diff options
author | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-11-29 22:15:58 +0100 |
---|---|---|
committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-11-29 22:15:58 +0100 |
commit | d0707b161d10cf79242d40b24853988c89c7604a (patch) | |
tree | 2d7ebb6082708f49c17ec6385f6019b83be0dda6 /src/methods | |
parent | 27c14deaedc8f914e82388e41e61e8adbfd13f35 (diff) | |
download | fastd-d0707b161d10cf79242d40b24853988c89c7604a.tar fastd-d0707b161d10cf79242d40b24853988c89c7604a.zip |
crypto: separate cipher/MAC availability check from information request
Diffstat (limited to 'src/methods')
-rw-r--r-- | src/methods/cipher_test/cipher_test.c | 28 | ||||
-rw-r--r-- | src/methods/composed_gmac/composed_gmac.c | 36 | ||||
-rw-r--r-- | src/methods/generic_gcm/generic_gcm.c | 39 | ||||
-rw-r--r-- | src/methods/generic_gmac/generic_gmac.c | 40 | ||||
-rw-r--r-- | src/methods/generic_poly1305/generic_poly1305.c | 33 |
5 files changed, 76 insertions, 100 deletions
diff --git a/src/methods/cipher_test/cipher_test.c b/src/methods/cipher_test/cipher_test.c index 573e90a..32512b3 100644 --- a/src/methods/cipher_test/cipher_test.c +++ b/src/methods/cipher_test/cipher_test.c @@ -38,7 +38,7 @@ struct fastd_method_session_state { }; -static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) { +static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx, bool check) { size_t len = strlen(name); if (len < 12) @@ -51,33 +51,25 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe memcpy(cipher_name, name, len-12); cipher_name[len-12] = 0; - const fastd_cipher_info_t *cipher_info = NULL; - - if (ctx) { - *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &cipher_info, cctx); - if (!*cipher) - return false; - } - else { - cipher_info = fastd_cipher_info_get_by_name(cipher_name); - if (!cipher_info) - return false; - } + if (check && !fastd_cipher_is_available(cipher_name)) + return false; - if (info) - *info = cipher_info; + if (ctx) + *cipher = fastd_cipher_get_by_name(ctx, cipher_name, cipher_info, cctx); + else if (cipher_info) + *cipher_info = fastd_cipher_info_get_by_name(cipher_name); return true; } static bool method_provides(const char *name) { - return cipher_get(NULL, name, NULL, NULL, NULL); + return cipher_get(NULL, name, NULL, NULL, NULL, true); } static size_t method_key_length(fastd_context_t *ctx, const char *name) { const fastd_cipher_info_t *info; - if (!cipher_get(NULL, name, &info, NULL, NULL)) + if (!cipher_get(NULL, name, &info, NULL, NULL, false)) exit_bug(ctx, "cipher-test: can't get cipher key length"); return info->key_length; @@ -88,7 +80,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c fastd_method_common_init(ctx, &session->common, initiator); - if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher, &session->cipher_ctx)) + if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher, &session->cipher_ctx, false)) exit_bug(ctx, "cipher-test: can't instanciate cipher"); session->cipher_state = session->cipher->init_state(ctx, session->cipher_ctx, secret); diff --git a/src/methods/composed_gmac/composed_gmac.c b/src/methods/composed_gmac/composed_gmac.c index b8ee2f6..870b82b 100644 --- a/src/methods/composed_gmac/composed_gmac.c +++ b/src/methods/composed_gmac/composed_gmac.c @@ -52,8 +52,9 @@ struct fastd_method_session_state { static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx, - const fastd_cipher_info_t **gmac_cipher_info, const fastd_cipher_t **gmac_cipher, const fastd_cipher_context_t **gmac_cctx) { - if (!fastd_mac_info_get_by_name("ghash")) + const fastd_cipher_info_t **gmac_cipher_info, const fastd_cipher_t **gmac_cipher, const fastd_cipher_context_t **gmac_cctx, + bool check) { + if (check && !fastd_mac_is_available("ghash")) return false; size_t len = strlen(name); @@ -76,28 +77,20 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, *gmac_cipher_name = 0; gmac_cipher_name++; - const fastd_cipher_info_t *info = NULL; - const fastd_cipher_info_t *gmac_info = NULL; + if (check && (!fastd_cipher_is_available(cipher_name) || !fastd_cipher_is_available(gmac_cipher_name))) + return false; if (ctx) { - *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &info, cctx); - *gmac_cipher = fastd_cipher_get_by_name(ctx, gmac_cipher_name, &gmac_info, gmac_cctx); - if (!(*cipher && *gmac_cipher)) - return false; + *cipher = fastd_cipher_get_by_name(ctx, cipher_name, cipher_info, cctx); + *gmac_cipher = fastd_cipher_get_by_name(ctx, gmac_cipher_name, gmac_cipher_info, gmac_cctx); } else { - info = fastd_cipher_info_get_by_name(cipher_name); - gmac_info = fastd_cipher_info_get_by_name(gmac_cipher_name); - if (!(info && gmac_info)) - return false; + if (cipher_info) + *cipher_info = fastd_cipher_info_get_by_name(cipher_name); + if (gmac_cipher_info) + *gmac_cipher_info = fastd_cipher_info_get_by_name(gmac_cipher_name); } - if (cipher_info) - *cipher_info = info; - - if (gmac_cipher_info) - *gmac_cipher_info = gmac_info; - return true; } @@ -105,7 +98,7 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, static bool method_provides(const char *name) { const fastd_cipher_info_t *gmac_cipher_info; - if (!cipher_get(NULL, name, NULL, NULL, NULL, &gmac_cipher_info, NULL, NULL)) + if (!cipher_get(NULL, name, NULL, NULL, NULL, &gmac_cipher_info, NULL, NULL, true)) return false; if (gmac_cipher_info->iv_length <= COMMON_NONCEBYTES) @@ -118,7 +111,7 @@ static size_t method_key_length(fastd_context_t *ctx, const char *name) { const fastd_cipher_info_t *cipher_info; const fastd_cipher_info_t *gmac_cipher_info; - if (!cipher_get(NULL, name, &cipher_info, NULL, NULL, &gmac_cipher_info, NULL, NULL)) + if (!cipher_get(NULL, name, &cipher_info, NULL, NULL, &gmac_cipher_info, NULL, NULL, false)) exit_bug(ctx, "composed-gmac: can't get cipher key length"); return cipher_info->key_length + gmac_cipher_info->key_length; @@ -131,7 +124,8 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher, &session->cipher_ctx, - &session->gmac_cipher_info, &session->gmac_cipher, &session->gmac_cipher_ctx)) + &session->gmac_cipher_info, &session->gmac_cipher, &session->gmac_cipher_ctx, + false)) exit_bug(ctx, "composed-gmac: can't instanciate cipher"); session->cipher_state = session->cipher->init_state(ctx, session->cipher_ctx, secret); diff --git a/src/methods/generic_gcm/generic_gcm.c b/src/methods/generic_gcm/generic_gcm.c index 9481100..2a7987c 100644 --- a/src/methods/generic_gcm/generic_gcm.c +++ b/src/methods/generic_gcm/generic_gcm.c @@ -43,8 +43,8 @@ struct fastd_method_session_state { }; -static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) { - if (!fastd_mac_info_get_by_name("ghash")) +static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx, bool check) { + if (check && !fastd_mac_is_available("ghash")) return false; size_t len = strlen(name); @@ -59,36 +59,33 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe memcpy(name_ctr, name, len-3); strncpy(name_ctr+len-3, "ctr", 4); - const fastd_cipher_info_t *info = NULL; - - if (ctx) { - *cipher = fastd_cipher_get_by_name(ctx, name_ctr, &info, cctx); - if (!*cipher) - return false; - } - else { - info = fastd_cipher_info_get_by_name(name_ctr); - if (!info) - return false; - } - - if (info->iv_length <= COMMON_NONCEBYTES) + if (check && !fastd_cipher_is_available(name_ctr)) return false; - if (cipher_info) - *cipher_info = info; + if (ctx) + *cipher = fastd_cipher_get_by_name(ctx, name_ctr, cipher_info, cctx); + else if (cipher_info) + *cipher_info = fastd_cipher_info_get_by_name(name_ctr); return true; } static bool method_provides(const char *name) { - return cipher_get(NULL, name, NULL, NULL, NULL); + const fastd_cipher_info_t *cipher_info; + + if (!cipher_get(NULL, name, &cipher_info, NULL, NULL, true)) + return false; + + if (cipher_info->iv_length <= COMMON_NONCEBYTES) + return false; + + return true; } static size_t method_key_length(fastd_context_t *ctx, const char *name) { const fastd_cipher_info_t *cipher_info; - if (!cipher_get(NULL, name, &cipher_info, NULL, NULL)) + if (!cipher_get(NULL, name, &cipher_info, NULL, NULL, false)) exit_bug(ctx, "generic-gcm: can't get cipher key length"); return cipher_info->key_length; @@ -99,7 +96,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c fastd_method_common_init(ctx, &session->common, initiator); - if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher, &session->cipher_ctx)) + if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher, &session->cipher_ctx, false)) exit_bug(ctx, "generic-gcm: can't instanciate cipher"); session->cipher_state = session->cipher->init_state(ctx, session->cipher_ctx, secret); diff --git a/src/methods/generic_gmac/generic_gmac.c b/src/methods/generic_gmac/generic_gmac.c index 5501076..50f4f57 100644 --- a/src/methods/generic_gmac/generic_gmac.c +++ b/src/methods/generic_gmac/generic_gmac.c @@ -43,8 +43,8 @@ struct fastd_method_session_state { }; -static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) { - if (!fastd_mac_info_get_by_name("ghash")) +static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx, bool check) { + if (check && !fastd_mac_is_available("ghash")) return false; size_t len = strlen(name); @@ -62,36 +62,32 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe memcpy(cipher_name, name, len-5); cipher_name[len-5] = 0; - const fastd_cipher_info_t *info = NULL; - - if (ctx) { - *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &info, cctx); - if (!*cipher) - return false; - } - else { - info = fastd_cipher_info_get_by_name(cipher_name); - if (!info) - return false; - } - - if (info->iv_length <= COMMON_NONCEBYTES) + if (check && !fastd_cipher_is_available(cipher_name)) return false; - if (cipher_info) - *cipher_info = info; + if (ctx) + *cipher = fastd_cipher_get_by_name(ctx, cipher_name, cipher_info, cctx); + else if (cipher_info) + *cipher_info = fastd_cipher_info_get_by_name(cipher_name); return true; } - static bool method_provides(const char *name) { - return cipher_get(NULL, name, NULL, NULL, NULL); + const fastd_cipher_info_t *cipher_info; + + if (!cipher_get(NULL, name, &cipher_info, NULL, NULL, true)) + return false; + + if (cipher_info->iv_length <= COMMON_NONCEBYTES) + return false; + + return true; } static size_t method_key_length(fastd_context_t *ctx, const char *name) { const fastd_cipher_info_t *cipher_info; - if (!cipher_get(NULL, name, &cipher_info, NULL, NULL)) + if (!cipher_get(NULL, name, &cipher_info, NULL, NULL, false)) exit_bug(ctx, "generic-gmac: can't get cipher key length"); return cipher_info->key_length + sizeof(fastd_block128_t); @@ -102,7 +98,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c fastd_method_common_init(ctx, &session->common, initiator); - if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher, &session->cipher_ctx)) + if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher, &session->cipher_ctx, false)) exit_bug(ctx, "generic-gmac: can't instanciate cipher"); session->cipher_state = session->cipher->init_state(ctx, session->cipher_ctx, secret); diff --git a/src/methods/generic_poly1305/generic_poly1305.c b/src/methods/generic_poly1305/generic_poly1305.c index 3820907..80ced8c 100644 --- a/src/methods/generic_poly1305/generic_poly1305.c +++ b/src/methods/generic_poly1305/generic_poly1305.c @@ -43,7 +43,7 @@ struct fastd_method_session_state { }; -static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) { +static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx, bool check) { size_t len = strlen(name); if (len < 9) @@ -56,31 +56,28 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe memcpy(cipher_name, name, len-9); cipher_name[len-9] = 0; - const fastd_cipher_info_t *info = NULL; - - if (ctx) { - *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &info, cctx); - if (!*cipher) - return false; - } - else { - info = fastd_cipher_info_get_by_name(cipher_name); - if (!info) - return false; - } - - if (info->iv_length <= COMMON_NONCEBYTES) + if (check && !fastd_cipher_is_available(cipher_name)) return false; - if (cipher_info) - *cipher_info = info; + if (ctx) + *cipher = fastd_cipher_get_by_name(ctx, cipher_name, cipher_info, cctx); + else if (cipher_info) + *cipher_info = fastd_cipher_info_get_by_name(cipher_name); return true; } static bool method_provides(const char *name) { - return cipher_get(NULL, name, NULL, NULL, NULL); + const fastd_cipher_info_t *cipher_info; + + if (!cipher_get(NULL, name, &cipher_info, NULL, NULL, true)) + return false; + + if (cipher_info->iv_length <= COMMON_NONCEBYTES) + return false; + + return true; } static size_t method_key_length(fastd_context_t *ctx, const char *name) { |