx) {
- *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &info);
- *gmac_cipher = fastd_cipher_get_by_name(ctx, gmac_cipher_name, &gmac_info);
- if (!(*cipher && *gmac_cipher))
- return false;
- }
- else {
- info = fastd_cipher_info_get_by_name(cipher_name);
- gmac_info = fastd_cipher_info_get_by_name(gmac_cipher_name);
- if (!(info && gmac_info))
- return false;
- }
-
- if (cipher_info)
- *cipher_info = info;
-
- if (gmac_cipher_info)
- *gmac_cipher_info = gmac_info;
-
- return true;
-}
-
+ ctx.cipher_info = fastd_cipher_info_get_by_name(cipher_name);
+ if (!ctx.cipher_info)
+ return false;
-static bool method_provides(const char *name) {
- const fastd_cipher_info_t *gmac_cipher_info;
+ if (ctx.cipher_info->iv_length && ctx.cipher_info->iv_length <= COMMON_NONCEBYTES)
+ return false;
- if (!cipher_get(NULL, name, NULL, NULL, &gmac_cipher_info, NULL))
+ ctx.gmac_cipher_info = fastd_cipher_info_get_by_name(gmac_cipher_name);
+ if (!ctx.gmac_cipher_info)
return false;
- if (gmac_cipher_info->iv_length <= COMMON_NONCEBYTES)
+ if (ctx.gmac_cipher_info->iv_length <= COMMON_NONCEBYTES)
return false;
+ *method_ctx = malloc(sizeof(fastd_method_context_t));
+ **method_ctx = ctx;
+
return true;
}
-static size_t method_key_length(fastd_context_t *ctx, const char *name) {
- const fastd_cipher_info_t *cipher_info;
- const fastd_cipher_info_t *gmac_cipher_info;
+static void method_destroy(fastd_method_context_t *method_ctx) {
+ free(method_ctx);
+}
- if (!cipher_get(NULL, name, &cipher_info, NULL, &gmac_cipher_info, NULL))
- exit_bug(ctx, "composed-gmac: can't get cipher key length");
- return cipher_info->key_length + gmac_cipher_info->key_length;
+static size_t method_key_length(fastd_context_t *ctx UNUSED, const fastd_method_context_t *method_ctx) {
+ return method_ctx->cipher_info->key_length + method_ctx->gmac_cipher_info->key_length;
}
-static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name, const uint8_t *secret, bool initiator) {
+static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const fastd_method_context_t *method_ctx, const uint8_t *secret, bool initiator) {
fastd_method_session_state_t *session = malloc(sizeof(fastd_method_session_state_t));
fastd_method_common_init(ctx, &session->common, initiator);
+ session->ctx = method_ctx;
- if (!cipher_get(ctx, name,
- &session->cipher_info, &session->cipher,
- &session->gmac_cipher_info, &session->gmac_cipher))
- exit_bug(ctx, "composed-gmac: can't instanciate cipher");
-
+ session->cipher = fastd_cipher_get(ctx, session->ctx->cipher_info);
session->cipher_state = session->cipher->init(ctx, secret);
- if (session->cipher_info->iv_length && session->cipher_info->iv_length <= COMMON_NONCEBYTES)
- exit_bug(ctx, "composed-gmac: iv_length to small");
- session->gmac_cipher_state = session->gmac_cipher->init(ctx, secret + session->cipher_info->key_length);
- if (session->gmac_cipher_info->iv_length <= COMMON_NONCEBYTES)
- exit_bug(ctx, "composed-gmac: GMAC cipher iv_length to small");
+ session->gmac_cipher = fastd_cipher_get(ctx, session->ctx->gmac_cipher_info);
+ session->gmac_cipher_state = session->gmac_cipher->init(ctx, secret + session->ctx->cipher_info->key_length);
fastd_block128_t H;
- uint8_t zeroiv[session->gmac_cipher_info->iv_length];
- memset(zeroiv, 0, session->gmac_cipher_info->iv_length);
+ size_t gmac_iv_length = session->ctx->gmac_cipher_info->iv_length;
+ uint8_t zeroiv[gmac_iv_length];
+ memset(zeroiv, 0, gmac_iv_length);
if (!session->gmac_cipher->crypt(ctx, session->gmac_cipher_state, &H, &ZERO_BLOCK, sizeof(fastd_block128_t), zeroiv)) {
session->cipher->free(ctx, session->cipher_state);
@@ -152,10 +135,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
return NULL;
}
- session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_info);
- if (!session->ghash)
- exit_bug(ctx, "composed-gmac: can't instanciate ghash mac");
-
+ session->ghash = fastd_mac_get(ctx, session->ctx->ghash_info);
session->ghash_state = session->ghash->init(ctx, H.b);
return session;
@@ -209,19 +189,21 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
fastd_block128_t *outblocks = out->data;
fastd_block128_t sig;
- uint8_t gmac_nonce[session->gmac_cipher_info->iv_length];
- memset(gmac_nonce, 0, session->gmac_cipher_info->iv_length);
+ size_t gmac_iv_length = session->ctx->gmac_cipher_info->iv_length;
+ uint8_t gmac_nonce[gmac_iv_length];
+ memset(gmac_nonce, 0, gmac_iv_length);
memcpy(gmac_nonce, session->common.send_nonce, COMMON_NONCEBYTES);
- gmac_nonce[session->gmac_cipher_info->iv_length-1] = 1;
+ gmac_nonce[gmac_iv_length-1] = 1;
bool ok = session->gmac_cipher->crypt(ctx, session->gmac_cipher_state, outblocks, &ZERO_BLOCK, sizeof(fastd_block128_t), gmac_nonce);
if (ok) {
- uint8_t nonce[session->cipher_info->iv_length];
- if (session->cipher_info->iv_length) {
- memset(nonce, 0, session->cipher_info->iv_length);
+ size_t iv_length = session->ctx->cipher_info->iv_length;
+ uint8_t nonce[iv_length];
+ if (iv_length) {
+ memset(nonce, 0, iv_length);
memcpy(nonce, session->common.send_nonce, COMMON_NONCEBYTES);
- nonce[session->cipher_info->iv_length-1] = 1;
+ nonce[iv_length-1] = 1;
}
ok = session->cipher->crypt(ctx, session->cipher_state, outblocks+1, inblocks, n_blocks*sizeof(fastd_block128_t), nonce);
@@ -271,16 +253,18 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
if (!fastd_method_is_nonce_valid(ctx, &session->common, common_nonce, &age))
return false;
- uint8_t gmac_nonce[session->gmac_cipher_info->iv_length];
- memset(gmac_nonce, 0, session->gmac_cipher_info->iv_length);
+ size_t gmac_iv_length = session->ctx->gmac_cipher_info->iv_length;
+ uint8_t gmac_nonce[gmac_iv_length];
+ memset(gmac_nonce, 0, gmac_iv_length);
memcpy(gmac_nonce, common_nonce, COMMON_NONCEBYTES);
- gmac_nonce[session->gmac_cipher_info->iv_length-1] = 1;
+ gmac_nonce[gmac_iv_length-1] = 1;
- uint8_t nonce[session->cipher_info->iv_length];
- if (session->cipher_info->iv_length) {
- memset(nonce, 0, session->cipher_info->iv_length);
+ size_t iv_length = session->ctx->cipher_info->iv_length;
+ uint8_t nonce[iv_length];
+ if (iv_length) {
+ memset(nonce, 0, iv_length);
memcpy(nonce, common_nonce, COMMON_NONCEBYTES);
- nonce[session->cipher_info->iv_length-1] = 1;
+ nonce[iv_length-1] = 1;
}
fastd_buffer_push_head(ctx, &in, COMMON_HEADBYTES);
@@ -326,15 +310,17 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
}
const fastd_method_t fastd_method_composed_gmac = {
- .provides = method_provides,
-
.max_overhead = COMMON_HEADBYTES + sizeof(fastd_block128_t),
.min_encrypt_head_space = 0,
.min_decrypt_head_space = 0,
.min_encrypt_tail_space = sizeof(fastd_block128_t)-1,
.min_decrypt_tail_space = 2*sizeof(fastd_block128_t)-1,
+ .create_by_name = method_create_by_name,
+ .destroy = method_destroy,
+
.key_length = method_key_length,
+
.session_init = method_session_init,
.session_is_valid = method_session_is_valid,
.session_is_initiator = method_session_is_initiator,