summaryrefslogtreecommitdiffstats
path: root/src/methods
diff options
context:
space:
mode:
authorMatthias Schiffer <mschiffer@universe-factory.net>2013-11-25 23:18:11 +0100
committerMatthias Schiffer <mschiffer@universe-factory.net>2013-11-25 23:18:11 +0100
commitc62a0f592c49b41d393fae580ce9f1293ee7a16d (patch)
tree6d8ef6b7c93fdcaa0fd1bcd590dba531ef8b5140 /src/methods
parent60c2c11de820687887a643344fc1b0a91fd45226 (diff)
downloadfastd-c62a0f592c49b41d393fae580ce9f1293ee7a16d.tar
fastd-c62a0f592c49b41d393fae580ce9f1293ee7a16d.zip
Move crypto algorithm information out of implementation
Diffstat (limited to 'src/methods')
-rw-r--r--src/methods/cipher_test/cipher_test.c50
-rw-r--r--src/methods/composed_gmac/composed_gmac.c97
-rw-r--r--src/methods/generic_gcm/generic_gcm.c56
-rw-r--r--src/methods/generic_gmac/generic_gmac.c56
-rw-r--r--src/methods/generic_poly1305/generic_poly1305.c47
5 files changed, 192 insertions, 114 deletions
diff --git a/src/methods/cipher_test/cipher_test.c b/src/methods/cipher_test/cipher_test.c
index b9a7881..573e90a 100644
--- a/src/methods/cipher_test/cipher_test.c
+++ b/src/methods/cipher_test/cipher_test.c
@@ -31,13 +31,14 @@
struct fastd_method_session_state {
fastd_method_common_t common;
+ const fastd_cipher_info_t *cipher_info;
const fastd_cipher_t *cipher;
const fastd_cipher_context_t *cipher_ctx;
fastd_cipher_state_t *cipher_state;
};
-static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) {
+static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) {
size_t len = strlen(name);
if (len < 12)
@@ -50,27 +51,36 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe
memcpy(cipher_name, name, len-12);
cipher_name[len-12] = 0;
+ const fastd_cipher_info_t *cipher_info = NULL;
+
if (ctx) {
- *cipher = fastd_cipher_get_by_name(ctx, cipher_name, cctx);
- return *cipher;
+ *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &cipher_info, cctx);
+ if (!*cipher)
+ return false;
}
else {
- return fastd_cipher_available(cipher_name);
+ cipher_info = fastd_cipher_info_get_by_name(cipher_name);
+ if (!cipher_info)
+ return false;
}
+
+ if (info)
+ *info = cipher_info;
+
+ return true;
}
static bool method_provides(const char *name) {
- return cipher_get(NULL, name, NULL, NULL);
+ return cipher_get(NULL, name, NULL, NULL, NULL);
}
static size_t method_key_length(fastd_context_t *ctx, const char *name) {
- const fastd_cipher_t *cipher = NULL;
- const fastd_cipher_context_t *cctx;
- if (!cipher_get(ctx, name, &cipher, &cctx))
+ const fastd_cipher_info_t *info;
+ if (!cipher_get(NULL, name, &info, NULL, NULL))
exit_bug(ctx, "cipher-test: can't get cipher key length");
- return cipher->key_length;
+ return info->key_length;
}
static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name, const uint8_t *secret, bool initiator) {
@@ -78,7 +88,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
fastd_method_common_init(ctx, &session->common, initiator);
- if (!cipher_get(ctx, name, &session->cipher, &session->cipher_ctx))
+ if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher, &session->cipher_ctx))
exit_bug(ctx, "cipher-test: can't instanciate cipher");
session->cipher_state = session->cipher->init_state(ctx, session->cipher_ctx, secret);
@@ -118,11 +128,11 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
if (tail_len)
memset(in.data+in.len, 0, tail_len);
- uint8_t nonce[session->cipher->iv_length];
- if (session->cipher->iv_length) {
- memset(nonce, 0, session->cipher->iv_length);
- memcpy(nonce, session->common.send_nonce, min_size_t(COMMON_NONCEBYTES, session->cipher->iv_length));
- nonce[session->cipher->iv_length-1] = 1;
+ uint8_t nonce[session->cipher_info->iv_length];
+ if (session->cipher_info->iv_length) {
+ memset(nonce, 0, session->cipher_info->iv_length);
+ memcpy(nonce, session->common.send_nonce, min_size_t(COMMON_NONCEBYTES, session->cipher_info->iv_length));
+ nonce[session->cipher_info->iv_length-1] = 1;
}
int n_blocks = block_count(in.len, sizeof(fastd_block128_t));
@@ -161,11 +171,11 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
if (common_nonce[COMMON_NONCEBYTES]) /* flags */
return false;
- uint8_t nonce[session->cipher->iv_length];
- if (session->cipher->iv_length) {
- memset(nonce, 0, session->cipher->iv_length);
- memcpy(nonce, common_nonce, min_size_t(COMMON_NONCEBYTES, session->cipher->iv_length));
- nonce[session->cipher->iv_length-1] = 1;
+ uint8_t nonce[session->cipher_info->iv_length];
+ if (session->cipher_info->iv_length) {
+ memset(nonce, 0, session->cipher_info->iv_length);
+ memcpy(nonce, common_nonce, min_size_t(COMMON_NONCEBYTES, session->cipher_info->iv_length));
+ nonce[session->cipher_info->iv_length-1] = 1;
}
int64_t age;
diff --git a/src/methods/composed_gmac/composed_gmac.c b/src/methods/composed_gmac/composed_gmac.c
index eae27db..75533d2 100644
--- a/src/methods/composed_gmac/composed_gmac.c
+++ b/src/methods/composed_gmac/composed_gmac.c
@@ -33,22 +33,27 @@ static const fastd_block128_t ZERO_BLOCK = {};
struct fastd_method_session_state {
fastd_method_common_t common;
+ const fastd_cipher_info_t *cipher_info;
const fastd_cipher_t *cipher;
const fastd_cipher_context_t *cipher_ctx;
fastd_cipher_state_t *cipher_state;
+ const fastd_cipher_info_t *gmac_cipher_info;
const fastd_cipher_t *gmac_cipher;
const fastd_cipher_context_t *gmac_cipher_ctx;
fastd_cipher_state_t *gmac_cipher_state;
+ const fastd_mac_info_t *ghash_info;
const fastd_mac_t *ghash;
const fastd_mac_context_t *ghash_ctx;
fastd_mac_state_t *ghash_state;
};
-static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx, const fastd_cipher_t **gmac_cipher, const fastd_cipher_context_t **gmac_cctx) {
- if (!fastd_mac_available("ghash"))
+static bool cipher_get(fastd_context_t *ctx, const char *name,
+ const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx,
+ const fastd_cipher_info_t **gmac_cipher_info, const fastd_cipher_t **gmac_cipher, const fastd_cipher_context_t **gmac_cctx) {
+ if (!fastd_mac_info_get_by_name("ghash"))
return false;
size_t len = strlen(name);
@@ -71,32 +76,52 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe
*gmac_cipher_name = 0;
gmac_cipher_name++;
+ const fastd_cipher_info_t *info = NULL;
+ const fastd_cipher_info_t *gmac_info = NULL;
+
if (ctx) {
- *cipher = fastd_cipher_get_by_name(ctx, cipher_name, cctx);
- *gmac_cipher = fastd_cipher_get_by_name(ctx, gmac_cipher_name, gmac_cctx);
- return *cipher && *gmac_cipher;
+ *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &info, cctx);
+ *gmac_cipher = fastd_cipher_get_by_name(ctx, gmac_cipher_name, &gmac_info, gmac_cctx);
+ if (!(*cipher && *gmac_cipher))
+ return false;
}
else {
- return fastd_cipher_available(cipher_name) && fastd_cipher_available(gmac_cipher_name);
+ info = fastd_cipher_info_get_by_name(cipher_name);
+ gmac_info = fastd_cipher_info_get_by_name(gmac_cipher_name);
+ if (!(info && gmac_info))
+ return false;
}
+
+ if (cipher_info)
+ *cipher_info = info;
+
+ if (gmac_cipher_info)
+ *gmac_cipher_info = gmac_info;
+
+ return true;
}
static bool method_provides(const char *name) {
- return cipher_get(NULL, name, NULL, NULL, NULL, NULL);
+ const fastd_cipher_info_t *gmac_cipher_info;
+
+ if (!cipher_get(NULL, name, NULL, NULL, NULL, &gmac_cipher_info, NULL, NULL))
+ return false;
+
+ if (gmac_cipher_info->iv_length <= COMMON_NONCEBYTES)
+ return false;
+
+ return true;
}
static size_t method_key_length(fastd_context_t *ctx, const char *name) {
- const fastd_cipher_t *cipher = NULL;
- const fastd_cipher_context_t *cctx;
-
- const fastd_cipher_t *gmac_cipher = NULL;
- const fastd_cipher_context_t *gmac_cctx;
+ const fastd_cipher_info_t *cipher_info;
+ const fastd_cipher_info_t *gmac_cipher_info;
- if (!cipher_get(ctx, name, &cipher, &cctx, &gmac_cipher, &gmac_cctx))
+ if (!cipher_get(NULL, name, &cipher_info, NULL, NULL, &gmac_cipher_info, NULL, NULL))
exit_bug(ctx, "composed-gmac: can't get cipher key length");
- return cipher->key_length + gmac_cipher->key_length;
+ return cipher_info->key_length + gmac_cipher_info->key_length;
}
static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name, const uint8_t *secret, bool initiator) {
@@ -104,25 +129,27 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
fastd_method_common_init(ctx, &session->common, initiator);
- if (!cipher_get(ctx, name, &session->cipher, &session->cipher_ctx, &session->gmac_cipher, &session->gmac_cipher_ctx))
+ if (!cipher_get(ctx, name,
+ &session->cipher_info, &session->cipher, &session->cipher_ctx,
+ &session->gmac_cipher_info, &session->gmac_cipher, &session->gmac_cipher_ctx))
exit_bug(ctx, "composed-gmac: can't instanciate cipher");
session->cipher_state = session->cipher->init_state(ctx, session->cipher_ctx, secret);
- if (session->cipher->iv_length && session->cipher->iv_length <= COMMON_NONCEBYTES)
+ if (session->cipher_info->iv_length && session->cipher_info->iv_length <= COMMON_NONCEBYTES)
exit_bug(ctx, "composed-gmac: iv_length to small");
- session->gmac_cipher_state = session->gmac_cipher->init_state(ctx, session->gmac_cipher_ctx, secret + session->cipher->key_length);
- if (session->gmac_cipher->iv_length <= COMMON_NONCEBYTES)
+ session->gmac_cipher_state = session->gmac_cipher->init_state(ctx, session->gmac_cipher_ctx, secret + session->cipher_info->key_length);
+ if (session->gmac_cipher_info->iv_length <= COMMON_NONCEBYTES)
exit_bug(ctx, "composed-gmac: GMAC cipher iv_length to small");
fastd_block128_t H;
- uint8_t zeroiv[session->gmac_cipher->iv_length];
- memset(zeroiv, 0, session->gmac_cipher->iv_length);
+ uint8_t zeroiv[session->gmac_cipher_info->iv_length];
+ memset(zeroiv, 0, session->gmac_cipher_info->iv_length);
session->gmac_cipher->crypt(ctx, session->gmac_cipher_state, &H, &ZERO_BLOCK, sizeof(fastd_block128_t), zeroiv);
- session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_ctx);
+ session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_info, &session->ghash_ctx);
if (!session->ghash)
exit_bug(ctx, "composed-gmac: can't instanciate ghash mac");
@@ -179,19 +206,19 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
fastd_block128_t *outblocks = out->data;
fastd_block128_t sig;
- uint8_t gmac_nonce[session->gmac_cipher->iv_length];
- memset(gmac_nonce, 0, session->gmac_cipher->iv_length);
+ uint8_t gmac_nonce[session->gmac_cipher_info->iv_length];
+ memset(gmac_nonce, 0, session->gmac_cipher_info->iv_length);
memcpy(gmac_nonce, session->common.send_nonce, COMMON_NONCEBYTES);
- gmac_nonce[session->gmac_cipher->iv_length-1] = 1;
+ gmac_nonce[session->gmac_cipher_info->iv_length-1] = 1;
bool ok = session->gmac_cipher->crypt(ctx, session->gmac_cipher_state, outblocks, &ZERO_BLOCK, sizeof(fastd_block128_t), gmac_nonce);
if (ok) {
- uint8_t nonce[session->cipher->iv_length];
- if (session->cipher->iv_length) {
- memset(nonce, 0, session->cipher->iv_length);
+ uint8_t nonce[session->cipher_info->iv_length];
+ if (session->cipher_info->iv_length) {
+ memset(nonce, 0, session->cipher_info->iv_length);
memcpy(nonce, session->common.send_nonce, COMMON_NONCEBYTES);
- nonce[session->cipher->iv_length-1] = 1;
+ nonce[session->cipher_info->iv_length-1] = 1;
}
ok = session->cipher->crypt(ctx, session->cipher_state, outblocks+1, inblocks, n_blocks*sizeof(fastd_block128_t), nonce);
@@ -241,16 +268,16 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
if (!fastd_method_is_nonce_valid(ctx, &session->common, common_nonce, &age))
return false;
- uint8_t gmac_nonce[session->gmac_cipher->iv_length];
- memset(gmac_nonce, 0, session->gmac_cipher->iv_length);
+ uint8_t gmac_nonce[session->gmac_cipher_info->iv_length];
+ memset(gmac_nonce, 0, session->gmac_cipher_info->iv_length);
memcpy(gmac_nonce, common_nonce, COMMON_NONCEBYTES);
- gmac_nonce[session->gmac_cipher->iv_length-1] = 1;
+ gmac_nonce[session->gmac_cipher_info->iv_length-1] = 1;
- uint8_t nonce[session->cipher->iv_length];
- if (session->cipher->iv_length) {
- memset(nonce, 0, session->cipher->iv_length);
+ uint8_t nonce[session->cipher_info->iv_length];
+ if (session->cipher_info->iv_length) {
+ memset(nonce, 0, session->cipher_info->iv_length);
memcpy(nonce, common_nonce, COMMON_NONCEBYTES);
- nonce[session->cipher->iv_length-1] = 1;
+ nonce[session->cipher_info->iv_length-1] = 1;
}
fastd_buffer_push_head(ctx, &in, COMMON_HEADBYTES);
diff --git a/src/methods/generic_gcm/generic_gcm.c b/src/methods/generic_gcm/generic_gcm.c
index 5d3f6c4..a92ad1e 100644
--- a/src/methods/generic_gcm/generic_gcm.c
+++ b/src/methods/generic_gcm/generic_gcm.c
@@ -31,18 +31,20 @@
struct fastd_method_session_state {
fastd_method_common_t common;
+ const fastd_cipher_info_t *cipher_info;
const fastd_cipher_t *cipher;
const fastd_cipher_context_t *cipher_ctx;
fastd_cipher_state_t *cipher_state;
+ const fastd_mac_info_t *ghash_info;
const fastd_mac_t *ghash;
const fastd_mac_context_t *ghash_ctx;
fastd_mac_state_t *ghash_state;
};
-static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) {
- if (!fastd_mac_available("ghash"))
+static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) {
+ if (!fastd_mac_info_get_by_name("ghash"))
return false;
size_t len = strlen(name);
@@ -57,27 +59,39 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe
memcpy(name_ctr, name, len-3);
strncpy(name_ctr+len-3, "ctr", 4);
+ const fastd_cipher_info_t *info = NULL;
+
if (ctx) {
- *cipher = fastd_cipher_get_by_name(ctx, name_ctr, cctx);
- return *cipher;
+ *cipher = fastd_cipher_get_by_name(ctx, name_ctr, &info, cctx);
+ if (!*cipher)
+ return false;
}
else {
- return fastd_cipher_available(name_ctr);
+ info = fastd_cipher_info_get_by_name(name_ctr);
+ if (!info)
+ return false;
}
+
+ if (info->iv_length <= COMMON_NONCEBYTES)
+ return false;
+
+ if (cipher_info)
+ *cipher_info = info;
+
+ return true;
}
static bool method_provides(const char *name) {
- return cipher_get(NULL, name, NULL, NULL);
+ return cipher_get(NULL, name, NULL, NULL, NULL);
}
static size_t method_key_length(fastd_context_t *ctx, const char *name) {
- const fastd_cipher_t *cipher = NULL;
- const fastd_cipher_context_t *cctx;
- if (!cipher_get(ctx, name, &cipher, &cctx))
+ const fastd_cipher_info_t *cipher_info;
+ if (!cipher_get(NULL, name, &cipher_info, NULL, NULL))
exit_bug(ctx, "generic-gcm: can't get cipher key length");
- return cipher->key_length;
+ return cipher_info->key_length;
}
static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name, const uint8_t *secret, bool initiator) {
@@ -85,7 +99,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
fastd_method_common_init(ctx, &session->common, initiator);
- if (!cipher_get(ctx, name, &session->cipher, &session->cipher_ctx))
+ if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher, &session->cipher_ctx))
exit_bug(ctx, "generic-gcm: can't instanciate cipher");
session->cipher_state = session->cipher->init_state(ctx, session->cipher_ctx, secret);
@@ -93,15 +107,15 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
static const fastd_block128_t zeroblock = {};
fastd_block128_t H;
- if (session->cipher->iv_length <= COMMON_NONCEBYTES)
+ if (session->cipher_info->iv_length <= COMMON_NONCEBYTES)
exit_bug(ctx, "generic-gcm: iv_length to small");
- uint8_t zeroiv[session->cipher->iv_length];
- memset(zeroiv, 0, session->cipher->iv_length);
+ uint8_t zeroiv[session->cipher_info->iv_length];
+ memset(zeroiv, 0, session->cipher_info->iv_length);
session->cipher->crypt(ctx, session->cipher_state, &H, &zeroblock, sizeof(fastd_block128_t), zeroiv);
- session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_ctx);
+ session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_info, &session->ghash_ctx);
if (!session->ghash)
exit_bug(ctx, "generic-gcm: can't instanciate ghash mac");
@@ -161,10 +175,10 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
if (tail_len)
memset(in.data+in.len, 0, tail_len);
- uint8_t nonce[session->cipher->iv_length];
- memset(nonce, 0, session->cipher->iv_length);
+ uint8_t nonce[session->cipher_info->iv_length];
+ memset(nonce, 0, session->cipher_info->iv_length);
memcpy(nonce, session->common.send_nonce, COMMON_NONCEBYTES);
- nonce[session->cipher->iv_length-1] = 1;
+ nonce[session->cipher_info->iv_length-1] = 1;
int n_blocks = block_count(in.len, sizeof(fastd_block128_t));
@@ -214,10 +228,10 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
if (((const uint8_t*)in.data)[COMMON_NONCEBYTES]) /* flags */
return false;
- uint8_t nonce[session->cipher->iv_length];
- memset(nonce, 0, session->cipher->iv_length);
+ uint8_t nonce[session->cipher_info->iv_length];
+ memset(nonce, 0, session->cipher_info->iv_length);
memcpy(nonce, in.data, COMMON_NONCEBYTES);
- nonce[session->cipher->iv_length-1] = 1;
+ nonce[session->cipher_info->iv_length-1] = 1;
int64_t age;
if (!fastd_method_is_nonce_valid(ctx, &session->common, nonce, &age))
diff --git a/src/methods/generic_gmac/generic_gmac.c b/src/methods/generic_gmac/generic_gmac.c
index 03377c5..86c02f7 100644
--- a/src/methods/generic_gmac/generic_gmac.c
+++ b/src/methods/generic_gmac/generic_gmac.c
@@ -31,18 +31,20 @@
struct fastd_method_session_state {
fastd_method_common_t common;
+ const fastd_cipher_info_t *cipher_info;
const fastd_cipher_t *cipher;
const fastd_cipher_context_t *cipher_ctx;
fastd_cipher_state_t *cipher_state;
+ const fastd_mac_info_t *ghash_info;
const fastd_mac_t *ghash;
const fastd_mac_context_t *ghash_ctx;
fastd_mac_state_t *ghash_state;
};
-static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) {
- if (!fastd_mac_available("ghash"))
+static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) {
+ if (!fastd_mac_info_get_by_name("ghash"))
return false;
size_t len = strlen(name);
@@ -60,27 +62,39 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe
memcpy(cipher_name, name, len-5);
cipher_name[len-5] = 0;
+ const fastd_cipher_info_t *info = NULL;
+
if (ctx) {
- *cipher = fastd_cipher_get_by_name(ctx, cipher_name, cctx);
- return *cipher;
+ *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &info, cctx);
+ if (!*cipher)
+ return false;
}
else {
- return fastd_cipher_available(cipher_name);
+ info = fastd_cipher_info_get_by_name(cipher_name);
+ if (!info)
+ return false;
}
+
+ if (info->iv_length <= COMMON_NONCEBYTES)
+ return false;
+
+ if (cipher_info)
+ *cipher_info = info;
+
+ return true;
}
static bool method_provides(const char *name) {
- return cipher_get(NULL, name, NULL, NULL);
+ return cipher_get(NULL, name, NULL, NULL, NULL);
}
static size_t method_key_length(fastd_context_t *ctx, const char *name) {
- const fastd_cipher_t *cipher = NULL;
- const fastd_cipher_context_t *cctx;
- if (!cipher_get(ctx, name, &cipher, &cctx))
+ const fastd_cipher_info_t *cipher_info;
+ if (!cipher_get(NULL, name, &cipher_info, NULL, NULL))
exit_bug(ctx, "generic-gmac: can't get cipher key length");
- return cipher->key_length;
+ return cipher_info->key_length;
}
static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name, const uint8_t *secret, bool initiator) {
@@ -88,7 +102,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
fastd_method_common_init(ctx, &session->common, initiator);
- if (!cipher_get(ctx, name, &session->cipher, &session->cipher_ctx))
+ if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher, &session->cipher_ctx))
exit_bug(ctx, "generic-gmac: can't instanciate cipher");
session->cipher_state = session->cipher->init_state(ctx, session->cipher_ctx, secret);
@@ -96,15 +110,15 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
static const fastd_block128_t zeroblock = {};
fastd_block128_t H;
- if (session->cipher->iv_length <= COMMON_NONCEBYTES)
+ if (session->cipher_info->iv_length <= COMMON_NONCEBYTES)
exit_bug(ctx, "generic-gmac: iv_length to small");
- uint8_t zeroiv[session->cipher->iv_length];
- memset(zeroiv, 0, session->cipher->iv_length);
+ uint8_t zeroiv[session->cipher_info->iv_length];
+ memset(zeroiv, 0, session->cipher_info->iv_length);
session->cipher->crypt(ctx, session->cipher_state, &H, &zeroblock, sizeof(fastd_block128_t), zeroiv);
- session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_ctx);
+ session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_info, &session->ghash_ctx);
if (!session->ghash)
exit_bug(ctx, "generic-gmac: can't instanciate ghash mac");
@@ -164,10 +178,10 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
if (tail_len)
memset(in.data+in.len, 0, tail_len);
- uint8_t nonce[session->cipher->iv_length];
- memset(nonce, 0, session->cipher->iv_length);
+ uint8_t nonce[session->cipher_info->iv_length];
+ memset(nonce, 0, session->cipher_info->iv_length);
memcpy(nonce, session->common.send_nonce, COMMON_NONCEBYTES);
- nonce[session->cipher->iv_length-1] = 1;
+ nonce[session->cipher_info->iv_length-1] = 1;
int n_blocks = block_count(in.len, sizeof(fastd_block128_t));
@@ -217,10 +231,10 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
if (((const uint8_t*)in.data)[COMMON_NONCEBYTES]) /* flags */
return false;
- uint8_t nonce[session->cipher->iv_length];
- memset(nonce, 0, session->cipher->iv_length);
+ uint8_t nonce[session->cipher_info->iv_length];
+ memset(nonce, 0, session->cipher_info->iv_length);
memcpy(nonce, in.data, COMMON_NONCEBYTES);
- nonce[session->cipher->iv_length-1] = 1;
+ nonce[session->cipher_info->iv_length-1] = 1;
int64_t age;
if (!fastd_method_is_nonce_valid(ctx, &session->common, nonce, &age))
diff --git a/src/methods/generic_poly1305/generic_poly1305.c b/src/methods/generic_poly1305/generic_poly1305.c
index 84f9f9a..3820907 100644
--- a/src/methods/generic_poly1305/generic_poly1305.c
+++ b/src/methods/generic_poly1305/generic_poly1305.c
@@ -36,13 +36,14 @@
struct fastd_method_session_state {
fastd_method_common_t common;
+ const fastd_cipher_info_t *cipher_info;
const fastd_cipher_t *cipher;
const fastd_cipher_context_t *cipher_ctx;
fastd_cipher_state_t *cipher_state;
};
-static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) {
+static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) {
size_t len = strlen(name);
if (len < 9)
@@ -55,27 +56,39 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe
memcpy(cipher_name, name, len-9);
cipher_name[len-9] = 0;
+ const fastd_cipher_info_t *info = NULL;
+
if (ctx) {
- *cipher = fastd_cipher_get_by_name(ctx, cipher_name, cctx);
- return *cipher;
+ *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &info, cctx);
+ if (!*cipher)
+ return false;
}
else {
- return fastd_cipher_available(cipher_name);
+ info = fastd_cipher_info_get_by_name(cipher_name);
+ if (!info)
+ return false;
}
+
+ if (info->iv_length <= COMMON_NONCEBYTES)
+ return false;
+
+ if (cipher_info)
+ *cipher_info = info;
+
+ return true;
}
static bool method_provides(const char *name) {
- return cipher_get(NULL, name, NULL, NULL);
+ return cipher_get(NULL, name, NULL, NULL, NULL);
}
static size_t method_key_length(fastd_context_t *ctx, const char *name) {
- const fastd_cipher_t *cipher = NULL;
- const fastd_cipher_context_t *cctx;
- if (!cipher_get(ctx, name, &cipher, &cctx))
+ const fastd_cipher_info_t *cipher_info;
+ if (!cipher_get(NULL, name, &cipher_info, NULL, NULL))
exit_bug(ctx, "generic-poly1305: can't get cipher key length");
- return cipher->key_length;
+ return cipher_info->key_length;
}
static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name, const uint8_t *secret, bool initiator) {
@@ -83,12 +96,12 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
fastd_method_common_init(ctx, &session->common, initiator);
- if (!cipher_get(ctx, name, &session->cipher, &session->cipher_ctx))
+ if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher, &session->cipher_ctx))
exit_bug(ctx, "generic-poly1305: can't instanciate cipher");
session->cipher_state = session->cipher->init_state(ctx, session->cipher_ctx, secret);
- if (session->cipher->iv_length <= COMMON_NONCEBYTES)
+ if (session->cipher_info->iv_length <= COMMON_NONCEBYTES)
exit_bug(ctx, "generic-poly1305: iv_length to small");
return session;
@@ -127,10 +140,10 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
if (tail_len)
memset(in.data+in.len, 0, tail_len);
- uint8_t nonce[session->cipher->iv_length];
- memset(nonce, 0, session->cipher->iv_length);
+ uint8_t nonce[session->cipher_info->iv_length];
+ memset(nonce, 0, session->cipher_info->iv_length);
memcpy(nonce, session->common.send_nonce, COMMON_NONCEBYTES);
- nonce[session->cipher->iv_length-1] = 1;
+ nonce[session->cipher_info->iv_length-1] = 1;
int n_blocks = block_count(in.len, sizeof(fastd_block128_t));
@@ -174,10 +187,10 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
if (((const uint8_t*)in.data)[COMMON_NONCEBYTES]) /* flags */
return false;
- uint8_t nonce[session->cipher->iv_length];
- memset(nonce, 0, session->cipher->iv_length);
+ uint8_t nonce[session->cipher_info->iv_length];
+ memset(nonce, 0, session->cipher_info->iv_length);
memcpy(nonce, in.data, COMMON_NONCEBYTES);
- nonce[session->cipher->iv_length-1] = 1;
+ nonce[session->cipher_info->iv_length-1] = 1;
int64_t age;
if (!fastd_method_is_nonce_valid(ctx, &session->common, nonce, &age))