diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2013-08-05 15:41:45 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2013-10-11 15:55:40 +0200 |
| commit | e8229ad558efcb7b07c6ef0f77269120d49500f9 (patch) | |
| tree | 381b9b0c797ba4642775b9aa0f933dbb89239a47 /src/libstrongswan/crypto/iv | |
| parent | d74c254dfd88b497a5262a3d8ce2dc7a684c74a8 (diff) | |
| download | strongswan-e8229ad558efcb7b07c6ef0f77269120d49500f9.tar.bz2 strongswan-e8229ad558efcb7b07c6ef0f77269120d49500f9.tar.xz | |
iv_gen: Provide external sequence number (IKE, ESP)
This prevents duplicate sequential IVs in case of a HA failover.
Diffstat (limited to 'src/libstrongswan/crypto/iv')
| -rw-r--r-- | src/libstrongswan/crypto/iv/iv_gen.h | 6 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/iv/iv_gen_rand.c | 4 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/iv/iv_gen_seq.c | 17 |
3 files changed, 10 insertions, 17 deletions
diff --git a/src/libstrongswan/crypto/iv/iv_gen.h b/src/libstrongswan/crypto/iv/iv_gen.h index 641c1f133..f6bc6471f 100644 --- a/src/libstrongswan/crypto/iv/iv_gen.h +++ b/src/libstrongswan/crypto/iv/iv_gen.h @@ -33,21 +33,23 @@ struct iv_gen_t { /** * Generates an IV and writes it into the buffer. * + * @param seq external sequence number * @param size size of IV in bytes * @param buffer pointer where the generated IV will be written * @return TRUE if IV allocation was successful, FALSE otherwise */ - bool (*get_iv)(iv_gen_t *this, size_t size, + bool (*get_iv)(iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer) __attribute__((warn_unused_result)); /** * Generates an IV and allocates space for it. * + * @param seq external sequence number * @param size size of IV in bytes * @param chunk chunk which will hold the generated IV * @return TRUE if IV allocation was successful, FALSE otherwise */ - bool (*allocate_iv)(iv_gen_t *this, size_t size, + bool (*allocate_iv)(iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk) __attribute__((warn_unused_result)); /** diff --git a/src/libstrongswan/crypto/iv/iv_gen_rand.c b/src/libstrongswan/crypto/iv/iv_gen_rand.c index 3448ee041..2bed63fcc 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_rand.c +++ b/src/libstrongswan/crypto/iv/iv_gen_rand.c @@ -36,7 +36,7 @@ struct private_iv_gen_t { }; METHOD(iv_gen_t, get_iv, bool, - private_iv_gen_t *this, size_t size, u_int8_t *buffer) + private_iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer) { if (!this->rng) { @@ -46,7 +46,7 @@ METHOD(iv_gen_t, get_iv, bool, } METHOD(iv_gen_t, allocate_iv, bool, - private_iv_gen_t *this, size_t size, chunk_t *chunk) + private_iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk) { if (!this->rng) { diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.c b/src/libstrongswan/crypto/iv/iv_gen_seq.c index d8a5a2909..cbbc2dc7e 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_seq.c +++ b/src/libstrongswan/crypto/iv/iv_gen_seq.c @@ -26,38 +26,29 @@ struct private_iv_gen_t { * Public iv_gen_t interface. */ iv_gen_t public; - - /** - * sequence number - */ - u_int64_t seq; }; METHOD(iv_gen_t, get_iv, bool, - private_iv_gen_t *this, size_t size, u_int8_t *buffer) + private_iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer) { u_int8_t iv[sizeof(u_int64_t)]; size_t len = size; - if (this->seq == UINT64_MAX || len < sizeof(u_int64_t)) - { - return FALSE; - } if (len > sizeof(u_int64_t)) { len = sizeof(u_int64_t); memset(buffer, 0, size - len); } - htoun64(iv, this->seq++); + htoun64(iv, seq); memcpy(buffer + size - len, iv + sizeof(u_int64_t) - len, len); return TRUE; } METHOD(iv_gen_t, allocate_iv, bool, - private_iv_gen_t *this, size_t size, chunk_t *chunk) + private_iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk) { *chunk = chunk_alloc(size); - if (!get_iv(this, chunk->len, chunk->ptr)) + if (!get_iv(this, seq, chunk->len, chunk->ptr)) { chunk_free(chunk); return FALSE; |