summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/crypto.h22
-rw-r--r--src/crypto/cipher/CMakeLists.txt35
-rw-r--r--src/crypto/cipher/aes128_ctr/CMakeLists.txt2
-rw-r--r--src/crypto/cipher/aes128_ctr/aes128_ctr.c33
-rw-r--r--src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c4
-rw-r--r--src/crypto/cipher/blowfish_ctr/CMakeLists.txt2
-rw-r--r--src/crypto/cipher/blowfish_ctr/blowfish_ctr.c33
-rw-r--r--src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c4
-rw-r--r--src/crypto/cipher/ciphers.c.in40
-rw-r--r--src/crypto/cipher/null/CMakeLists.txt2
-rw-r--r--src/crypto/cipher/null/memcpy/null_memcpy.c4
-rw-r--r--src/crypto/cipher/null/null.c33
-rw-r--r--src/crypto/cipher/salsa20/CMakeLists.txt2
-rw-r--r--src/crypto/cipher/salsa20/nacl/salsa20_nacl.c4
-rw-r--r--src/crypto/cipher/salsa20/salsa20.c33
-rw-r--r--src/crypto/cipher/salsa2012/CMakeLists.txt2
-rw-r--r--src/crypto/cipher/salsa2012/nacl/salsa2012_nacl.c4
-rw-r--r--src/crypto/cipher/salsa2012/salsa2012.c33
-rw-r--r--src/crypto/mac/CMakeLists.txt35
-rw-r--r--src/crypto/mac/ghash/CMakeLists.txt2
-rw-r--r--src/crypto/mac/ghash/builtin/ghash_builtin.c3
-rw-r--r--src/crypto/mac/ghash/ghash.c32
-rw-r--r--src/crypto/mac/macs.c.in40
-rw-r--r--src/fastd.c1
-rw-r--r--src/fastd.h10
-rw-r--r--src/methods/cipher_test/cipher_test.c50
-rw-r--r--src/methods/composed_gmac/composed_gmac.c97
-rw-r--r--src/methods/generic_gcm/generic_gcm.c56
-rw-r--r--src/methods/generic_gmac/generic_gmac.c56
-rw-r--r--src/methods/generic_poly1305/generic_poly1305.c47
-rw-r--r--src/types.h4
31 files changed, 508 insertions, 217 deletions
diff --git a/src/crypto.h b/src/crypto.h
index e7d011b..a11b460 100644
--- a/src/crypto.h
+++ b/src/crypto.h
@@ -30,11 +30,12 @@
#include "fastd.h"
-struct fastd_cipher {
- const char *name;
+struct fastd_cipher_info {
size_t key_length;
size_t iv_length;
+};
+struct fastd_cipher {
fastd_cipher_context_t* (*initialize)(fastd_context_t *ctx);
fastd_cipher_state_t* (*init_state)(fastd_context_t *ctx, const fastd_cipher_context_t *cctx, const uint8_t *key);
@@ -44,10 +45,12 @@ struct fastd_cipher {
void (*free)(fastd_context_t *ctx, fastd_cipher_context_t *cctx);
};
-struct fastd_mac {
- const char *name;
+
+struct fastd_mac_info {
size_t key_length;
+};
+struct fastd_mac {
fastd_mac_context_t* (*initialize)(fastd_context_t *ctx);
fastd_mac_state_t* (*init_state)(fastd_context_t *ctx, const fastd_mac_context_t *mctx, const uint8_t *key);
@@ -57,4 +60,15 @@ struct fastd_mac {
void (*free)(fastd_context_t *ctx, fastd_mac_context_t *mctx);
};
+
+void fastd_cipher_init(fastd_context_t *ctx);
+void fastd_cipher_free(fastd_context_t *ctx);
+const fastd_cipher_info_t* fastd_cipher_info_get_by_name(const char *name);
+const fastd_cipher_t* fastd_cipher_get_by_name(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **info, const fastd_cipher_context_t **cctx);
+
+void fastd_mac_init(fastd_context_t *ctx);
+void fastd_mac_free(fastd_context_t *ctx);
+const fastd_mac_info_t* fastd_mac_info_get_by_name(const char *name);
+const fastd_mac_t* fastd_mac_get_by_name(fastd_context_t *ctx, const char *name, const fastd_mac_info_t **info, const fastd_mac_context_t **cctx);
+
#endif /* _FASTD_CRYPTO_H_ */
diff --git a/src/crypto/cipher/CMakeLists.txt b/src/crypto/cipher/CMakeLists.txt
index b538227..e32b697 100644
--- a/src/crypto/cipher/CMakeLists.txt
+++ b/src/crypto/cipher/CMakeLists.txt
@@ -1,26 +1,25 @@
add_library(ciphers STATIC "${CMAKE_CURRENT_BINARY_DIR}/ciphers.c")
-function(fastd_cipher name)
- string(REPLACE - _ name_ "${name}")
- string(TOUPPER "${name_}" NAME)
+macro(fastd_cipher name)
+ fastd_module(cipher enabled "cipher" ${name} ${ARGN})
- set(WITH_CIPHER_${NAME} TRUE CACHE BOOL "Include the ${name} cipher")
-
- if(WITH_CIPHER_${NAME})
+ if(${enabled})
set_property(GLOBAL APPEND PROPERTY FASTD_CIPHERS ${name})
- endif(WITH_CIPHER_${NAME})
-endfunction(fastd_cipher)
+ endif(${enabled})
+endmacro(fastd_cipher)
macro(fastd_cipher_impl cipher name)
string(REPLACE - _ cipher_ "${cipher}")
string(TOUPPER "${cipher_}" CIPHER)
- fastd_module(cipher enabled "cipher implementation" "${cipher} ${name}" ${ARGN})
+ if(WITH_CIPHER_${CIPHER})
+ fastd_module(cipher enabled "cipher implementation" "${cipher} ${name}" ${ARGN})
- if(${enabled})
- set_property(GLOBAL APPEND PROPERTY FASTD_CIPHER_${CIPHER}_IMPLS ${name})
- endif(${enabled})
+ if(${enabled})
+ set_property(TARGET "cipher_${cipher_}" APPEND PROPERTY FASTD_CIPHER_IMPLS ${name})
+ endif(${enabled})
+ endif(WITH_CIPHER_${CIPHER})
endmacro(fastd_cipher_impl)
macro(fastd_cipher_impl_include_directories cipher name)
@@ -52,16 +51,18 @@ foreach(cipher ${CIPHERS})
string(REPLACE - _ cipher_ "${cipher}")
string(TOUPPER "${cipher_}" CIPHER)
- set(CIPHER_LIST "${CIPHER_LIST}\n{\"${cipher}\", cipher_${cipher_}_impls},")
- set(CIPHER_IMPLS "${CIPHER_IMPLS}\nstatic const fastd_cipher_t *const cipher_${cipher_}_impls[] = {")
+ set(CIPHER_DEFINITIONS "${CIPHER_DEFINITIONS}\nextern const fastd_cipher_info_t fastd_cipher_info_${cipher_};")
+ set(CIPHER_LIST "${CIPHER_LIST}\n{\"${cipher}\", &fastd_cipher_info_${cipher_}, cipher_${cipher_}_impls},")
+ set(CIPHER_IMPLS "${CIPHER_IMPLS}\nstatic const fastd_cipher_impl_t cipher_${cipher_}_impls[] = {")
+
- get_property(IMPLS GLOBAL PROPERTY FASTD_CIPHER_${CIPHER}_IMPLS)
+ get_property(IMPLS TARGET "cipher_${cipher_}" PROPERTY FASTD_CIPHER_IMPLS)
foreach(impl ${IMPLS})
set(CIPHER_DEFINITIONS "${CIPHER_DEFINITIONS}\nextern const fastd_cipher_t fastd_cipher_${cipher_}_${impl};")
- set(CIPHER_IMPLS "${CIPHER_IMPLS}&fastd_cipher_${cipher_}_${impl}, ")
+ set(CIPHER_IMPLS "${CIPHER_IMPLS}{\"${impl}\", &fastd_cipher_${cipher_}_${impl}}, ")
endforeach(impl)
- set(CIPHER_IMPLS "${CIPHER_IMPLS}NULL};")
+ set(CIPHER_IMPLS "${CIPHER_IMPLS}{NULL, NULL}};")
endforeach(cipher)
get_property(LIBS TARGET ciphers PROPERTY FASTD_LINK_LIBRARIES)
diff --git a/src/crypto/cipher/aes128_ctr/CMakeLists.txt b/src/crypto/cipher/aes128_ctr/CMakeLists.txt
index 16eeeab..27b507b 100644
--- a/src/crypto/cipher/aes128_ctr/CMakeLists.txt
+++ b/src/crypto/cipher/aes128_ctr/CMakeLists.txt
@@ -1,2 +1,2 @@
-fastd_cipher(aes128-ctr)
+fastd_cipher(aes128-ctr aes128_ctr.c)
add_subdirectory(nacl)
diff --git a/src/crypto/cipher/aes128_ctr/aes128_ctr.c b/src/crypto/cipher/aes128_ctr/aes128_ctr.c
new file mode 100644
index 0000000..b228602
--- /dev/null
+++ b/src/crypto/cipher/aes128_ctr/aes128_ctr.c
@@ -0,0 +1,33 @@
+/*
+ Copyright (c) 2012-2013, Matthias Schiffer <mschiffer@universe-factory.net>
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+
+#include "../../../crypto.h"
+
+
+const fastd_cipher_info_t fastd_cipher_info_aes128_ctr = {
+ .key_length = 16,
+ .iv_length = 16,
+};
diff --git a/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c b/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c
index a520732..e5f6379 100644
--- a/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c
+++ b/src/crypto/cipher/aes128_ctr/nacl/cipher_aes128_ctr_nacl.c
@@ -67,10 +67,6 @@ static void aes128_ctr_free(fastd_context_t *ctx UNUSED, fastd_cipher_context_t
}
const fastd_cipher_t fastd_cipher_aes128_ctr_nacl = {
- .name = "nacl",
- .key_length = 16,
- .iv_length = 16,
-
.initialize = aes128_ctr_initialize,
.init_state = aes128_ctr_init_state,
diff --git a/src/crypto/cipher/blowfish_ctr/CMakeLists.txt b/src/crypto/cipher/blowfish_ctr/CMakeLists.txt
index 56d283f..8cabb57 100644
--- a/src/crypto/cipher/blowfish_ctr/CMakeLists.txt
+++ b/src/crypto/cipher/blowfish_ctr/CMakeLists.txt
@@ -1,2 +1,2 @@
-fastd_cipher(blowfish-ctr)
+fastd_cipher(blowfish-ctr blowfish_ctr.c)
add_subdirectory(builtin)
diff --git a/src/crypto/cipher/blowfish_ctr/blowfish_ctr.c b/src/crypto/cipher/blowfish_ctr/blowfish_ctr.c
new file mode 100644
index 0000000..1e8010b
--- /dev/null
+++ b/src/crypto/cipher/blowfish_ctr/blowfish_ctr.c
@@ -0,0 +1,33 @@
+/*
+ Copyright (c) 2012-2013, Matthias Schiffer <mschiffer@universe-factory.net>
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+
+#include "../../../crypto.h"
+
+
+const fastd_cipher_info_t fastd_cipher_info_blowfish_ctr = {
+ .key_length = 56,
+ .iv_length = 8,
+};
diff --git a/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c b/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c
index 0ca8d2d..f3424b9 100644
--- a/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c
+++ b/src/crypto/cipher/blowfish_ctr/builtin/blowfish_ctr.c
@@ -274,10 +274,6 @@ static void blowfish_ctr_free(fastd_context_t *ctx UNUSED, fastd_cipher_context_
}
const fastd_cipher_t fastd_cipher_blowfish_ctr_builtin = {
- .name = "builtin",
- .key_length = 56,
- .iv_length = 8,
-
.initialize = blowfish_ctr_initialize,
.init_state = blowfish_ctr_init_state,
diff --git a/src/crypto/cipher/ciphers.c.in b/src/crypto/cipher/ciphers.c.in
index c912e60..508196e 100644
--- a/src/crypto/cipher/ciphers.c.in
+++ b/src/crypto/cipher/ciphers.c.in
@@ -30,14 +30,20 @@
@CIPHER_DEFINITIONS@
-typedef struct cipher_impl_list {
+typedef struct fastd_cipher_impl {
const char *name;
- const fastd_cipher_t *const *impls;
-} cipher_impl_list_t;
+ const fastd_cipher_t *impl;
+} fastd_cipher_impl_t;
+
+typedef struct cipher_entry {
+ const char *name;
+ const fastd_cipher_info_t *info;
+ const fastd_cipher_impl_t *impls;
+} cipher_entry_t;
@CIPHER_IMPLS@
-static const cipher_impl_list_t ciphers[] = { @CIPHER_LIST@
+static const cipher_entry_t ciphers[] = { @CIPHER_LIST@
};
@@ -46,7 +52,7 @@ const fastd_cipher_t** fastd_cipher_config_alloc(void) {
size_t i;
for (i = 0; i < array_size(ciphers); i++)
- cipher_conf[i] = ciphers[i].impls[0];
+ cipher_conf[i] = ciphers[i].impls[0].impl;
return cipher_conf;
}
@@ -60,9 +66,9 @@ bool fastd_cipher_config(const fastd_cipher_t **cipher_conf, const char *name, c
for (i = 0; i < array_size(ciphers); i++) {
if (!strcmp(ciphers[i].name, name)) {
size_t j;
- for (j = 0; ciphers[i].impls[j]; j++) {
- if (!strcmp(ciphers[i].impls[j]->name, impl)) {
- cipher_conf[i] = ciphers[i].impls[j];
+ for (j = 0; ciphers[i].impls[j].impl; j++) {
+ if (!strcmp(ciphers[i].impls[j].name, impl)) {
+ cipher_conf[i] = ciphers[i].impls[j].impl;
return true;
}
}
@@ -92,20 +98,28 @@ void fastd_cipher_free(fastd_context_t *ctx) {
free(ctx->cipher_contexts);
}
-bool fastd_cipher_available(const char *name) {
+const fastd_cipher_info_t* fastd_cipher_info_get_by_name(const char *name) {
size_t i;
for (i = 0; i < array_size(ciphers); i++) {
- if (!strcmp(ciphers[i].name, name))
- return ciphers[i].impls[0];
+ if (strcmp(ciphers[i].name, name))
+ continue;
+
+ if (!ciphers[i].impls[0].impl)
+ continue;
+
+ return ciphers[i].info;
}
- return false;
+ return NULL;
}
-const fastd_cipher_t* fastd_cipher_get_by_name(fastd_context_t *ctx, const char *name, const fastd_cipher_context_t **cctx) {
+const fastd_cipher_t* fastd_cipher_get_by_name(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **info, const fastd_cipher_context_t **cctx) {
size_t i;
for (i = 0; i < array_size(ciphers); i++) {
if (!strcmp(ciphers[i].name, name)) {
+ if (info)
+ *info = ciphers[i].info;
+
if (cctx)
*cctx = ctx->cipher_contexts[i];
diff --git a/src/crypto/cipher/null/CMakeLists.txt b/src/crypto/cipher/null/CMakeLists.txt
index e835d73..a05fdc5 100644
--- a/src/crypto/cipher/null/CMakeLists.txt
+++ b/src/crypto/cipher/null/CMakeLists.txt
@@ -1,2 +1,2 @@
-fastd_cipher(null)
+fastd_cipher(null null.c)
add_subdirectory(memcpy)
diff --git a/src/crypto/cipher/null/memcpy/null_memcpy.c b/src/crypto/cipher/null/memcpy/null_memcpy.c
index 45ad297..1784ac9 100644
--- a/src/crypto/cipher/null/memcpy/null_memcpy.c
+++ b/src/crypto/cipher/null/memcpy/null_memcpy.c
@@ -47,10 +47,6 @@ static void null_free(fastd_context_t *ctx UNUSED, fastd_cipher_context_t *cctx
}
const fastd_cipher_t fastd_cipher_null_memcpy = {
- .name = "memcpy",
- .key_length = 0,
- .iv_length = 0,
-
.initialize = null_initialize,
.init_state = null_init_state,
diff --git a/src/crypto/cipher/null/null.c b/src/crypto/cipher/null/null.c
new file mode 100644
index 0000000..07994f7
--- /dev/null
+++ b/src/crypto/cipher/null/null.c
@@ -0,0 +1,33 @@
+/*
+ Copyright (c) 2012-2013, Matthias Schiffer <mschiffer@universe-factory.net>
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+
+#include "../../../crypto.h"
+
+
+const fastd_cipher_info_t fastd_cipher_info_null = {
+ .key_length = 0,
+ .iv_length = 0,
+};
diff --git a/src/crypto/cipher/salsa20/CMakeLists.txt b/src/crypto/cipher/salsa20/CMakeLists.txt
index 3d325dc..3d9654e 100644
--- a/src/crypto/cipher/salsa20/CMakeLists.txt
+++ b/src/crypto/cipher/salsa20/CMakeLists.txt
@@ -1,2 +1,2 @@
-fastd_cipher(salsa20)
+fastd_cipher(salsa20 salsa20.c)
add_subdirectory(nacl)
diff --git a/src/crypto/cipher/salsa20/nacl/salsa20_nacl.c b/src/crypto/cipher/salsa20/nacl/salsa20_nacl.c
index 93daad3..ddcc124 100644
--- a/src/crypto/cipher/salsa20/nacl/salsa20_nacl.c
+++ b/src/crypto/cipher/salsa20/nacl/salsa20_nacl.c
@@ -60,10 +60,6 @@ static void salsa20_free(fastd_context_t *ctx UNUSED, fastd_cipher_context_t *cc
}
const fastd_cipher_t fastd_cipher_salsa20_nacl = {
- .name = "nacl",
- .key_length = crypto_stream_salsa20_KEYBYTES,
- .iv_length = crypto_stream_salsa20_NONCEBYTES,
-
.initialize = salsa20_initialize,
.init_state = salsa20_init_state,
diff --git a/src/crypto/cipher/salsa20/salsa20.c b/src/crypto/cipher/salsa20/salsa20.c
new file mode 100644
index 0000000..bf6dc48
--- /dev/null
+++ b/src/crypto/cipher/salsa20/salsa20.c
@@ -0,0 +1,33 @@
+/*
+ Copyright (c) 2012-2013, Matthias Schiffer <mschiffer@universe-factory.net>
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+
+#include "../../../crypto.h"
+
+
+const fastd_cipher_info_t fastd_cipher_info_salsa20 = {
+ .key_length = 32,
+ .iv_length = 8,
+};
diff --git a/src/crypto/cipher/salsa2012/CMakeLists.txt b/src/crypto/cipher/salsa2012/CMakeLists.txt
index 405ae9a..eb853e0 100644
--- a/src/crypto/cipher/salsa2012/CMakeLists.txt
+++ b/src/crypto/cipher/salsa2012/CMakeLists.txt
@@ -1,2 +1,2 @@
-fastd_cipher(salsa2012)
+fastd_cipher(salsa2012 salsa2012.c)
add_subdirectory(nacl)
diff --git a/src/crypto/cipher/salsa2012/nacl/salsa2012_nacl.c b/src/crypto/cipher/salsa2012/nacl/salsa2012_nacl.c
index 2703f0e..36985a6 100644
--- a/src/crypto/cipher/salsa2012/nacl/salsa2012_nacl.c
+++ b/src/crypto/cipher/salsa2012/nacl/salsa2012_nacl.c
@@ -60,10 +60,6 @@ static void salsa2012_free(fastd_context_t *ctx UNUSED, fastd_cipher_context_t *
}
const fastd_cipher_t fastd_cipher_salsa2012_nacl = {
- .name = "nacl",
- .key_length = crypto_stream_salsa2012_KEYBYTES,
- .iv_length = crypto_stream_salsa2012_NONCEBYTES,
-
.initialize = salsa2012_initialize,
.init_state = salsa2012_init_state,
diff --git a/src/crypto/cipher/salsa2012/salsa2012.c b/src/crypto/cipher/salsa2012/salsa2012.c
new file mode 100644
index 0000000..780702d
--- /dev/null
+++ b/src/crypto/cipher/salsa2012/salsa2012.c
@@ -0,0 +1,33 @@
+/*
+ Copyright (c) 2012-2013, Matthias Schiffer <mschiffer@universe-factory.net>
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+
+#include "../../../crypto.h"
+
+
+const fastd_cipher_info_t fastd_cipher_info_salsa2012 = {
+ .key_length = 32,
+ .iv_length = 8,
+};
diff --git a/src/crypto/mac/CMakeLists.txt b/src/crypto/mac/CMakeLists.txt
index ca3b71d..22bc95e 100644
--- a/src/crypto/mac/CMakeLists.txt
+++ b/src/crypto/mac/CMakeLists.txt
@@ -1,26 +1,25 @@
add_library(macs STATIC "${CMAKE_CURRENT_BINARY_DIR}/macs.c")
-function(fastd_mac name)
- string(REPLACE - _ name_ "${name}")
- string(TOUPPER "${name_}" NAME)
+macro(fastd_mac name)
+ fastd_module(mac enabled "MAC" ${name} ${ARGN})
- set(WITH_MAC_${NAME} TRUE CACHE BOOL "Include the ${name} MAC")
-
- if(WITH_MAC_${NAME})
+ if(${enabled})
set_property(GLOBAL APPEND PROPERTY FASTD_MACS ${name})
- endif(WITH_MAC_${NAME})
-endfunction(fastd_mac)
+ endif(${enabled})
+endmacro(fastd_mac)
macro(fastd_mac_impl mac name)
string(REPLACE - _ mac_ "${mac}")
string(TOUPPER "${mac_}" MAC)
- fastd_module(mac enabled "MAC implementation" "${mac} ${name}" ${ARGN})
+ if(WITH_MAC_${MAC})
+ fastd_module(mac enabled "MAC implementation" "${mac} ${name}" ${ARGN})
- if(${enabled})
- set_property(GLOBAL APPEND PROPERTY FASTD_MAC_${MAC}_IMPLS ${name})
- endif(${enabled})
+ if(${enabled})
+ set_property(TARGET "mac_${mac_}" APPEND PROPERTY FASTD_MAC_IMPLS ${name})
+ endif(${enabled})
+ endif(WITH_MAC_${MAC})
endmacro(fastd_mac_impl)
macro(fastd_mac_impl_include_directories mac name)
@@ -48,16 +47,18 @@ foreach(mac ${MACS})
string(REPLACE - _ mac_ "${mac}")
string(TOUPPER "${mac_}" MAC)
- set(MAC_LIST "${MAC_LIST}\n{\"${mac}\", mac_${mac_}_impls},")
- set(MAC_IMPLS "${MAC_IMPLS}\nstatic const fastd_mac_t *const mac_${mac_}_impls[] = {")
+ set(MAC_DEFINITIONS "${MAC_DEFINITIONS}\nextern const fastd_mac_info_t fastd_mac_info_${mac_};")
+ set(MAC_LIST "${MAC_LIST}\n{\"${mac}\", &fastd_mac_info_${mac_}, mac_${mac_}_impls},")
+ set(MAC_IMPLS "${MAC_IMPLS}\nstatic const fastd_mac_impl_t mac_${mac_}_impls[] = {")
+
- get_property(IMPLS GLOBAL PROPERTY FASTD_MAC_${MAC}_IMPLS)
+ get_property(IMPLS TARGET "mac_${mac_}" PROPERTY FASTD_MAC_IMPLS)
foreach(impl ${IMPLS})
set(MAC_DEFINITIONS "${MAC_DEFINITIONS}\nextern const fastd_mac_t fastd_mac_${mac_}_${impl};")
- set(MAC_IMPLS "${MAC_IMPLS}&fastd_mac_${mac_}_${impl}, ")
+ set(MAC_IMPLS "${MAC_IMPLS}{\"${impl}\", &fastd_mac_${mac_}_${impl}}, ")
endforeach(impl)
- set(MAC_IMPLS "${MAC_IMPLS}NULL};")
+ set(MAC_IMPLS "${MAC_IMPLS}{NULL, NULL}};")
endforeach(mac)
get_property(LIBS TARGET macs PROPERTY FASTD_LINK_LIBRARIES)
diff --git a/src/crypto/mac/ghash/CMakeLists.txt b/src/crypto/mac/ghash/CMakeLists.txt
index 7d44b8a..1fd04a4 100644
--- a/src/crypto/mac/ghash/CMakeLists.txt
+++ b/src/crypto/mac/ghash/CMakeLists.txt
@@ -1,2 +1,2 @@
-fastd_mac(ghash)
+fastd_mac(ghash ghash.c)
add_subdirectory(builtin)
diff --git a/src/crypto/mac/ghash/builtin/ghash_builtin.c b/src/crypto/mac/ghash/builtin/ghash_builtin.c
index 0af30ed..cc47427 100644
--- a/src/crypto/mac/ghash/builtin/ghash_builtin.c
+++ b/src/crypto/mac/ghash/builtin/ghash_builtin.c
@@ -132,9 +132,6 @@ static void ghash_free(fastd_context_t *ctx UNUSED, fastd_mac_context_t *mctx UN
}
const fastd_mac_t fastd_mac_ghash_builtin = {
- .name = "builtin",
- .key_length = sizeof(fastd_block128_t),
-
.initialize = ghash_initialize,
.init_state = ghash_init_state,
diff --git a/src/crypto/mac/ghash/ghash.c b/src/crypto/mac/ghash/ghash.c
new file mode 100644
index 0000000..6c165a4
--- /dev/null
+++ b/src/crypto/mac/ghash/ghash.c
@@ -0,0 +1,32 @@
+/*
+ Copyright (c) 2012-2013, Matthias Schiffer <mschiffer@universe-factory.net>
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+
+#include "../../../crypto.h"
+
+
+const fastd_mac_info_t fastd_mac_info_ghash = {
+ .key_length = 16,
+};
diff --git a/src/crypto/mac/macs.c.in b/src/crypto/mac/macs.c.in
index 43031ee..9952396 100644
--- a/src/crypto/mac/macs.c.in
+++ b/src/crypto/mac/macs.c.in
@@ -30,14 +30,20 @@
@MAC_DEFINITIONS@
-typedef struct mac_impl_list {
+typedef struct fastd_mac_impl {
const char *name;
- const fastd_mac_t *const *impls;
-} mac_impl_list_t;
+ const fastd_mac_t *impl;
+} fastd_mac_impl_t;
+
+typedef struct mac_entry {
+ const char *name;
+ const fastd_mac_info_t *info;
+ const fastd_mac_impl_t *impls;
+} mac_entry_t;
@MAC_IMPLS@
-static const mac_impl_list_t macs[] = { @MAC_LIST@
+static const mac_entry_t macs[] = { @MAC_LIST@
};
@@ -46,7 +52,7 @@ const fastd_mac_t** fastd_mac_config_alloc(void) {
size_t i;
for (i = 0; i < array_size(macs); i++)
- mac_conf[i] = macs[i].impls[0];
+ mac_conf[i] = macs[i].impls[0].impl;
return mac_conf;
}
@@ -60,9 +66,9 @@ bool fastd_mac_config(const fastd_mac_t **mac_conf, const char *name, const char
for (i = 0; i < array_size(macs); i++) {
if (!strcmp(macs[i].name, name)) {
size_t j;
- for (j = 0; macs[i].impls[j]; j++) {
- if (!strcmp(macs[i].impls[j]->name, impl)) {
- mac_conf[i] = macs[i].impls[j];
+ for (j = 0; macs[i].impls[j].impl; j++) {
+ if (!strcmp(macs[i].impls[j].name, impl)) {
+ mac_conf[i] = macs[i].impls[j].impl;
return true;
}
}
@@ -92,20 +98,28 @@ void fastd_mac_free(fastd_context_t *ctx) {
free(ctx->mac_contexts);
}
-bool fastd_mac_available(const char *name) {
+const fastd_mac_info_t* fastd_mac_info_get_by_name(const char *name) {
size_t i;
for (i = 0; i < array_size(macs); i++) {
- if (!strcmp(macs[i].name, name))
- return macs[i].impls[0];
+ if (strcmp(macs[i].name, name))
+ continue;
+
+ if (!macs[i].impls[0].impl)
+ continue;
+
+ return macs[i].info;
}
- return false;
+ return NULL;
}
-const fastd_mac_t* fastd_mac_get_by_name(fastd_context_t *ctx, const char *name, const fastd_mac_context_t **cctx) {
+const fastd_mac_t* fastd_mac_get_by_name(fastd_context_t *ctx, const char *name, const fastd_mac_info_t **info, const fastd_mac_context_t **cctx) {
size_t i;
for (i = 0; i < array_size(macs); i++) {
if (!strcmp(macs[i].name, name)) {
+ if (info)
+ *info = macs[i].info;
+
if (cctx)
*cctx = ctx->mac_contexts[i];
diff --git a/src/fastd.c b/src/fastd.c
index f30511d..469fc6f 100644
--- a/src/fastd.c
+++ b/src/fastd.c
@@ -26,6 +26,7 @@
#include "fastd.h"
#include "config.h"
+#include "crypto.h"
#include "handshake.h"
#include "peer.h"
#include <fastd_version.h>
diff --git a/src/fastd.h b/src/fastd.h
index c253a97..012d532 100644
--- a/src/fastd.h
+++ b/src/fastd.h
@@ -341,16 +341,6 @@ void fastd_logf(const fastd_context_t *ctx, fastd_loglevel_t level, const char *
const fastd_method_t* fastd_method_get_by_name(const char *name);
-void fastd_cipher_init(fastd_context_t *ctx);
-void fastd_cipher_free(fastd_context_t *ctx);
-bool fastd_cipher_available(const char *name);
-const fastd_cipher_t* fastd_cipher_get_by_name(fastd_context_t *ctx, const char *name, const fastd_cipher_context_t **cctx);
-
-void fastd_mac_init(fastd_context_t *ctx);
-void fastd_mac_free(fastd_context_t *ctx);
-bool fastd_mac_available(const char *name);
-const fastd_mac_t* fastd_mac_get_by_name(fastd_context_t *ctx, const char *name, const fastd_mac_context_t **cctx);
-
void fastd_tuntap_open(fastd_context_t *ctx);
fastd_buffer_t fastd_tuntap_read(fastd_context_t *ctx);
void fastd_tuntap_write(fastd_context_t *ctx, fastd_buffer_t buffer);
diff --git a/src/methods/cipher_test/cipher_test.c b/src/methods/cipher_test/cipher_test.c
index b9a7881..573e90a 100644
--- a/src/methods/cipher_test/cipher_test.c
+++ b/src/methods/cipher_test/cipher_test.c
@@ -31,13 +31,14 @@
struct fastd_method_session_state {
fastd_method_common_t common;
+ const fastd_cipher_info_t *cipher_info;
const fastd_cipher_t *cipher;
const fastd_cipher_context_t *cipher_ctx;
fastd_cipher_state_t *cipher_state;
};
-static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) {
+static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) {
size_t len = strlen(name);
if (len < 12)
@@ -50,27 +51,36 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe
memcpy(cipher_name, name, len-12);
cipher_name[len-12] = 0;
+ const fastd_cipher_info_t *cipher_info = NULL;
+
if (ctx) {
- *cipher = fastd_cipher_get_by_name(ctx, cipher_name, cctx);
- return *cipher;
+ *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &cipher_info, cctx);
+ if (!*cipher)
+ return false;
}
else {
- return fastd_cipher_available(cipher_name);
+ cipher_info = fastd_cipher_info_get_by_name(cipher_name);
+ if (!cipher_info)
+ return false;
}
+
+ if (info)
+ *info = cipher_info;
+
+ return true;
}
static bool method_provides(const char *name) {
- return cipher_get(NULL, name, NULL, NULL);
+ return cipher_get(NULL, name, NULL, NULL, NULL);
}
static size_t method_key_length(fastd_context_t *ctx, const char *name) {
- const fastd_cipher_t *cipher = NULL;
- const fastd_cipher_context_t *cctx;
- if (!cipher_get(ctx, name, &cipher, &cctx))
+ const fastd_cipher_info_t *info;
+ if (!cipher_get(NULL, name, &info, NULL, NULL))
exit_bug(ctx, "cipher-test: can't get cipher key length");
- return cipher->key_length;
+ return info->key_length;
}
static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name, const uint8_t *secret, bool initiator) {
@@ -78,7 +88,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
fastd_method_common_init(ctx, &session->common, initiator);
- if (!cipher_get(ctx, name, &session->cipher, &session->cipher_ctx))
+ if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher, &session->cipher_ctx))
exit_bug(ctx, "cipher-test: can't instanciate cipher");
session->cipher_state = session->cipher->init_state(ctx, session->cipher_ctx, secret);
@@ -118,11 +128,11 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
if (tail_len)
memset(in.data+in.len, 0, tail_len);
- uint8_t nonce[session->cipher->iv_length];
- if (session->cipher->iv_length) {
- memset(nonce, 0, session->cipher->iv_length);
- memcpy(nonce, session->common.send_nonce, min_size_t(COMMON_NONCEBYTES, session->cipher->iv_length));
- nonce[session->cipher->iv_length-1] = 1;
+ uint8_t nonce[session->cipher_info->iv_length];
+ if (session->cipher_info->iv_length) {
+ memset(nonce, 0, session->cipher_info->iv_length);
+ memcpy(nonce, session->common.send_nonce, min_size_t(COMMON_NONCEBYTES, session->cipher_info->iv_length));
+ nonce[session->cipher_info->iv_length-1] = 1;
}
int n_blocks = block_count(in.len, sizeof(fastd_block128_t));
@@ -161,11 +171,11 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
if (common_nonce[COMMON_NONCEBYTES]) /* flags */
return false;
- uint8_t nonce[session->cipher->iv_length];
- if (session->cipher->iv_length) {
- memset(nonce, 0, session->cipher->iv_length);
- memcpy(nonce, common_nonce, min_size_t(COMMON_NONCEBYTES, session->cipher->iv_length));
- nonce[session->cipher->iv_length-1] = 1;
+ uint8_t nonce[session->cipher_info->iv_length];
+ if (session->cipher_info->iv_length) {
+ memset(nonce, 0, session->cipher_info->iv_length);
+ memcpy(nonce, common_nonce, min_size_t(COMMON_NONCEBYTES, session->cipher_info->iv_length));
+ nonce[session->cipher_info->iv_length-1] = 1;
}
int64_t age;
diff --git a/src/methods/composed_gmac/composed_gmac.c b/src/methods/composed_gmac/composed_gmac.c
index eae27db..75533d2 100644
--- a/src/methods/composed_gmac/composed_gmac.c
+++ b/src/methods/composed_gmac/composed_gmac.c
@@ -33,22 +33,27 @@ static const fastd_block128_t ZERO_BLOCK = {};
struct fastd_method_session_state {
fastd_method_common_t common;
+ const fastd_cipher_info_t *cipher_info;
const fastd_cipher_t *cipher;
const fastd_cipher_context_t *cipher_ctx;
fastd_cipher_state_t *cipher_state;
+ const fastd_cipher_info_t *gmac_cipher_info;
const fastd_cipher_t *gmac_cipher;
const fastd_cipher_context_t *gmac_cipher_ctx;
fastd_cipher_state_t *gmac_cipher_state;
+ const fastd_mac_info_t *ghash_info;
const fastd_mac_t *ghash;
const fastd_mac_context_t *ghash_ctx;
fastd_mac_state_t *ghash_state;
};
-static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx, const fastd_cipher_t **gmac_cipher, const fastd_cipher_context_t **gmac_cctx) {
- if (!fastd_mac_available("ghash"))
+static bool cipher_get(fastd_context_t *ctx, const char *name,
+ const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx,
+ const fastd_cipher_info_t **gmac_cipher_info, const fastd_cipher_t **gmac_cipher, const fastd_cipher_context_t **gmac_cctx) {
+ if (!fastd_mac_info_get_by_name("ghash"))
return false;
size_t len = strlen(name);
@@ -71,32 +76,52 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe
*gmac_cipher_name = 0;
gmac_cipher_name++;
+ const fastd_cipher_info_t *info = NULL;
+ const fastd_cipher_info_t *gmac_info = NULL;
+
if (ctx) {
- *cipher = fastd_cipher_get_by_name(ctx, cipher_name, cctx);
- *gmac_cipher = fastd_cipher_get_by_name(ctx, gmac_cipher_name, gmac_cctx);
- return *cipher && *gmac_cipher;
+ *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &info, cctx);
+ *gmac_cipher = fastd_cipher_get_by_name(ctx, gmac_cipher_name, &gmac_info, gmac_cctx);
+ if (!(*cipher && *gmac_cipher))
+ return false;
}
else {
- return fastd_cipher_available(cipher_name) && fastd_cipher_available(gmac_cipher_name);
+ info = fastd_cipher_info_get_by_name(cipher_name);
+ gmac_info = fastd_cipher_info_get_by_name(gmac_cipher_name);
+ if (!(info && gmac_info))
+ return false;
}
+
+ if (cipher_info)
+ *cipher_info = info;
+
+ if (gmac_cipher_info)
+ *gmac_cipher_info = gmac_info;
+
+ return true;
}
static bool method_provides(const char *name) {
- return cipher_get(NULL, name, NULL, NULL, NULL, NULL);
+ const fastd_cipher_info_t *gmac_cipher_info;
+
+ if (!cipher_get(NULL, name, NULL, NULL, NULL, &gmac_cipher_info, NULL, NULL))
+ return false;
+
+ if (gmac_cipher_info->iv_length <= COMMON_NONCEBYTES)
+ return false;
+
+ return true;
}
static size_t method_key_length(fastd_context_t *ctx, const char *name) {
- const fastd_cipher_t *cipher = NULL;
- const fastd_cipher_context_t *cctx;
-
- const fastd_cipher_t *gmac_cipher = NULL;
- const fastd_cipher_context_t *gmac_cctx;
+ const fastd_cipher_info_t *cipher_info;
+ const fastd_cipher_info_t *gmac_cipher_info;
- if (!cipher_get(ctx, name, &cipher, &cctx, &gmac_cipher, &gmac_cctx))
+ if (!cipher_get(NULL, name, &cipher_info, NULL, NULL, &gmac_cipher_info, NULL, NULL))
exit_bug(ctx, "composed-gmac: can't get cipher key length");
- return cipher->key_length + gmac_cipher->key_length;
+ return cipher_info->key_length + gmac_cipher_info->key_length;
}
static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name, const uint8_t *secret, bool initiator) {
@@ -104,25 +129,27 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
fastd_method_common_init(ctx, &session->common, initiator);
- if (!cipher_get(ctx, name, &session->cipher, &session->cipher_ctx, &session->gmac_cipher, &session->gmac_cipher_ctx))
+ if (!cipher_get(ctx, name,
+ &session->cipher_info, &session->cipher, &session->cipher_ctx,
+ &session->gmac_cipher_info, &session->gmac_cipher, &session->gmac_cipher_ctx))
exit_bug(ctx, "composed-gmac: can't instanciate cipher");
session->cipher_state = session->cipher->init_state(ctx, session->cipher_ctx, secret);
- if (session->cipher->iv_length && session->cipher->iv_length <= COMMON_NONCEBYTES)
+ if (session->cipher_info->iv_length && session->cipher_info->iv_length <= COMMON_NONCEBYTES)
exit_bug(ctx, "composed-gmac: iv_length to small");
- session->gmac_cipher_state = session->gmac_cipher->init_state(ctx, session->gmac_cipher_ctx, secret + session->cipher->key_length);
- if (session->gmac_cipher->iv_length <= COMMON_NONCEBYTES)
+ session->gmac_cipher_state = session->gmac_cipher->init_state(ctx, session->gmac_cipher_ctx, secret + session->cipher_info->key_length);
+ if (session->gmac_cipher_info->iv_length <= COMMON_NONCEBYTES)
exit_bug(ctx, "composed-gmac: GMAC cipher iv_length to small");
fastd_block128_t H;
- uint8_t zeroiv[session->gmac_cipher->iv_length];
- memset(zeroiv, 0, session->gmac_cipher->iv_length);
+ uint8_t zeroiv[session->gmac_cipher_info->iv_length];
+ memset(zeroiv, 0, session->gmac_cipher_info->iv_length);
session->gmac_cipher->crypt(ctx, session->gmac_cipher_state, &H, &ZERO_BLOCK, sizeof(fastd_block128_t), zeroiv);
- session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_ctx);
+ session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_info, &session->ghash_ctx);
if (!session->ghash)
exit_bug(ctx, "composed-gmac: can't instanciate ghash mac");
@@ -179,19 +206,19 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
fastd_block128_t *outblocks = out->data;
fastd_block128_t sig;
- uint8_t gmac_nonce[session->gmac_cipher->iv_length];
- memset(gmac_nonce, 0, session->gmac_cipher->iv_length);
+ uint8_t gmac_nonce[session->gmac_cipher_info->iv_length];
+ memset(gmac_nonce, 0, session->gmac_cipher_info->iv_length);
memcpy(gmac_nonce, session->common.send_nonce, COMMON_NONCEBYTES);
- gmac_nonce[session->gmac_cipher->iv_length-1] = 1;
+ gmac_nonce[session->gmac_cipher_info->iv_length-1] = 1;
bool ok = session->gmac_cipher->crypt(ctx, session->gmac_cipher_state, outblocks, &ZERO_BLOCK, sizeof(fastd_block128_t), gmac_nonce);
if (ok) {
- uint8_t nonce[session->cipher->iv_length];
- if (session->cipher->iv_length) {
- memset(nonce, 0, session->cipher->iv_length);
+ uint8_t nonce[session->cipher_info->iv_length];
+ if (session->cipher_info->iv_length) {
+ memset(nonce, 0, session->cipher_info->iv_length);
memcpy(nonce, session->common.send_nonce, COMMON_NONCEBYTES);
- nonce[session->cipher->iv_length-1] = 1;
+ nonce[session->cipher_info->iv_length-1] = 1;
}
ok = session->cipher->crypt(ctx, session->cipher_state, outblocks+1, inblocks, n_blocks*sizeof(fastd_block128_t), nonce);
@@ -241,16 +268,16 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
if (!fastd_method_is_nonce_valid(ctx, &session->common, common_nonce, &age))
return false;
- uint8_t gmac_nonce[session->gmac_cipher->iv_length];
- memset(gmac_nonce, 0, session->gmac_cipher->iv_length);
+ uint8_t gmac_nonce[session->gmac_cipher_info->iv_length];
+ memset(gmac_nonce, 0, session->gmac_cipher_info->iv_length);
memcpy(gmac_nonce, common_nonce, COMMON_NONCEBYTES);
- gmac_nonce[session->gmac_cipher->iv_length-1] = 1;
+ gmac_nonce[session->gmac_cipher_info->iv_length-1] = 1;
- uint8_t nonce[session->cipher->iv_length];
- if (session->cipher->iv_length) {
- memset(nonce, 0, session->cipher->iv_length);
+ uint8_t nonce[session->cipher_info->iv_length];
+ if (session->cipher_info->iv_length) {
+ memset(nonce, 0, session->cipher_info->iv_length);
memcpy(nonce, common_nonce, COMMON_NONCEBYTES);
- nonce[session->cipher->iv_length-1] = 1;
+ nonce[session->cipher_info->iv_length-1] = 1;
}
fastd_buffer_push_head(ctx, &in, COMMON_HEADBYTES);
diff --git a/src/methods/generic_gcm/generic_gcm.c b/src/methods/generic_gcm/generic_gcm.c
index 5d3f6c4..a92ad1e 100644
--- a/src/methods/generic_gcm/generic_gcm.c
+++ b/src/methods/generic_gcm/generic_gcm.c
@@ -31,18 +31,20 @@
struct fastd_method_session_state {
fastd_method_common_t common;
+ const fastd_cipher_info_t *cipher_info;
const fastd_cipher_t *cipher;
const fastd_cipher_context_t *cipher_ctx;
fastd_cipher_state_t *cipher_state;
+ const fastd_mac_info_t *ghash_info;
const fastd_mac_t *ghash;
const fastd_mac_context_t *ghash_ctx;
fastd_mac_state_t *ghash_state;
};
-static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) {
- if (!fastd_mac_available("ghash"))
+static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) {
+ if (!fastd_mac_info_get_by_name("ghash"))
return false;
size_t len = strlen(name);
@@ -57,27 +59,39 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe
memcpy(name_ctr, name, len-3);
strncpy(name_ctr+len-3, "ctr", 4);
+ const fastd_cipher_info_t *info = NULL;
+
if (ctx) {
- *cipher = fastd_cipher_get_by_name(ctx, name_ctr, cctx);
- return *cipher;
+ *cipher = fastd_cipher_get_by_name(ctx, name_ctr, &info, cctx);
+ if (!*cipher)
+ return false;
}
else {
- return fastd_cipher_available(name_ctr);
+ info = fastd_cipher_info_get_by_name(name_ctr);
+ if (!info)
+ return false;
}
+
+ if (info->iv_length <= COMMON_NONCEBYTES)
+ return false;
+
+ if (cipher_info)
+ *cipher_info = info;
+
+ return true;
}
static bool method_provides(const char *name) {
- return cipher_get(NULL, name, NULL, NULL);
+ return cipher_get(NULL, name, NULL, NULL, NULL);
}
static size_t method_key_length(fastd_context_t *ctx, const char *name) {
- const fastd_cipher_t *cipher = NULL;
- const fastd_cipher_context_t *cctx;
- if (!cipher_get(ctx, name, &cipher, &cctx))
+ const fastd_cipher_info_t *cipher_info;
+ if (!cipher_get(NULL, name, &cipher_info, NULL, NULL))
exit_bug(ctx, "generic-gcm: can't get cipher key length");
- return cipher->key_length;
+ return cipher_info->key_length;
}
static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name, const uint8_t *secret, bool initiator) {
@@ -85,7 +99,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
fastd_method_common_init(ctx, &session->common, initiator);
- if (!cipher_get(ctx, name, &session->cipher, &session->cipher_ctx))
+ if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher, &session->cipher_ctx))
exit_bug(ctx, "generic-gcm: can't instanciate cipher");
session->cipher_state = session->cipher->init_state(ctx, session->cipher_ctx, secret);
@@ -93,15 +107,15 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
static const fastd_block128_t zeroblock = {};
fastd_block128_t H;
- if (session->cipher->iv_length <= COMMON_NONCEBYTES)
+ if (session->cipher_info->iv_length <= COMMON_NONCEBYTES)
exit_bug(ctx, "generic-gcm: iv_length to small");
- uint8_t zeroiv[session->cipher->iv_length];
- memset(zeroiv, 0, session->cipher->iv_length);
+ uint8_t zeroiv[session->cipher_info->iv_length];
+ memset(zeroiv, 0, session->cipher_info->iv_length);
session->cipher->crypt(ctx, session->cipher_state, &H, &zeroblock, sizeof(fastd_block128_t), zeroiv);
- session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_ctx);
+ session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_info, &session->ghash_ctx);
if (!session->ghash)
exit_bug(ctx, "generic-gcm: can't instanciate ghash mac");
@@ -161,10 +175,10 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
if (tail_len)
memset(in.data+in.len, 0, tail_len);
- uint8_t nonce[session->cipher->iv_length];
- memset(nonce, 0, session->cipher->iv_length);
+ uint8_t nonce[session->cipher_info->iv_length];
+ memset(nonce, 0, session->cipher_info->iv_length);
memcpy(nonce, session->common.send_nonce, COMMON_NONCEBYTES);
- nonce[session->cipher->iv_length-1] = 1;
+ nonce[session->cipher_info->iv_length-1] = 1;
int n_blocks = block_count(in.len, sizeof(fastd_block128_t));
@@ -214,10 +228,10 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
if (((const uint8_t*)in.data)[COMMON_NONCEBYTES]) /* flags */
return false;
- uint8_t nonce[session->cipher->iv_length];
- memset(nonce, 0, session->cipher->iv_length);
+ uint8_t nonce[session->cipher_info->iv_length];
+ memset(nonce, 0, session->cipher_info->iv_length);
memcpy(nonce, in.data, COMMON_NONCEBYTES);
- nonce[session->cipher->iv_length-1] = 1;
+ nonce[session->cipher_info->iv_length-1] = 1;
int64_t age;
if (!fastd_method_is_nonce_valid(ctx, &session->common, nonce, &age))
diff --git a/src/methods/generic_gmac/generic_gmac.c b/src/methods/generic_gmac/generic_gmac.c
index 03377c5..86c02f7 100644
--- a/src/methods/generic_gmac/generic_gmac.c
+++ b/src/methods/generic_gmac/generic_gmac.c
@@ -31,18 +31,20 @@
struct fastd_method_session_state {
fastd_method_common_t common;
+ const fastd_cipher_info_t *cipher_info;
const fastd_cipher_t *cipher;
const fastd_cipher_context_t *cipher_ctx;
fastd_cipher_state_t *cipher_state;
+ const fastd_mac_info_t *ghash_info;
const fastd_mac_t *ghash;
const fastd_mac_context_t *ghash_ctx;
fastd_mac_state_t *ghash_state;
};
-static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) {
- if (!fastd_mac_available("ghash"))
+static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) {
+ if (!fastd_mac_info_get_by_name("ghash"))
return false;
size_t len = strlen(name);
@@ -60,27 +62,39 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe
memcpy(cipher_name, name, len-5);
cipher_name[len-5] = 0;
+ const fastd_cipher_info_t *info = NULL;
+
if (ctx) {
- *cipher = fastd_cipher_get_by_name(ctx, cipher_name, cctx);
- return *cipher;
+ *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &info, cctx);
+ if (!*cipher)
+ return false;
}
else {
- return fastd_cipher_available(cipher_name);
+ info = fastd_cipher_info_get_by_name(cipher_name);
+ if (!info)
+ return false;
}
+
+ if (info->iv_length <= COMMON_NONCEBYTES)
+ return false;
+
+ if (cipher_info)
+ *cipher_info = info;
+
+ return true;
}
static bool method_provides(const char *name) {
- return cipher_get(NULL, name, NULL, NULL);
+ return cipher_get(NULL, name, NULL, NULL, NULL);
}
static size_t method_key_length(fastd_context_t *ctx, const char *name) {
- const fastd_cipher_t *cipher = NULL;
- const fastd_cipher_context_t *cctx;
- if (!cipher_get(ctx, name, &cipher, &cctx))
+ const fastd_cipher_info_t *cipher_info;
+ if (!cipher_get(NULL, name, &cipher_info, NULL, NULL))
exit_bug(ctx, "generic-gmac: can't get cipher key length");
- return cipher->key_length;
+ return cipher_info->key_length;
}
static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name, const uint8_t *secret, bool initiator) {
@@ -88,7 +102,7 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
fastd_method_common_init(ctx, &session->common, initiator);
- if (!cipher_get(ctx, name, &session->cipher, &session->cipher_ctx))
+ if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher, &session->cipher_ctx))
exit_bug(ctx, "generic-gmac: can't instanciate cipher");
session->cipher_state = session->cipher->init_state(ctx, session->cipher_ctx, secret);
@@ -96,15 +110,15 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
static const fastd_block128_t zeroblock = {};
fastd_block128_t H;
- if (session->cipher->iv_length <= COMMON_NONCEBYTES)
+ if (session->cipher_info->iv_length <= COMMON_NONCEBYTES)
exit_bug(ctx, "generic-gmac: iv_length to small");
- uint8_t zeroiv[session->cipher->iv_length];
- memset(zeroiv, 0, session->cipher->iv_length);
+ uint8_t zeroiv[session->cipher_info->iv_length];
+ memset(zeroiv, 0, session->cipher_info->iv_length);
session->cipher->crypt(ctx, session->cipher_state, &H, &zeroblock, sizeof(fastd_block128_t), zeroiv);
- session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_ctx);
+ session->ghash = fastd_mac_get_by_name(ctx, "ghash", &session->ghash_info, &session->ghash_ctx);
if (!session->ghash)
exit_bug(ctx, "generic-gmac: can't instanciate ghash mac");
@@ -164,10 +178,10 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
if (tail_len)
memset(in.data+in.len, 0, tail_len);
- uint8_t nonce[session->cipher->iv_length];
- memset(nonce, 0, session->cipher->iv_length);
+ uint8_t nonce[session->cipher_info->iv_length];
+ memset(nonce, 0, session->cipher_info->iv_length);
memcpy(nonce, session->common.send_nonce, COMMON_NONCEBYTES);
- nonce[session->cipher->iv_length-1] = 1;
+ nonce[session->cipher_info->iv_length-1] = 1;
int n_blocks = block_count(in.len, sizeof(fastd_block128_t));
@@ -217,10 +231,10 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
if (((const uint8_t*)in.data)[COMMON_NONCEBYTES]) /* flags */
return false;
- uint8_t nonce[session->cipher->iv_length];
- memset(nonce, 0, session->cipher->iv_length);
+ uint8_t nonce[session->cipher_info->iv_length];
+ memset(nonce, 0, session->cipher_info->iv_length);
memcpy(nonce, in.data, COMMON_NONCEBYTES);
- nonce[session->cipher->iv_length-1] = 1;
+ nonce[session->cipher_info->iv_length-1] = 1;
int64_t age;
if (!fastd_method_is_nonce_valid(ctx, &session->common, nonce, &age))
diff --git a/src/methods/generic_poly1305/generic_poly1305.c b/src/methods/generic_poly1305/generic_poly1305.c
index 84f9f9a..3820907 100644
--- a/src/methods/generic_poly1305/generic_poly1305.c
+++ b/src/methods/generic_poly1305/generic_poly1305.c
@@ -36,13 +36,14 @@
struct fastd_method_session_state {
fastd_method_common_t common;
+ const fastd_cipher_info_t *cipher_info;
const fastd_cipher_t *cipher;
const fastd_cipher_context_t *cipher_ctx;
fastd_cipher_state_t *cipher_state;
};
-static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) {
+static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_cipher_info_t **cipher_info, const fastd_cipher_t **cipher, const fastd_cipher_context_t **cctx) {
size_t len = strlen(name);
if (len < 9)
@@ -55,27 +56,39 @@ static bool cipher_get(fastd_context_t *ctx, const char *name, const fastd_ciphe
memcpy(cipher_name, name, len-9);
cipher_name[len-9] = 0;
+ const fastd_cipher_info_t *info = NULL;
+
if (ctx) {
- *cipher = fastd_cipher_get_by_name(ctx, cipher_name, cctx);
- return *cipher;
+ *cipher = fastd_cipher_get_by_name(ctx, cipher_name, &info, cctx);
+ if (!*cipher)
+ return false;
}
else {
- return fastd_cipher_available(cipher_name);
+ info = fastd_cipher_info_get_by_name(cipher_name);
+ if (!info)
+ return false;
}
+
+ if (info->iv_length <= COMMON_NONCEBYTES)
+ return false;
+
+ if (cipher_info)
+ *cipher_info = info;
+
+ return true;
}
static bool method_provides(const char *name) {
- return cipher_get(NULL, name, NULL, NULL);
+ return cipher_get(NULL, name, NULL, NULL, NULL);
}
static size_t method_key_length(fastd_context_t *ctx, const char *name) {
- const fastd_cipher_t *cipher = NULL;
- const fastd_cipher_context_t *cctx;
- if (!cipher_get(ctx, name, &cipher, &cctx))
+ const fastd_cipher_info_t *cipher_info;
+ if (!cipher_get(NULL, name, &cipher_info, NULL, NULL))
exit_bug(ctx, "generic-poly1305: can't get cipher key length");
- return cipher->key_length;
+ return cipher_info->key_length;
}
static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, const char *name, const uint8_t *secret, bool initiator) {
@@ -83,12 +96,12 @@ static fastd_method_session_state_t* method_session_init(fastd_context_t *ctx, c
fastd_method_common_init(ctx, &session->common, initiator);
- if (!cipher_get(ctx, name, &session->cipher, &session->cipher_ctx))
+ if (!cipher_get(ctx, name, &session->cipher_info, &session->cipher, &session->cipher_ctx))
exit_bug(ctx, "generic-poly1305: can't instanciate cipher");
session->cipher_state = session->cipher->init_state(ctx, session->cipher_ctx, secret);
- if (session->cipher->iv_length <= COMMON_NONCEBYTES)
+ if (session->cipher_info->iv_length <= COMMON_NONCEBYTES)
exit_bug(ctx, "generic-poly1305: iv_length to small");
return session;
@@ -127,10 +140,10 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
if (tail_len)
memset(in.data+in.len, 0, tail_len);
- uint8_t nonce[session->cipher->iv_length];
- memset(nonce, 0, session->cipher->iv_length);
+ uint8_t nonce[session->cipher_info->iv_length];
+ memset(nonce, 0, session->cipher_info->iv_length);
memcpy(nonce, session->common.send_nonce, COMMON_NONCEBYTES);
- nonce[session->cipher->iv_length-1] = 1;
+ nonce[session->cipher_info->iv_length-1] = 1;
int n_blocks = block_count(in.len, sizeof(fastd_block128_t));
@@ -174,10 +187,10 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
if (((const uint8_t*)in.data)[COMMON_NONCEBYTES]) /* flags */
return false;
- uint8_t nonce[session->cipher->iv_length];
- memset(nonce, 0, session->cipher->iv_length);
+ uint8_t nonce[session->cipher_info->iv_length];
+ memset(nonce, 0, session->cipher_info->iv_length);
memcpy(nonce, in.data, COMMON_NONCEBYTES);
- nonce[session->cipher->iv_length-1] = 1;
+ nonce[session->cipher_info->iv_length-1] = 1;
int64_t age;
if (!fastd_method_is_nonce_valid(ctx, &session->common, nonce, &age))
diff --git a/src/types.h b/src/types.h
index 352bf7c..2796f38 100644
--- a/src/types.h
+++ b/src/types.h
@@ -114,7 +114,11 @@ typedef struct fastd_context fastd_context_t;
typedef struct fastd_protocol fastd_protocol_t;
typedef struct fastd_method fastd_method_t;
+
+typedef struct fastd_cipher_info fastd_cipher_info_t;
typedef struct fastd_cipher fastd_cipher_t;
+
+typedef struct fastd_mac_info fastd_mac_info_t;
typedef struct fastd_mac fastd_mac_t;
typedef struct fastd_handshake fastd_handshake_t;