fixed aes code, we support now aes128, aes192, aes256 in IKE

5 files changed, 110 insertions, 19 deletions

diff --git a/src/charon/config/credentials/credential_store.h b/src/charon/config/credentials/credential_store.h
index 6f395ce99..e7f606699 100755
--- a/src/charon/config/credentials/credential_store.h
+++ b/src/charon/config/credentials/credential_store.h
@@ -85,8 +85,6 @@ struct credential_store_t {
 	/**
 	 * @brief Is there a matching RSA private key belonging to an RSA public key?
 	 * 
-	 * The returned rsa_private_key_t must be destroyed by the caller after usage.
-	 * 
 	 * @param this					calling object
 	 * @param pubkey				public key 
 	 * @return						TRUE if matching private key was found 
diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c
index 4bffae94b..61dc7b6f9 100644
--- a/src/charon/sa/ike_sa.c
+++ b/src/charon/sa/ike_sa.c
@@ -435,7 +435,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
 	/* SK_ai/SK_ar used for integrity protection */
 	if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &algo))
 	{
-		this->logger->log(this->logger, ERROR|LEVEL2, "No integrity algoithm selected?!");
+		this->logger->log(this->logger, ERROR, "No integrity algoithm selected?!");
 		return FAILED;
 	}
 	if (this->signer_initiator != NULL)
@@ -451,7 +451,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
 	this->signer_responder = signer_create(algo->algorithm);
 	if (this->signer_initiator == NULL || this->signer_responder == NULL)
 	{
-		this->logger->log(this->logger, ERROR|LEVEL1, 
+		this->logger->log(this->logger, ERROR, 
 						  "INTEGRITY_ALGORITHM %s not supported!",
 						  mapping_find(integrity_algorithm_m,algo->algorithm));
 		return FAILED;
@@ -459,12 +459,12 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
 	key_size = this->signer_initiator->get_key_size(this->signer_initiator);
 	
 	prf_plus->allocate_bytes(prf_plus, key_size, &key);
-	this->logger->log_chunk(this->logger, PRIVATE, "Sk_ai secret", key);
+	this->logger->log_chunk(this->logger, CONTROL|LEVEL1, "Sk_ai secret", key);
 	this->signer_initiator->set_key(this->signer_initiator, key);
 	chunk_free(&key);
 
 	prf_plus->allocate_bytes(prf_plus, key_size, &key);
-	this->logger->log_chunk(this->logger, PRIVATE, "Sk_ar secret", key);
+	this->logger->log_chunk(this->logger, CONTROL|LEVEL1, "Sk_ar secret", key);
 	this->signer_responder->set_key(this->signer_responder, key);
 	chunk_free(&key);
 	
@@ -472,7 +472,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
 	/* SK_ei/SK_er used for encryption */
 	if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &algo))
 	{
-		this->logger->log(this->logger, ERROR|LEVEL2, "No encryption algoithm selected!?");
+		this->logger->log(this->logger, ERROR, "No encryption algoithm selected!?");
 		return FAILED;
 	}
 	if (this->crypter_initiator != NULL)
@@ -488,7 +488,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
 	this->crypter_responder = crypter_create(algo->algorithm, algo->key_size / 8);
 	if (this->crypter_initiator == NULL || this->crypter_responder == NULL)
 	{
-		this->logger->log(this->logger, ERROR|LEVEL1, 
+		this->logger->log(this->logger, ERROR, 
 						  "ENCRYPTION_ALGORITHM %s (key size %d) not supported!",
 						  mapping_find(encryption_algorithm_m, algo->algorithm),
 						  algo->key_size);
diff --git a/src/charon/testing/aes_cbc_crypter_test.c b/src/charon/testing/aes_cbc_crypter_test.c
index 30dae3926..c65a473af 100644
--- a/src/charon/testing/aes_cbc_crypter_test.c
+++ b/src/charon/testing/aes_cbc_crypter_test.c
@@ -197,5 +197,106 @@ void test_aes_cbc_crypter(protected_tester_t *tester)
 	chunk_free(&decrypted3);
 	
 	crypter->destroy(crypter);
+	
+	/**
+	 * Test4: Own en-/decrypt test using AES-256
+	 *
+	 * PLAINTEXT:  00112233445566778899aabbccddeeff
+	 * KEY:        000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+	 * INPUT:      00112233445566778899aabbccddeeff
+	 * OUTPUT:     8ea2b7ca516745bfeafc49904b496089
+	 */
+	u_int8_t key4[] = {
+		0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+		0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
+		0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
+		0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f
+	};
+	chunk_t key4_chunk = {ptr: key4, len : 32};
+	u_int8_t iv4[] = {
+		0x8c,0xe8,0x2e,0xef,0xbe,0xa0,0xda,0x3c,
+		0x44,0x69,0x9e,0xd7,0xdb,0x51,0xb7,0xd9
+	};
+	chunk_t iv4_chunk = {ptr: iv4, len : 16};
+	u_int8_t plaintext4[] = {
+		0xa0,0xa1,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7,
+		0xa8,0xa9,0xaa,0xab,0xac,0xad,0xae,0xaf,
+		0xb0,0xb1,0xb2,0xb3,0xb4,0xb5,0xb6,0xb7,
+		0xb8,0xb9,0xba,0xbb,0xbc,0xbd,0xbe,0xbf,
+		0xc0,0xc1,0xc2,0xc3,0xc4,0xc5,0xc6,0xc7,
+		0xc8,0xc9,0xca,0xcb,0xcc,0xcd,0xce,0xcf,
+		0xd0,0xd1,0xd2,0xd3,0xd4,0xd5,0xd6,0xd7,
+		0xd8,0xd9,0xda,0xdb,0xdc,0xdd,0xde,0xdf
+	};
+	chunk_t data4 = {ptr: plaintext4, len : 64};
+	chunk_t encrypted4;
+	chunk_t decrypted4;
+
+	crypter = (crypter_t *) aes_cbc_crypter_create(32);
+	tester->assert_true(tester, (crypter != NULL), "create call test");
+
+	tester->assert_true(tester, (crypter->set_key(crypter,key4_chunk) == SUCCESS), "set_key call test"); 
+
+	tester->assert_true(tester, (crypter->encrypt(crypter,data4,iv4_chunk,&encrypted4) == SUCCESS), "encrypt call test");
+
+	tester->assert_true(tester, (crypter->decrypt(crypter,encrypted4,iv4_chunk,&decrypted4) == SUCCESS), "decrypt call test");
+	chunk_free(&encrypted4);
+
+	logger->log_chunk(logger,RAW,"expected decrypted :", data4);
+	logger->log_chunk(logger,RAW,"decrypted :", decrypted4);
+	tester->assert_true(tester, (memcmp(decrypted4.ptr, plaintext4, 64) == 0), "decrypted value");
+
+	chunk_free(&decrypted4);
+	crypter->destroy(crypter);
+	
+	/**
+	 * Test4: Own en-/decrypt test using AES-192
+	 *
+	 * PLAINTEXT:  00112233445566778899aabbccddeeff
+	 * KEY:        000102030405060708090a0b0c0d0e0f1011121314151617
+	 * INPUT:      00112233445566778899aabbccddeeff
+	 * OUTPUT:     8ea2b7ca516745bfeafc49904b496089
+	 */
+	u_int8_t key5[] = {
+		0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+		0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
+		0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17
+	};
+	chunk_t key5_chunk = {ptr: key5, len : 24};
+	u_int8_t iv5[] = {
+		0x8c,0xe8,0x2e,0xef,0xbe,0xa0,0xda,0x3c,
+		0x44,0x69,0x9e,0xd7,0xdb,0x51,0xb7,0xd9
+	};
+	chunk_t iv5_chunk = {ptr: iv5, len : 16};
+	u_int8_t plaintext5[] = {
+		0xa0,0xa1,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7,
+		0xa8,0xa9,0xaa,0xab,0xac,0xad,0xae,0xaf,
+		0xb0,0xb1,0xb2,0xb3,0xb4,0xb5,0xb6,0xb7,
+		0xb8,0xb9,0xba,0xbb,0xbc,0xbd,0xbe,0xbf,
+		0xc0,0xc1,0xc2,0xc3,0xc4,0xc5,0xc6,0xc7,
+		0xc8,0xc9,0xca,0xcb,0xcc,0xcd,0xce,0xcf,
+		0xd0,0xd1,0xd2,0xd3,0xd4,0xd5,0xd6,0xd7,
+		0xd8,0xd9,0xda,0xdb,0xdc,0xdd,0xde,0xdf
+	};
+	chunk_t data5 = {ptr: plaintext5, len : 64};
+	chunk_t encrypted5;
+	chunk_t decrypted5;
+
+	crypter = (crypter_t *) aes_cbc_crypter_create(24);
+	tester->assert_true(tester, (crypter != NULL), "create call test");
+
+	tester->assert_true(tester, (crypter->set_key(crypter,key5_chunk) == SUCCESS), "set_key call test"); 
+
+	tester->assert_true(tester, (crypter->encrypt(crypter,data5,iv5_chunk,&encrypted5) == SUCCESS), "encrypt call test");
+
+	tester->assert_true(tester, (crypter->decrypt(crypter,encrypted5,iv5_chunk,&decrypted5) == SUCCESS), "decrypt call test");
+	chunk_free(&encrypted4);
+
+	logger->log_chunk(logger,RAW,"expected decrypted :", data5);
+	logger->log_chunk(logger,RAW,"decrypted :", decrypted5);
+	tester->assert_true(tester, (memcmp(decrypted5.ptr, plaintext5, 64) == 0), "decrypted value");
+
+	chunk_free(&decrypted5);
+	crypter->destroy(crypter);
 }
 
diff --git a/src/charon/testing/testcases.c b/src/charon/testing/testcases.c
index c4a4ad986..5e9bac535 100644
--- a/src/charon/testing/testcases.c
+++ b/src/charon/testing/testcases.c
@@ -252,7 +252,7 @@ int main()
 	tester_t *tester = tester_create(test_output, FALSE);
 	
 	//tester->perform_tests(tester,all_tests);
-	tester->perform_test(tester,&proposal_test);
+	tester->perform_test(tester,&aes_cbc_crypter_test);
 	
 	
 	tester->destroy(tester);
diff --git a/src/libstrongswan/crypto/crypters/aes_cbc_crypter.c b/src/libstrongswan/crypto/crypters/aes_cbc_crypter.c
index 9b7b07c62..979364062 100644
--- a/src/libstrongswan/crypto/crypters/aes_cbc_crypter.c
+++ b/src/libstrongswan/crypto/crypters/aes_cbc_crypter.c
@@ -77,11 +77,6 @@ struct private_aes_cbc_crypter_t {
 	u_int32_t    aes_d_key[AES_KS_LENGTH];
 	
 	/**
-	* The number of columns in the cipher state.
-	*/
-	u_int32_t    aes_Ncol;
-	
-	/**
 	* Key size of this AES cypher object.
 	*/
 	u_int32_t    key_size;
@@ -967,7 +962,7 @@ static void gen_tabs(void)
     f2 ^= f4 ^ f8 ^ upr(f2 ^ f9,3) ^ upr(f4 ^ f9,2) ^ upr(f9,1))
 #endif
 
-#define nc   (this->aes_Ncol)
+#define nc   (AES_BLOCK_SIZE/4)
 
 // Initialise the key schedule from the user supplied key. The key
 // length is now specified in bytes - 16, 24 or 32 as appropriate.
@@ -1490,7 +1485,7 @@ static status_t set_key (private_aes_cbc_crypter_t *this, chunk_t key)
 		return INVALID_ARG;
 	}
 	
-	this->aes_Nrnd = (this->aes_Nkey > (this->aes_Ncol) ? this->aes_Nkey : (this->aes_Ncol)) + 6; 
+	this->aes_Nrnd = (this->aes_Nkey > (nc) ? this->aes_Nkey : (nc)) + 6; 
 	
 	this->aes_e_key[0] = const_word_in(in_key     );
 	this->aes_e_key[1] = const_word_in(in_key +  4);
@@ -1595,15 +1590,12 @@ aes_cbc_crypter_t *aes_cbc_crypter_create(size_t key_size)
 	this->key_size = key_size;
 	switch(key_size) {
 	case 32:        /* bytes */
-		this->aes_Ncol = 8;
 		this->aes_Nkey = 8;
 		break;
 	case 24:        /* bytes */
-		this->aes_Ncol = 6;
 		this->aes_Nkey = 6;
 		break;
 	case 16:        /* bytes */
-		this->aes_Ncol = 4;
 		this->aes_Nkey = 4;
 		break;
 	default: