summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorMatthias Schiffer <mschiffer@universe-factory.net>2013-11-05 16:29:57 +0100
committerMatthias Schiffer <mschiffer@universe-factory.net>2013-11-05 16:29:57 +0100
commitcb42b5b1fa81969e6d4056e0220374e8ded09651 (patch)
tree72b85d9cc8a551149467f770ec1752f540e3d3eb /src
parent4f9b5d66bc6b198dcf6e119fa05e891fce4e355f (diff)
downloadfastd-cb42b5b1fa81969e6d4056e0220374e8ded09651.tar
fastd-cb42b5b1fa81969e6d4056e0220374e8ded09651.zip
Generalize cipher/MAC key/IV lengths
Diffstat (limited to 'src')
-rw-r--r--src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c16
-rw-r--r--src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c14
-rw-r--r--src/crypto/cipher/ciphers.c.in2
-rw-r--r--src/crypto/mac/ghash/builtin/ghash_builtin.c7
-rw-r--r--src/crypto/mac/macs.c.in2
-rw-r--r--src/fastd.h15
-rw-r--r--src/methods/generic_gcm/generic_gcm.c53
-rw-r--r--src/methods/null/null.c2
-rw-r--r--src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c2
-rw-r--r--src/protocols/ec25519_fhmqvc/handshake.c2
10 files changed, 83 insertions, 32 deletions
diff --git a/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c b/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c
index f63e46f..60c8743 100644
--- a/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c
+++ b/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c
@@ -37,6 +37,10 @@ static fastd_cipher_context_t* aes128_ctr_initialize(fastd_context_t *ctx UNUSED
return NULL;
}
+static size_t aes128_ctr_key_length(fastd_context_t *ctx UNUSED, const fastd_cipher_context_t *cctx UNUSED) {
+ return 16;
+}
+
static fastd_cipher_state_t* aes128_ctr_init_state(fastd_context_t *ctx, const fastd_cipher_context_t *cctx UNUSED, const uint8_t *key) {
fastd_block128_t k;
memcpy(k.b, key, sizeof(fastd_block128_t));
@@ -49,8 +53,12 @@ static fastd_cipher_state_t* aes128_ctr_init_state(fastd_context_t *ctx, const f
return state;
}
-static bool aes128_ctr_crypt(fastd_context_t *ctx UNUSED, const fastd_cipher_state_t *state, fastd_block128_t *out, const fastd_block128_t *in, size_t len, const fastd_block128_t *iv) {
- crypto_stream_aes128ctr_xor_afternm(out->b, in->b, len, iv->b, state->d.data);
+static size_t aes128_ctr_iv_length(fastd_context_t *ctx UNUSED, const fastd_cipher_state_t *state UNUSED) {
+ return 16;
+}
+
+static bool aes128_ctr_crypt(fastd_context_t *ctx UNUSED, const fastd_cipher_state_t *state, fastd_block128_t *out, const fastd_block128_t *in, size_t len, const uint8_t *iv) {
+ crypto_stream_aes128ctr_xor_afternm(out->b, in->b, len, iv, state->d.data);
return true;
}
@@ -68,7 +76,11 @@ const fastd_cipher_t fastd_cipher_aes128_ctr_nacl = {
.name = "nacl",
.initialize = aes128_ctr_initialize,
+
+ .key_length = aes128_ctr_key_length,
.init_state = aes128_ctr_init_state,
+
+ .iv_length = aes128_ctr_iv_length,
.crypt = aes128_ctr_crypt,
.free_state = aes128_ctr_free_state,
diff --git a/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c b/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c
index 04ac1f0..1d29a4c 100644
--- a/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c
+++ b/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c
@@ -223,6 +223,10 @@ static fastd_cipher_context_t* blowfish_ctr_initialize(fastd_context_t *ctx UNUS
return NULL;
}
+static size_t blowfish_ctr_key_length(fastd_context_t *ctx UNUSED, const fastd_cipher_context_t *cctx UNUSED) {
+ return 56;
+}
+
static inline void bf_swap(uint32_t *L, uint32_t *R) {
uint32_t tmp = *L;
*L = *R;
@@ -292,7 +296,11 @@ static fastd_cipher_state_t* blowfish_ctr_init_state(fastd_context_t *ctx UNUSED
return state;
}
-static bool blowfish_ctr_crypt(fastd_context_t *ctx UNUSED, const fastd_cipher_state_t *state, fastd_block128_t *out, const fastd_block128_t *in, size_t len, const fastd_block128_t *iv) {
+static size_t blowfish_ctr_iv_length(fastd_context_t *ctx UNUSED, const fastd_cipher_state_t *state UNUSED) {
+ return 8;
+}
+
+static bool blowfish_ctr_crypt(fastd_context_t *ctx UNUSED, const fastd_cipher_state_t *state, fastd_block128_t *out, const fastd_block128_t *in, size_t len, const uint8_t *iv) {
uint32_t ctr[2];
fastd_block128_t block;
@@ -329,7 +337,11 @@ const fastd_cipher_t fastd_cipher_blowfish_ctr_builtin = {
.name = "builtin",
.initialize = blowfish_ctr_initialize,
+
+ .key_length = blowfish_ctr_key_length,
.init_state = blowfish_ctr_init_state,
+
+ .iv_length = blowfish_ctr_iv_length,
.crypt = blowfish_ctr_crypt,
.free_state = blowfish_ctr_free_state,
diff --git a/src/crypto/cipher/ciphers.c.in b/src/crypto/cipher/ciphers.c.in
index 5bedc75..667cfac 100644
--- a/src/crypto/cipher/ciphers.c.in
+++ b/src/crypto/cipher/ciphers.c.in
@@ -102,7 +102,7 @@ bool fastd_cipher_available(const char *name) {
return false;
}
-const fastd_cipher_t* fastd_cipher_get_by_name(fastd_context_t *ctx, const char *name, fastd_cipher_context_t **cctx) {
+const fastd_cipher_t* fastd_cipher_get_by_name(fastd_context_t *ctx, const char *name, const fastd_cipher_context_t **cctx) {
size_t i;
for (i = 0; i < array_size(ciphers); i++) {
if (!strcmp(ciphers[i].name, name)) {
diff --git a/src/crypto/mac/ghash/builtin/ghash_builtin.c b/src/crypto/mac/ghash/builtin/ghash_builtin.c
index 2eb7fed..34e118a 100644
--- a/src/crypto/mac/ghash/builtin/ghash_builtin.c
+++ b/src/crypto/mac/ghash/builtin/ghash_builtin.c
@@ -65,6 +65,10 @@ static fastd_mac_context_t* ghash_initialize(fastd_context_t *ctx UNUSED) {
return NULL;
}
+static size_t ghash_key_length(fastd_context_t *ctx UNUSED, const fastd_mac_context_t *cctx UNUSED) {
+ return sizeof(fastd_block128_t);
+}
+
static fastd_mac_state_t* ghash_init_state(fastd_context_t *ctx UNUSED, const fastd_mac_context_t *mctx UNUSED, const uint8_t *key) {
fastd_mac_state_t *state = malloc(sizeof(fastd_mac_state_t));
@@ -132,7 +136,10 @@ const fastd_mac_t fastd_mac_ghash_builtin = {
.name = "builtin",
.initialize = ghash_initialize,
+
+ .key_length = ghash_key_length,
.init_state = ghash_init_state,
+
.hash = ghash_hash,
.free_state = ghash_free_state,
diff --git a/src/crypto/mac/macs.c.in b/src/crypto/mac/macs.c.in
index 7d8a5ff..5adca10 100644
--- a/src/crypto/mac/macs.c.in
+++ b/src/crypto/mac/macs.c.in
@@ -102,7 +102,7 @@ bool fastd_mac_available(const char *name) {
return false;
}
-const fastd_mac_t* fastd_mac_get_by_name(fastd_context_t *ctx, const char *name, fastd_mac_context_t **cctx) {
+const fastd_mac_t* fastd_mac_get_by_name(fastd_context_t *ctx, const char *name, const fastd_mac_context_t **cctx) {
size_t i;
for (i = 0; i < array_size(macs); i++) {
if (!strcmp(macs[i].name, name)) {
diff --git a/src/fastd.h b/src/fastd.h
index 0f62445..4e17cb5 100644
--- a/src/fastd.h
+++ b/src/fastd.h
@@ -87,7 +87,7 @@ struct fastd_method {
size_t (*min_encrypt_tail_space)(fastd_context_t *ctx);
size_t (*min_decrypt_tail_space)(fastd_context_t *ctx);
- size_t (*key_length)(fastd_context_t *ctx);
+ size_t (*key_length)(fastd_context_t *ctx, const char *name);
fastd_method_session_state_t* (*session_init)(fastd_context_t *ctx, const char *name, const uint8_t *secret, bool initiator);
fastd_method_session_state_t* (*session_init_compat)(fastd_context_t *ctx, const char *name, const uint8_t *secret, size_t length, bool initiator);
bool (*session_is_valid)(fastd_context_t *ctx, fastd_method_session_state_t *session);
@@ -104,8 +104,12 @@ struct fastd_cipher {
const char *name;
fastd_cipher_context_t* (*initialize)(fastd_context_t *ctx);
+
+ size_t (*key_length)(fastd_context_t *ctx, const fastd_cipher_context_t *cctx);
fastd_cipher_state_t* (*init_state)(fastd_context_t *ctx, const fastd_cipher_context_t *cctx, const uint8_t *key);
- bool (*crypt)(fastd_context_t *ctx, const fastd_cipher_state_t *state, fastd_block128_t *out, const fastd_block128_t *in, size_t len, const fastd_block128_t *iv);
+
+ size_t (*iv_length)(fastd_context_t *ctx, const fastd_cipher_state_t *state);
+ bool (*crypt)(fastd_context_t *ctx, const fastd_cipher_state_t *state, fastd_block128_t *out, const fastd_block128_t *in, size_t len, const uint8_t *iv);
void (*free_state)(fastd_context_t *ctx, fastd_cipher_state_t *state);
void (*free)(fastd_context_t *ctx, fastd_cipher_context_t *cctx);
@@ -115,7 +119,10 @@ struct fastd_mac {
const char *name;
fastd_mac_context_t* (*initialize)(fastd_context_t *ctx);
+
+ size_t (*key_length)(fastd_context_t *ctx, const fastd_mac_context_t *mctx);
fastd_mac_state_t* (*init_state)(fastd_context_t *ctx, const fastd_mac_context_t *mctx, const uint8_t *key);
+
bool (*hash)(fastd_context_t *ctx, const fastd_mac_state_t *state, fastd_block128_t *out, const fastd_block128_t *in, size_t n_blocks);
void (*free_state)(fastd_context_t *ctx, fastd_mac_state_t *state);
@@ -366,12 +373,12 @@ const fastd_method_t* fastd_method_get_by_name(const char *name);
void fastd_cipher_init(fastd_context_t *ctx);
void fastd_cipher_free(fastd_context_t *ctx);
bool fastd_cipher_available(const char *name);
-const fastd_cipher_t* fastd_cipher_get_by_name(fastd_context_t *ctx, const char *name, fastd_cipher_context_t **cctx);
+const fastd_cipher_t* fastd_cipher_get_by_name(fastd_context_t *ctx, const char *name, const fastd_cipher_context_t **cctx);
void fastd_mac_init(fastd_context_t *ctx);
void fastd_mac_free(fastd_context_t *ctx);
bool fastd_mac_available(const char *name);
-const fastd_mac_t* fastd_mac_get_by_name(fastd_context_t *ctx, const char *name, fastd_mac_context_t **cctx);
+const fastd_mac_t* fastd_mac_get_by_name(fastd_context_t *ctx, const char *name, const fastd_mac_context_t **cctx);
void fastd_tuntap_open(fastd_context_t *ctx);
fastd_buffer_t fastd_tuntap_read(fastd_context_t *ctx);
diff --git a/src/methods/generic_gcm/generic_gcm.c b/src/methods/generic_gcm/generic_gcm.c
index ba8729a..8ae9dbe 100644
--- a/src/methods/generic_gcm/generic_gcm.c
+++ b/src/methods/generic_gcm/generic_gcm.c
@@ -32,16 +32,17 @@ struct fastd_method_session_state {
fastd_method_common_t common;
const fastd_cipher_t *cipher;
- fastd_cipher_context_t *cipher_ctx;
+ const fastd_cipher_context_t *cipher_ctx;
fastd_cipher_state_t *cipher_state;
+ size_t ivlen;
const fastd_mac_t *ghash;
- fastd_mac_context_t *ghash_ctx;
+ const fastd_mac_context_t *ghash_ctx;
fastd_mac_state_t *ghash_state;
};
-static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_t **cipher, fastd_cipher_context_t **cctx) {
+static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) {
if (!fastd_mac_available("ghash"))
return false;
@@ -93,8 +94,13 @@ static size_t method_min_decrypt_tail_space(fastd_context_t *ctx UNUSED) {
}
-static size_t method_key_length(fastd_context_t *ctx UNUSED) {
- return sizeof(fastd_block128_t);
+static size_t method_key_length(fastd_context_t *ctx, const char *name) {
+ const fastd_cipher_t *cipher;
+ const fastd_cipher_context_t *cctx;
+ if (!cipher_get(ctx, name, &cipher, &cctx))
+ exit_bug(ctx, "generic-gcm: can't get cipher key length");
+
+ return cipher->key_length(ctx, cctx);
}
static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name, const uint8_t *secret, bool initiator) {
@@ -110,7 +116,14 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
static const fastd_block128_t zeroblock = {};
fastd_block128_t H;
- session->cipher->crypt(ctx, session->cipher_state, &H, &zeroblock, sizeof(fastd_block128_t), &zeroblock);
+ session->ivlen = session->cipher->iv_length(ctx, session->cipher_state);
+ if (session->ivlen <= COMMON_NONCEBYTES)
+ exit_bug(ctx, "generic-gcm: iv_length to small");
+
+ uint8_t zeroiv[session->ivlen];
+ memset(zeroiv, 0, session->ivlen);
+
+ session->cipher->crypt(ctx, session->cipher_state, &H, &zeroblock, sizeof(fastd_block128_t), zeroiv);
session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_ctx);
if (!session->ghash)
@@ -173,18 +186,18 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
if (tail_len)
memset(in.data+in.len, 0, tail_len);
- fastd_block128_t nonce;
- memcpy(nonce.b, session->common.send_nonce, COMMON_NONCEBYTES);
- memset(nonce.b+COMMON_NONCEBYTES, 0, sizeof(fastd_block128_t)-COMMON_NONCEBYTES-1);
- nonce.b[sizeof(fastd_block128_t)-1] = 1;
+ uint8_t nonce[session->ivlen];
+ memset(nonce, 0, session->ivlen);
+ memcpy(nonce, session->common.send_nonce, COMMON_NONCEBYTES);
+ nonce[session->ivlen-1] = 1;
- int n_blocks = (in.len+sizeof(fastd_block128_t)-1)/sizeof(fastd_block128_t);
+ int n_blocks = block_count(in.len, sizeof(fastd_block128_t));
fastd_block128_t *inblocks = in.data;
fastd_block128_t *outblocks = out->data;
fastd_block128_t sig;
- bool ok = session->cipher->crypt(ctx, session->cipher_state, outblocks, inblocks, n_blocks*sizeof(fastd_block128_t), &nonce);
+ bool ok = session->cipher->crypt(ctx, session->cipher_state, outblocks, inblocks, n_blocks*sizeof(fastd_block128_t), nonce);
if (ok) {
if (tail_len)
@@ -220,13 +233,13 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
if (!method_session_is_valid(ctx, session))
return false;
- fastd_block128_t nonce;
- memcpy(nonce.b, in.data, COMMON_NONCEBYTES);
- memset(nonce.b+COMMON_NONCEBYTES, 0, sizeof(fastd_block128_t)-COMMON_NONCEBYTES-1);
- nonce.b[sizeof(fastd_block128_t)-1] = 1;
+ uint8_t nonce[session->ivlen];
+ memset(nonce, 0, session->ivlen);
+ memcpy(nonce, in.data, COMMON_NONCEBYTES);
+ nonce[session->ivlen-1] = 1;
int64_t age;
- if (!fastd_method_is_nonce_valid(ctx, &session->common, nonce.b, &age))
+ if (!fastd_method_is_nonce_valid(ctx, &session->common, nonce, &age))
return false;
fastd_buffer_push_head(ctx, &in, COMMON_NONCEBYTES);
@@ -234,13 +247,13 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
size_t tail_len = alignto(in.len, sizeof(fastd_block128_t))-in.len;
*out = fastd_buffer_alloc(ctx, in.len, 0, tail_len);
- int n_blocks = (in.len+sizeof(fastd_block128_t)-1)/sizeof(fastd_block128_t);
+ int n_blocks = block_count(in.len, sizeof(fastd_block128_t));
fastd_block128_t *inblocks = in.data;
fastd_block128_t *outblocks = out->data;
fastd_block128_t sig;
- bool ok = session->cipher->crypt(ctx, session->cipher_state, outblocks, inblocks, n_blocks*sizeof(fastd_block128_t), &nonce);
+ bool ok = session->cipher->crypt(ctx, session->cipher_state, outblocks, inblocks, n_blocks*sizeof(fastd_block128_t), nonce);
if (ok) {
if (tail_len)
@@ -260,7 +273,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
fastd_buffer_push_head(ctx, out, sizeof(fastd_block128_t));
- if (!fastd_method_reorder_check(ctx, peer, &session->common, nonce.b, age)) {
+ if (!fastd_method_reorder_check(ctx, peer, &session->common, nonce, age)) {
fastd_buffer_free(*out);
*out = fastd_buffer_alloc(ctx, 0, 0, 0);
}
diff --git a/src/methods/null/null.c b/src/methods/null/null.c
index e93f0cf..6874124 100644
--- a/src/methods/null/null.c
+++ b/src/methods/null/null.c
@@ -45,7 +45,7 @@ static size_t method_min_head_tail_space(fastd_context_t *ctx UNUSED) {
return 0;
}
-static size_t method_key_length(fastd_context_t *ctx UNUSED) {
+static size_t method_key_length(fastd_context_t *ctx UNUSED, const char *name UNUSED) {
return 0;
}
diff --git a/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c b/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c
index 45bdc14..f7709bb 100644
--- a/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c
+++ b/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c
@@ -58,7 +58,7 @@ static size_t method_min_tail_space(fastd_context_t *ctx UNUSED) {
}
-static size_t method_key_length(fastd_context_t *ctx UNUSED) {
+static size_t method_key_length(fastd_context_t *ctx UNUSED, const char *name UNUSED) {
return crypto_secretbox_xsalsa20poly1305_KEYBYTES;
}
diff --git a/src/protocols/ec25519_fhmqvc/handshake.c b/src/protocols/ec25519_fhmqvc/handshake.c
index 909d011..182abca 100644
--- a/src/protocols/ec25519_fhmqvc/handshake.c
+++ b/src/protocols/ec25519_fhmqvc/handshake.c
@@ -98,7 +98,7 @@ static inline void new_session(fastd_context_t *ctx, fastd_peer_t *peer, const c
supersede_session(ctx, peer, method);
if (salt) {
- size_t blocks = block_count(method->key_length(ctx), sizeof(fastd_sha256_t));
+ size_t blocks = block_count(method->key_length(ctx, method_name), sizeof(fastd_sha256_t));
fastd_sha256_t secret[blocks];
derive_key(secret, blocks, salt, method_name, A, B, X, Y, sigma);