cleaned up pluto's crypto framework

13 files changed, 41 insertions, 183 deletions

diff --git a/src/libstrongswan/crypto/crypters/crypter.h b/src/libstrongswan/crypto/crypters/crypter.h
index f2b18d3f8..2879e24c0 100644
--- a/src/libstrongswan/crypto/crypters/crypter.h
+++ b/src/libstrongswan/crypto/crypters/crypter.h
@@ -61,6 +61,12 @@ enum encryption_algorithm_t {
     ENCR_TWOFISH_CBC =      1027
 };
 
+#define DES_BLOCK_SIZE			 8
+#define BLOWFISH_BLOCK_SIZE		 8
+#define AES_BLOCK_SIZE			16
+#define SERPENT_BLOCK_SIZE		16
+#define TWOFISH_BLOCK_SIZE		16
+
 /**
  * enum name for encryption_algorithm_t.
  */
diff --git a/src/libstrongswan/plugins/aes/aes_crypter.c b/src/libstrongswan/plugins/aes/aes_crypter.c
index 375bd74dd..c5b091750 100644
--- a/src/libstrongswan/plugins/aes/aes_crypter.c
+++ b/src/libstrongswan/plugins/aes/aes_crypter.c
@@ -32,8 +32,6 @@
 #define AES_KS_LENGTH   120
 #define AES_RC_LENGTH    29
 
-#define AES_BLOCK_SIZE 16
-
 typedef struct private_aes_crypter_t private_aes_crypter_t;
 
 /**
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
index 01e6cf513..5064bfef6 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
+++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
@@ -64,8 +64,6 @@
  
 #include "blowfish_crypter.h"
 
-#define BLOWFISH_BLOCK_SIZE		8
-
 typedef struct private_blowfish_crypter_t private_blowfish_crypter_t;
 
 /**
diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c
index 7a382dffa..680fe8b6a 100644
--- a/src/libstrongswan/plugins/des/des_crypter.c
+++ b/src/libstrongswan/plugins/des/des_crypter.c
@@ -60,7 +60,7 @@
 
 #include "des_crypter.h"
 
-typedef u_char des_cblock[8];
+typedef u_char des_cblock[DES_BLOCK_SIZE];
 
 typedef struct des_ks_struct {
 	des_cblock _;
diff --git a/src/libstrongswan/plugins/serpent/serpent_crypter.c b/src/libstrongswan/plugins/serpent/serpent_crypter.c
index 613c337da..660a3db6c 100644
--- a/src/libstrongswan/plugins/serpent/serpent_crypter.c
+++ b/src/libstrongswan/plugins/serpent/serpent_crypter.c
@@ -18,8 +18,6 @@
 #include "serpent_crypter.h"
 #include "serpent.h"
 
-#define SERPENT_BLOCK_SIZE 16
-
 typedef struct private_serpent_crypter_t private_serpent_crypter_t;
 
 /**
diff --git a/src/libstrongswan/plugins/twofish/twofish_crypter.c b/src/libstrongswan/plugins/twofish/twofish_crypter.c
index 898ac89e4..854c99e07 100644
--- a/src/libstrongswan/plugins/twofish/twofish_crypter.c
+++ b/src/libstrongswan/plugins/twofish/twofish_crypter.c
@@ -18,8 +18,6 @@
 #include "twofish_crypter.h"
 #include "twofish.h"
 
-#define TWOFISH_BLOCK_SIZE 16
-
 typedef struct private_twofish_crypter_t private_twofish_crypter_t;
 
 /**
diff --git a/src/pluto/alg/ike_alg_aes.c b/src/pluto/alg/ike_alg_aes.c
index c635af723..8ed00c5e4 100644
--- a/src/pluto/alg/ike_alg_aes.c
+++ b/src/pluto/alg/ike_alg_aes.c
@@ -7,52 +7,24 @@
 #include "constants.h"
 #include "defs.h"
 #include "log.h"
-#include "libaes/aes_cbc.h"
 #include "alg_info.h"
 #include "ike_alg.h"
 
-#define  AES_CBC_BLOCK_SIZE	(128/BITS_PER_BYTE)
 #define  AES_KEY_MIN_LEN	128
 #define  AES_KEY_DEF_LEN	128
 #define  AES_KEY_MAX_LEN	256
 
-static void
-do_aes(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc)
-{
-    aes_context aes_ctx;
-    char iv_bak[AES_CBC_BLOCK_SIZE];
-    char *new_iv = NULL;	/* logic will avoid copy to NULL */
-
-    aes_set_key(&aes_ctx, key, key_size, 0);
-
-    /*	
-     *	my AES cbc does not touch passed IV (optimization for
-     *	ESP handling), so I must "emulate" des-like IV
-     *	crunching
-     */
-    if (!enc)
-	memcpy(new_iv=iv_bak, (char*) buf + buf_len - AES_CBC_BLOCK_SIZE
-		, AES_CBC_BLOCK_SIZE);
-
-    SS_AES_cbc_encrypt(&aes_ctx, buf, buf, buf_len, iv, enc);
-
-    if (enc)
-	new_iv = (char*) buf + buf_len-AES_CBC_BLOCK_SIZE;
-
-    memcpy(iv, new_iv, AES_CBC_BLOCK_SIZE);
-}
-
 struct encrypt_desc algo_aes =
 {
 	algo_type: 	IKE_ALG_ENCRYPT,
 	algo_id:   	OAKLEY_AES_CBC,
 	algo_next: 	NULL, 
-	enc_ctxsize: 	sizeof(aes_context),
-	enc_blocksize: 	AES_CBC_BLOCK_SIZE,
-	keyminlen: 	AES_KEY_MIN_LEN,
-	keydeflen: 	AES_KEY_DEF_LEN,
-	keymaxlen: 	AES_KEY_MAX_LEN,
-	do_crypt: 	do_aes,
+
+	enc_blocksize: 	AES_BLOCK_SIZE,
+	keyminlen: 		AES_KEY_MIN_LEN,
+	keydeflen: 		AES_KEY_DEF_LEN,
+	keymaxlen: 		AES_KEY_MAX_LEN,
+	enc_testvectors: NULL
 };
 
 int ike_alg_aes_init(void);
diff --git a/src/pluto/alg/ike_alg_blowfish.c b/src/pluto/alg/ike_alg_blowfish.c
index 3172cd817..427e1c990 100644
--- a/src/pluto/alg/ike_alg_blowfish.c
+++ b/src/pluto/alg/ike_alg_blowfish.c
@@ -7,11 +7,9 @@
 #include "constants.h"
 #include "defs.h"
 #include "log.h"
-#include "libblowfish/blowfish.h"
 #include "alg_info.h"
 #include "ike_alg.h"
 
-#define  BLOWFISH_CBC_BLOCK_SIZE	8  	/* block size */
 #define  BLOWFISH_KEY_MIN_LEN	128
 #define  BLOWFISH_KEY_MAX_LEN	448
 
@@ -91,26 +89,16 @@ static const enc_testvector_t bf_enc_testvectors[] = {
 	{ 0, NULL, NULL, 0, NULL, NULL }
 };
 
-static void
-do_blowfish(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc)
-{
-    BF_KEY bf_ctx;
-
-    BF_set_key(&bf_ctx, key_size , key);
-    BF_cbc_encrypt(buf, buf, buf_len, &bf_ctx, iv, enc);
-}
-
 struct encrypt_desc algo_blowfish =
 {
 	algo_type: IKE_ALG_ENCRYPT,
 	algo_id:   OAKLEY_BLOWFISH_CBC,
 	algo_next: NULL, 
-	enc_ctxsize: sizeof(BF_KEY),
-	enc_blocksize: BLOWFISH_CBC_BLOCK_SIZE,
-	keyminlen: BLOWFISH_KEY_MIN_LEN,
-	keydeflen: BLOWFISH_KEY_MIN_LEN,
-	keymaxlen: BLOWFISH_KEY_MAX_LEN,
-	do_crypt: do_blowfish,
+
+	enc_blocksize:	BLOWFISH_BLOCK_SIZE,
+	keyminlen:		BLOWFISH_KEY_MIN_LEN,
+	keydeflen:		BLOWFISH_KEY_MIN_LEN,
+	keymaxlen:		BLOWFISH_KEY_MAX_LEN,
 	enc_testvectors: bf_enc_testvectors,
 };
 
diff --git a/src/pluto/alg/ike_alg_serpent.c b/src/pluto/alg/ike_alg_serpent.c
index c7b6cfe68..4bcd739ce 100644
--- a/src/pluto/alg/ike_alg_serpent.c
+++ b/src/pluto/alg/ike_alg_serpent.c
@@ -7,53 +7,23 @@
 #include "constants.h"
 #include "defs.h"
 #include "log.h"
-#include "libserpent/serpent_cbc.h"
 #include "alg_info.h"
 #include "ike_alg.h"
 
-#define  SERPENT_CBC_BLOCK_SIZE	(128/BITS_PER_BYTE)
 #define  SERPENT_KEY_MIN_LEN	128
 #define  SERPENT_KEY_DEF_LEN	128
 #define  SERPENT_KEY_MAX_LEN	256
 
-static void
-do_serpent(u_int8_t *buf, size_t buf_size, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc)
-{
-    serpent_context serpent_ctx;
-    char iv_bak[SERPENT_CBC_BLOCK_SIZE];
-    char *new_iv = NULL;	/* logic will avoid copy to NULL */
-
-
-    serpent_set_key(&serpent_ctx, key, key_size);
-    /*	
-     *	my SERPENT cbc does not touch passed IV (optimization for
-     *	ESP handling), so I must "emulate" des-like IV
-     *	crunching
-     */
-    if (!enc)
-	    memcpy(new_iv=iv_bak, 
-			    (char*) buf + buf_size-SERPENT_CBC_BLOCK_SIZE,
-			    SERPENT_CBC_BLOCK_SIZE);
-
-    serpent_cbc_encrypt(&serpent_ctx, buf, buf, buf_size, iv, enc);
-
-    if (enc)
-	    new_iv = (char*) buf + buf_size-SERPENT_CBC_BLOCK_SIZE;
-
-    memcpy(iv, new_iv, SERPENT_CBC_BLOCK_SIZE);
-}
-
 struct encrypt_desc encrypt_desc_serpent =
 {
 	algo_type: 	IKE_ALG_ENCRYPT,
 	algo_id:   	OAKLEY_SERPENT_CBC,
 	algo_next: 	NULL,
-	enc_ctxsize: 	sizeof(struct serpent_context),
-	enc_blocksize: 	SERPENT_CBC_BLOCK_SIZE,
-	keyminlen: 	SERPENT_KEY_MIN_LEN,
-	keydeflen: 	SERPENT_KEY_DEF_LEN,
-	keymaxlen: 	SERPENT_KEY_MAX_LEN,
-	do_crypt: 	do_serpent,
+
+	enc_blocksize:	SERPENT_BLOCK_SIZE,
+	keyminlen:		SERPENT_KEY_MIN_LEN,
+	keydeflen:		SERPENT_KEY_DEF_LEN,
+	keymaxlen:		SERPENT_KEY_MAX_LEN,
 	enc_testvectors: NULL		
 };
 
diff --git a/src/pluto/alg/ike_alg_twofish.c b/src/pluto/alg/ike_alg_twofish.c
index 9d40e3e50..38ba4adb2 100644
--- a/src/pluto/alg/ike_alg_twofish.c
+++ b/src/pluto/alg/ike_alg_twofish.c
@@ -11,48 +11,20 @@
 #include "alg_info.h"
 #include "ike_alg.h"
 
-#define  TWOFISH_CBC_BLOCK_SIZE	(128/BITS_PER_BYTE)
 #define  TWOFISH_KEY_MIN_LEN	128
 #define  TWOFISH_KEY_DEF_LEN	128
 #define  TWOFISH_KEY_MAX_LEN	256
 
-static void
-do_twofish(u_int8_t *buf, size_t buf_size, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc)
-{
-    twofish_context twofish_ctx;
-    char iv_bak[TWOFISH_CBC_BLOCK_SIZE];
-    char *new_iv = NULL;	/* logic will avoid copy to NULL */
-
-    twofish_set_key(&twofish_ctx, key, key_size);
-    /*	
-     *	my TWOFISH cbc does not touch passed IV (optimization for
-     *	ESP handling), so I must "emulate" des-like IV
-     *	crunching
-     */
-    if (!enc)
-	    memcpy(new_iv=iv_bak, 
-			    (char*) buf + buf_size-TWOFISH_CBC_BLOCK_SIZE,
-			    TWOFISH_CBC_BLOCK_SIZE);
-
-    twofish_cbc_encrypt(&twofish_ctx, buf, buf, buf_size, iv, enc);
-
-    if (enc)
-	    new_iv = (char*) buf + buf_size-TWOFISH_CBC_BLOCK_SIZE;
-
-    memcpy(iv, new_iv, TWOFISH_CBC_BLOCK_SIZE);
-}
-
 struct encrypt_desc encrypt_desc_twofish = 
 {
 	algo_type: 	IKE_ALG_ENCRYPT,
 	algo_id:   	OAKLEY_TWOFISH_CBC,
 	algo_next: 	NULL,
-	enc_ctxsize: 	sizeof(twofish_context),
-	enc_blocksize: 	TWOFISH_CBC_BLOCK_SIZE,
-	keydeflen: 	TWOFISH_KEY_MIN_LEN,
-	keyminlen: 	TWOFISH_KEY_DEF_LEN,
-	keymaxlen: 	TWOFISH_KEY_MAX_LEN,
-	do_crypt: 	do_twofish,
+
+	enc_blocksize:	TWOFISH_BLOCK_SIZE,
+	keydeflen:		TWOFISH_KEY_MIN_LEN,
+	keyminlen:		TWOFISH_KEY_DEF_LEN,
+	keymaxlen:		TWOFISH_KEY_MAX_LEN,
 	enc_testvectors: NULL
 };
 
@@ -61,12 +33,12 @@ struct encrypt_desc encrypt_desc_twofish_ssh =
 	algo_type: 	IKE_ALG_ENCRYPT,
 	algo_id:   	OAKLEY_TWOFISH_CBC_SSH,
 	algo_next: 	NULL,
-	enc_ctxsize: 	sizeof(twofish_context),
-        enc_blocksize: 	TWOFISH_CBC_BLOCK_SIZE,
-        keydeflen: 	TWOFISH_KEY_MIN_LEN,
-        keyminlen: 	TWOFISH_KEY_DEF_LEN,
-	keymaxlen: 	TWOFISH_KEY_MAX_LEN,
-	do_crypt: 	do_twofish,
+
+	enc_blocksize:	TWOFISH_BLOCK_SIZE,
+	keydeflen:		TWOFISH_KEY_MIN_LEN,
+	keyminlen:		TWOFISH_KEY_DEF_LEN,
+	keymaxlen:		TWOFISH_KEY_MAX_LEN,
+	enc_testvectors: NULL
 };
 
 int ike_alg_twofish_init(void);
diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c
index cb28c1679..68d1cfd5a 100644
--- a/src/pluto/crypto.c
+++ b/src/pluto/crypto.c
@@ -24,8 +24,6 @@
 
 #include <errno.h>
 
-#include <crypto/hashers/hasher.h>
-
 #include "constants.h"
 #include "defs.h"
 #include "state.h"
@@ -48,19 +46,16 @@ static MP_INT
 
 MP_INT groupgenerator;  /* MODP group generator (2) */
 
-static void do_3des(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc);
-
 static struct encrypt_desc crypto_encryptor_3des =
 {       
 		algo_type:      IKE_ALG_ENCRYPT,
 		algo_id:        OAKLEY_3DES_CBC, 
 		algo_next:      NULL,
-		enc_ctxsize:    sizeof(des_key_schedule) * 3,
-		enc_blocksize:  DES_CBC_BLOCK_SIZE, 
-		keydeflen:      DES_CBC_BLOCK_SIZE * 3 * BITS_PER_BYTE,
-		keyminlen:      DES_CBC_BLOCK_SIZE * 3 * BITS_PER_BYTE,
-		keymaxlen:      DES_CBC_BLOCK_SIZE * 3 * BITS_PER_BYTE,
-		do_crypt:       do_3des,
+
+		enc_blocksize:	DES_BLOCK_SIZE, 
+		keydeflen:		DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
+		keyminlen:		DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
+		keymaxlen:		DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
 		enc_testvectors: NULL
 };
 
@@ -508,42 +503,6 @@ const struct oakley_group_desc *lookup_group(u_int16_t group)
  * This must already be initialized.
  */
 
-/* encrypt or decrypt part of an IKE message using DES
- * See RFC 2409 "IKE" Appendix B
- */
-static void __attribute__ ((unused))
-do_des(bool enc, void *buf, size_t buf_len, struct state *st)
-{
-	des_key_schedule ks;
-
-	(void) des_set_key((des_cblock *)st->st_enc_key.ptr, ks);
-
-	passert(st->st_new_iv_len >= DES_CBC_BLOCK_SIZE);
-	st->st_new_iv_len = DES_CBC_BLOCK_SIZE;     /* truncate */
-
-	des_ncbc_encrypt((des_cblock *)buf, (des_cblock *)buf, buf_len,
-		ks,
-		(des_cblock *)st->st_new_iv, enc);
-}
-
-/* encrypt or decrypt part of an IKE message using 3DES
- * See RFC 2409 "IKE" Appendix B
- */
-static void do_3des(u_int8_t *buf, size_t buf_len, u_int8_t *key,
-					size_t key_size, u_int8_t *iv, bool enc)
-{
-	des_key_schedule ks[3];
-
-	passert (!key_size || (key_size==(DES_CBC_BLOCK_SIZE * 3)))
-	(void) des_set_key((des_cblock *)key + 0, ks[0]);
-	(void) des_set_key((des_cblock *)key + 1, ks[1]);
-	(void) des_set_key((des_cblock *)key + 2, ks[2]);
-
-	des_ede3_cbc_encrypt((des_cblock *)buf, (des_cblock *)buf, buf_len,
-		ks[0], ks[1], ks[2],
-		(des_cblock *)iv, enc);
-}
-
 encryption_algorithm_t oakley_to_encryption_algorithm(int alg)
 {
 	switch (alg)
diff --git a/src/pluto/crypto.h b/src/pluto/crypto.h
index 8aecd4148..ae05524d4 100644
--- a/src/pluto/crypto.h
+++ b/src/pluto/crypto.h
@@ -12,7 +12,7 @@
  * for more details.
  */
 
-#include <crypto/hashers/hasher.h>
+#include <crypto/crypters/crypter.h>
 #include <crypto/hashers/hasher.h>
 #include <crypto/prfs/prf.h>
 
diff --git a/src/pluto/ike_alg.h b/src/pluto/ike_alg.h
index 4bc1f90d4..c690d4155 100644
--- a/src/pluto/ike_alg.h
+++ b/src/pluto/ike_alg.h
@@ -39,12 +39,10 @@ struct encrypt_desc {
 	u_int16_t algo_id;
 	struct ike_alg *algo_next;
 
-	size_t enc_ctxsize;
 	size_t enc_blocksize;
 	u_int keydeflen;
 	u_int keymaxlen;
 	u_int keyminlen;
-	void (*do_crypt)(u_int8_t *dat, size_t datasize, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc);
 	const enc_testvector_t *enc_testvectors;
 };
 
@@ -69,6 +67,7 @@ struct hash_desc {
 	u_int16_t algo_type;
 	u_int16_t algo_id;
 	struct ike_alg *algo_next;
+
 	size_t hash_digest_size;
 	const hash_testvector_t *hash_testvectors;
 	const hmac_testvector_t *hmac_testvectors;