split encrypt/decrypt functionality of crypto_cbc()

4 files changed, 44 insertions, 46 deletions

diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c
index b3bb3b590..cb28c1679 100644
--- a/src/pluto/crypto.c
+++ b/src/pluto/crypto.c
@@ -544,42 +544,6 @@ static void do_3des(u_int8_t *buf, size_t buf_len, u_int8_t *key,
 		(des_cblock *)iv, enc);
 }
 
-void crypto_cbc_encrypt(const struct encrypt_desc *e, bool enc, u_int8_t *buf,
-						size_t size, struct state *st)
-{
-	chunk_t data = { buf, size };
-	chunk_t iv;
-    char *new_iv;
-	size_t crypter_block_size;
-	encryption_algorithm_t enc_alg;
-	crypter_t *crypter;
-
-	enc_alg = oakley_to_encryption_algorithm(e->algo_id);
-	crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, st->st_enc_key.len);
-	crypter->set_key(crypter, st->st_enc_key);
-	crypter_block_size = crypter->get_block_size(crypter);
-
-	/* form iv by truncation */
-	passert(st->st_new_iv_len >= crypter_block_size);
-	st->st_new_iv_len = crypter_block_size;
-	iv = chunk_create(st->st_new_iv, st->st_new_iv_len);
-
-	if (enc)
-	{
-		crypter->encrypt(crypter, data, iv, NULL);
-	    new_iv = data.ptr + data.len - crypter_block_size;
-	}
-	else
-	{
-		new_iv = alloca(crypter_block_size);
-	    memcpy(new_iv, data.ptr + data.len - crypter_block_size,
-			   crypter_block_size);
-		crypter->decrypt(crypter, data, iv, NULL);
-	}
-	crypter->destroy(crypter);
-    memcpy(st->st_new_iv, new_iv, crypter_block_size);
-}
-
 encryption_algorithm_t oakley_to_encryption_algorithm(int alg)
 {
 	switch (alg)
diff --git a/src/pluto/crypto.h b/src/pluto/crypto.h
index c07f695da..8aecd4148 100644
--- a/src/pluto/crypto.h
+++ b/src/pluto/crypto.h
@@ -48,8 +48,6 @@ extern const struct oakley_group_desc oakley_group[OAKLEY_GROUP_SIZE];
 
 struct state;   /* forward declaration, dammit */
 
-void crypto_cbc_encrypt(const struct encrypt_desc *e, bool enc, u_int8_t *buf, size_t size, struct state *st);
-
 #define update_iv(st)   memcpy((st)->st_iv, (st)->st_new_iv \
 	, (st)->st_iv_len = (st)->st_new_iv_len)
 
diff --git a/src/pluto/demux.c b/src/pluto/demux.c
index fef9b98cc..53b44a0f8 100644
--- a/src/pluto/demux.c
+++ b/src/pluto/demux.c
@@ -1780,9 +1780,17 @@ process_packet(struct msg_digest **mdp)
 		 * the last phase 1 block, not the last block sent.
 		 */
 		{
-			const struct encrypt_desc *e = st->st_oakley.encrypter;
+			size_t crypter_block_size;
+			encryption_algorithm_t enc_alg;
+			crypter_t *crypter;
+			chunk_t data, iv;
+		    char *new_iv;
 
-			if (pbs_left(&md->message_pbs) % e->enc_blocksize != 0)
+			enc_alg = oakley_to_encryption_algorithm(st->st_oakley.encrypt);
+			crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, st->st_enc_key.len);
+			crypter_block_size = crypter->get_block_size(crypter);
+
+			if (pbs_left(&md->message_pbs) % crypter_block_size != 0)
 			{
 				loglog(RC_LOG_SERIOUS, "malformed message: not a multiple of encryption blocksize");
 				SEND_NOTIFICATION(PAYLOAD_MALFORMED);
@@ -1795,6 +1803,8 @@ process_packet(struct msg_digest **mdp)
 			md->raw_packet = chunk_create(md->packet_pbs.start, pbs_room(&md->packet_pbs));
 			md->raw_packet = chunk_clone(md->raw_packet);
 
+			data = chunk_create(md->message_pbs.cur, pbs_left(&md->message_pbs));
+
 			/* Decrypt everything after header */
 			if (!new_iv_set)
 			{
@@ -1803,8 +1813,19 @@ process_packet(struct msg_digest **mdp)
 				st->st_new_iv_len = st->st_iv_len;
 				memcpy(st->st_new_iv, st->st_iv, st->st_new_iv_len);
 			}
-			crypto_cbc_encrypt(e, FALSE, md->message_pbs.cur, 
-							pbs_left(&md->message_pbs) , st);
+
+			/* form iv by truncation */
+			st->st_new_iv_len = crypter_block_size;
+			iv = chunk_create(st->st_new_iv, st->st_new_iv_len);
+			new_iv = alloca(crypter_block_size);
+			memcpy(new_iv, data.ptr + data.len - crypter_block_size,
+				   crypter_block_size);
+
+			crypter->set_key(crypter, st->st_enc_key);	
+			crypter->decrypt(crypter, data, iv, NULL);
+			crypter->destroy(crypter);
+
+    		memcpy(st->st_new_iv, new_iv, crypter_block_size);
 			if (restore_iv)
 			{
 				memcpy(st->st_new_iv, new_iv, new_iv_len);
diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c
index 8bc1eb280..69ceb1718 100644
--- a/src/pluto/ipsec_doi.c
+++ b/src/pluto/ipsec_doi.c
@@ -1857,18 +1857,25 @@ static notification_t accept_nonce(struct msg_digest *md, chunk_t *dest,
 bool
 encrypt_message(pb_stream *pbs, struct state *st)
 {
-	const struct encrypt_desc *e = st->st_oakley.encrypter;
 	u_int8_t *enc_start = pbs->start + sizeof(struct isakmp_hdr);
 	size_t enc_len = pbs_offset(pbs) - sizeof(struct isakmp_hdr);
+	chunk_t data, iv;
+    char *new_iv;
+	size_t crypter_block_size;
+	encryption_algorithm_t enc_alg;
+	crypter_t *crypter;
 
 	DBG_cond_dump(DBG_CRYPT | DBG_RAW, "encrypting:\n", enc_start, enc_len);
+	enc_alg = oakley_to_encryption_algorithm(st->st_oakley.encrypt);
+	crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, st->st_enc_key.len);
+	crypter_block_size = crypter->get_block_size(crypter);
 
 	/* Pad up to multiple of encryption blocksize.
 	 * See the description associated with the definition of
 	 * struct isakmp_hdr in packet.h.
 	 */
 	{
-		size_t padding = pad_up(enc_len, e->enc_blocksize);
+		size_t padding = pad_up(enc_len, crypter_block_size);
 
 		if (padding != 0)
 		{
@@ -1879,10 +1886,18 @@ encrypt_message(pb_stream *pbs, struct state *st)
 	}
 
 	DBG(DBG_CRYPT, DBG_log("encrypting using %s", enum_show(&oakley_enc_names, st->st_oakley.encrypt)));
+	data = chunk_create(enc_start, enc_len);
 
-	/* e->crypt(TRUE, enc_start, enc_len, st); */
-	crypto_cbc_encrypt(e, TRUE, enc_start, enc_len, st);
+	/* form iv by truncation */
+	st->st_new_iv_len = crypter_block_size;
+	iv = chunk_create(st->st_new_iv, st->st_new_iv_len);
 
+	crypter->set_key(crypter, st->st_enc_key);
+	crypter->encrypt(crypter, data, iv, NULL);
+	crypter->destroy(crypter);
+ 
+	new_iv = data.ptr + data.len - crypter_block_size;
+	memcpy(st->st_new_iv, new_iv, crypter_block_size);
 	update_iv(st);
 	DBG_cond_dump(DBG_CRYPT, "next IV:", st->st_iv, st->st_iv_len);
 	close_message(pbs);