diff options
| author | Martin Willi <martin@revosec.ch> | 2010-08-16 15:12:49 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2010-08-16 17:06:27 +0200 |
| commit | e2c3b4820b1aac5fcccc9bd1362543f430d24b3a (patch) | |
| tree | 668e216beb08e6be986fc1c4a75f97e1af8d93dd | |
| parent | 806ec8b1d6e56c5d35f8dde80449399fd86186db (diff) | |
| download | strongswan-e2c3b4820b1aac5fcccc9bd1362543f430d24b3a.tar.bz2 strongswan-e2c3b4820b1aac5fcccc9bd1362543f430d24b3a.tar.xz | |
Variable key length crypters use default key length if zero given
5 files changed, 54 insertions, 64 deletions
diff --git a/src/libstrongswan/plugins/aes/aes_crypter.c b/src/libstrongswan/plugins/aes/aes_crypter.c index ee6b53290..5ba92f8d6 100644 --- a/src/libstrongswan/plugins/aes/aes_crypter.c +++ b/src/libstrongswan/plugins/aes/aes_crypter.c @@ -1534,6 +1534,9 @@ aes_crypter_t *aes_crypter_create(encryption_algorithm_t algo, size_t key_size) } switch (key_size) { + case 0: + key_size = 16; + break; case 32: case 24: case 16: diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c index e37420ae8..8135faa13 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c +++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c @@ -166,7 +166,8 @@ METHOD(crypter_t, destroy, void, /* * Described in header */ -blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo, size_t key_size) +blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo, + size_t key_size) { private_blowfish_crypter_t *this; @@ -185,7 +186,7 @@ blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo, size_t .set_key = _set_key, .destroy = _destroy, }, - .key_size = key_size, + .key_size = key_size ?: 16, ); return &this->public; diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c index 1d849bc09..943f9c2d2 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c @@ -194,7 +194,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, gcrypt_alg = GCRY_CIPHER_CAST5; break; case ENCR_BLOWFISH: - if (key_size != 16) + if (key_size != 16 && key_size != 0) { /* gcrypt currently supports 128 bit blowfish only */ return NULL; } @@ -206,6 +206,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, case ENCR_AES_CBC: switch (key_size) { + case 0: case 16: gcrypt_alg = GCRY_CIPHER_AES128; break; @@ -226,6 +227,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, switch (key_size) { #ifdef HAVE_GCRY_CIPHER_CAMELLIA + case 0: case 16: gcrypt_alg = GCRY_CIPHER_CAMELLIA128; break; @@ -243,6 +245,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, case ENCR_SERPENT_CBC: switch (key_size) { + case 0: case 16: gcrypt_alg = GCRY_CIPHER_SERPENT128; break; @@ -259,6 +262,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, case ENCR_TWOFISH_CBC: switch (key_size) { + case 0: case 16: gcrypt_alg = GCRY_CIPHER_TWOFISH128; break; diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c index a410eee2c..1cecec8f2 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crypter.c +++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c @@ -41,79 +41,48 @@ struct private_openssl_crypter_t { }; /** - * Mapping from the algorithms defined in IKEv2 to - * OpenSSL algorithm names and their key length - */ -typedef struct { - /** - * Identifier specified in IKEv2 - */ - int ikev2_id; - - /** - * Name of the algorithm, as used in OpenSSL - */ - char *name; - - /** - * Minimum valid key length in bytes - */ - size_t key_size_min; - - /** - * Maximum valid key length in bytes - */ - size_t key_size_max; -} openssl_algorithm_t; - -#define END_OF_LIST -1 - -/** - * Algorithms for encryption - */ -static openssl_algorithm_t encryption_algs[] = { -/* {ENCR_DES_IV64, "***", 0, 0}, */ - {ENCR_DES, "des", 8, 8}, /* 64 bits */ - {ENCR_3DES, "des3", 24, 24}, /* 192 bits */ - {ENCR_RC5, "rc5", 5, 255}, /* 40 to 2040 bits, RFC 2451 */ - {ENCR_IDEA, "idea", 16, 16}, /* 128 bits, RFC 2451 */ - {ENCR_CAST, "cast", 5, 16}, /* 40 to 128 bits, RFC 2451 */ - {ENCR_BLOWFISH, "blowfish", 5, 56}, /* 40 to 448 bits, RFC 2451 */ -/* {ENCR_3IDEA, "***", 0, 0}, */ -/* {ENCR_DES_IV32, "***", 0, 0}, */ -/* {ENCR_NULL, "***", 0, 0}, */ /* handled separately */ -/* {ENCR_AES_CBC, "***", 0, 0}, */ /* handled separately */ -/* {ENCR_CAMELLIA_CBC, "***", 0, 0}, */ /* handled separately */ -/* {ENCR_AES_CTR, "***", 0, 0}, */ /* disabled in evp.h */ - {END_OF_LIST, NULL, 0, 0}, -}; - -/** * Look up an OpenSSL algorithm name and validate its key size */ -static char* lookup_algorithm(openssl_algorithm_t *openssl_algo, - u_int16_t ikev2_algo, size_t *key_size) +static char* lookup_algorithm(u_int16_t ikev2_algo, size_t *key_size) { - while (openssl_algo->ikev2_id != END_OF_LIST) + struct { + /* identifier specified in IKEv2 */ + int ikev2_id; + /* name of the algorithm, as used in OpenSSL */ + char *name; + /* default key size in bytes */ + size_t key_def; + /* minimum key size */ + size_t key_min; + /* maximum key size */ + size_t key_max; + } mappings[] = { + {ENCR_DES, "des", 8, 8, 8}, + {ENCR_3DES, "des3", 24, 24, 24}, + {ENCR_RC5, "rc5", 16, 5, 255}, + {ENCR_IDEA, "idea", 16, 16, 16}, + {ENCR_CAST, "cast", 16, 5, 16}, + {ENCR_BLOWFISH, "blowfish", 16, 5, 56}, + }; + int i; + + for (i = 0; i < countof(mappings); i++) { - if (ikev2_algo == openssl_algo->ikev2_id) + if (ikev2_algo == mappings[i].ikev2_id) { /* set the key size if it is not set */ - if (*key_size == 0 && - (openssl_algo->key_size_min == openssl_algo->key_size_max)) + if (*key_size == 0) { - *key_size = openssl_algo->key_size_min; + *key_size = mappings[i].key_def; } - /* validate key size */ - if (*key_size < openssl_algo->key_size_min || - *key_size > openssl_algo->key_size_max) + if (*key_size < mappings[i].key_min || + *key_size > mappings[i].key_max) { return NULL; } - return openssl_algo->name; + return mappings[i].name; } - openssl_algo++; } return NULL; } @@ -211,10 +180,14 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, { case ENCR_NULL: this->cipher = EVP_enc_null(); + key_size = 0; break; case ENCR_AES_CBC: switch (key_size) { + case 0: + key_size = 16; + /* FALL */ case 16: /* AES 128 */ this->cipher = EVP_get_cipherbyname("aes128"); break; @@ -232,6 +205,9 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, case ENCR_CAMELLIA_CBC: switch (key_size) { + case 0: + key_size = 16; + /* FALL */ case 16: /* CAMELLIA 128 */ this->cipher = EVP_get_cipherbyname("camellia128"); break; @@ -247,11 +223,14 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, } break; case ENCR_DES_ECB: + key_size = 8; this->cipher = EVP_des_ecb(); break; default: { - char* name = lookup_algorithm(encryption_algs, algo, &key_size); + char* name; + + name = lookup_algorithm(algo, &key_size); if (!name) { /* algo unavailable or key_size invalid */ diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c index 11d8ba044..bbeef549d 100644 --- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c +++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c @@ -164,6 +164,9 @@ padlock_aes_crypter_t *padlock_aes_crypter_create(encryption_algorithm_t algo, } switch (key_size) { + case 0: + key_size = 16; + /* FALL */ case 16: /* AES 128 */ break; case 24: /* AES-192 */ |