X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=crypt.c;h=1678977a4502a008a695843b5e56a0e9a4bc6a79;hp=f33f769f6f035c18946c21fea064b37052802583;hb=3a6b996d8b39fdc067df352d1eee757ef2a8f49b;hpb=26a0b7e457d1dd7e0e40d866d28de00c5d1cfa54 diff --git a/crypt.c b/crypt.c index f33f769f..1678977a 100644 --- a/crypt.c +++ b/crypt.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2012 Andre Noll + * Copyright (C) 2005-2014 Andre Noll * * Licensed under the GPL v2. For licencing details see COPYING. */ @@ -15,6 +15,7 @@ #include #include #include +#include #include "para.h" #include "error.h" @@ -147,8 +148,7 @@ static int read_rsa_bignums(const unsigned char *blob, int blen, RSA **result) *result = rsa; return 1; fail: - if (rsa) - RSA_free(rsa); + RSA_free(rsa); return ret; } @@ -260,14 +260,40 @@ int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf, return ret < 0? -E_ENCRYPT : ret; } +struct aes_ctr_128_context { + AES_KEY key; + unsigned char ivec[AES_CRT128_BLOCK_SIZE]; + unsigned char ecount[AES_CRT128_BLOCK_SIZE]; + unsigned int num; +}; + struct stream_cipher { - RC4_KEY key; + bool use_aes; + union { + RC4_KEY rc4_key; + struct aes_ctr_128_context aes; + } context; }; -struct stream_cipher *sc_new(const unsigned char *data, int len) +struct stream_cipher *sc_new(const unsigned char *data, int len, + bool use_aes) { + int ret; struct stream_cipher *sc = para_malloc(sizeof(*sc)); - RC4_set_key(&sc->key, len, data); + struct aes_ctr_128_context *aes; + + sc->use_aes = use_aes; + if (!use_aes) { + RC4_set_key(&sc->context.rc4_key, len, data); + return sc; + } + assert(len >= 2 * AES_CRT128_BLOCK_SIZE); + aes = &sc->context.aes; + ret = AES_set_encrypt_key(data, AES_CRT128_BLOCK_SIZE * 8 /* bits */, + &aes->key); + assert(ret == 0); + memcpy(aes->ivec, data + AES_CRT128_BLOCK_SIZE, AES_CRT128_BLOCK_SIZE); + aes->num = 0; return sc; } @@ -283,38 +309,49 @@ void sc_free(struct stream_cipher *sc) */ #define RC4_ALIGN 8 -int sc_send_bin_buffer(struct stream_cipher_context *scc, char *buf, - size_t len) +static void rc4_crypt(RC4_KEY *key, struct iovec *src, struct iovec *dst) { - int ret; - unsigned char *tmp; - static unsigned char remainder[RC4_ALIGN]; - size_t l1 = ROUND_DOWN(len, RC4_ALIGN), l2 = ROUND_UP(len, RC4_ALIGN); - - assert(len); - tmp = para_malloc(l2); - RC4(&scc->send->key, l1, (const unsigned char *)buf, tmp); + size_t len = src->iov_len, l1, l2; + + assert(len > 0); + assert(len < ((typeof(src->iov_len))-1) / 2); + l1 = ROUND_DOWN(len, RC4_ALIGN); + l2 = ROUND_UP(len, RC4_ALIGN); + + *dst = (typeof(*dst)) { + /* Add one for the terminating zero byte. */ + .iov_base = para_malloc(l2 + 1), + .iov_len = len + }; + RC4(key, l1, src->iov_base, dst->iov_base); if (len > l1) { - memcpy(remainder, buf + l1, len - l1); - RC4(&scc->send->key, len - l1, remainder, tmp + l1); + unsigned char remainder[RC4_ALIGN] = ""; + memcpy(remainder, src->iov_base + l1, len - l1); + RC4(key, len - l1, remainder, dst->iov_base + l1); } - ret = xwrite(scc->fd, (char *)tmp, len); - free(tmp); - return ret; + ((char *)dst->iov_base)[len] = '\0'; } -int sc_recv_bin_buffer(struct stream_cipher_context *scc, char *buf, - size_t size) +static void aes_ctr128_crypt(struct aes_ctr_128_context *aes, struct iovec *src, + struct iovec *dst) { - unsigned char *tmp = para_malloc(ROUND_UP(size, RC4_ALIGN)); - ssize_t ret = recv(scc->fd, tmp, size, 0); - - if (ret > 0) - RC4(&scc->recv->key, ret, tmp, (unsigned char *)buf); - else if (ret < 0) - ret = -ERRNO_TO_PARA_ERROR(errno); - free(tmp); - return ret; + size_t len = src->iov_len; + + *dst = (typeof(*dst)) { + /* Add one for the terminating zero byte. */ + .iov_base = para_malloc(len + 1), + .iov_len = len + }; + AES_ctr128_encrypt(src->iov_base, dst->iov_base, len, + &aes->key, aes->ivec, aes->ecount, &aes->num); + ((char *)dst->iov_base)[len] = '\0'; +} + +void sc_crypt(struct stream_cipher *sc, struct iovec *src, struct iovec *dst) +{ + if (sc->use_aes) + return aes_ctr128_crypt(&sc->context.aes, src, dst); + return rc4_crypt(&sc->context.rc4_key, src, dst); } void hash_function(const char *data, unsigned long len, unsigned char *hash)