aboutsummaryrefslogtreecommitdiffstats
path: root/Source/charon/encoding/payloads
diff options
context:
space:
mode:
Diffstat (limited to 'Source/charon/encoding/payloads')
-rw-r--r--Source/charon/encoding/payloads/encryption_payload.c14
-rw-r--r--Source/charon/encoding/payloads/proposal_substructure.c28
-rw-r--r--Source/charon/encoding/payloads/transform_substructure.c22
3 files changed, 37 insertions, 27 deletions
diff --git a/Source/charon/encoding/payloads/encryption_payload.c b/Source/charon/encoding/payloads/encryption_payload.c
index bd720ea4f..8cbf5566c 100644
--- a/Source/charon/encoding/payloads/encryption_payload.c
+++ b/Source/charon/encoding/payloads/encryption_payload.c
@@ -289,6 +289,7 @@ static status_t encrypt(private_encryption_payload_t *this)
this->generate(this);
this->logger->log(this->logger, CONTROL|LEVEL2, "encrypting payloads");
+ this->logger->log_chunk(this->logger, RAW|LEVEL2, "data to encrypt", &this->decrypted);
/* build padding */
block_size = this->crypter->get_block_size(this->crypter);
@@ -307,6 +308,8 @@ static status_t encrypt(private_encryption_payload_t *this)
iv.len = block_size;
randomizer->allocate_pseudo_random_bytes(randomizer, iv.len, &iv);
randomizer->destroy(randomizer);
+
+ this->logger->log_chunk(this->logger, RAW|LEVEL2, "data before encryption with padding", &to_crypt);
/* encrypt to_crypt chunk */
allocator_free(this->encrypted.ptr);
@@ -319,6 +322,8 @@ static status_t encrypt(private_encryption_payload_t *this)
allocator_free(iv.ptr);
return status;
}
+ this->logger->log_chunk(this->logger, RAW|LEVEL2, "data after encryption", &result);
+
/* build encrypted result with iv and signature */
this->encrypted.len = iv.len + result.len + this->signer->get_block_size(this->signer);
@@ -331,6 +336,8 @@ static status_t encrypt(private_encryption_payload_t *this)
allocator_free(result.ptr);
allocator_free(iv.ptr);
+ this->logger->log_chunk(this->logger, RAW|LEVEL2, "data after encryption with IV and (invalid) signature", &this->encrypted);
+
return SUCCESS;
}
@@ -345,6 +352,8 @@ static status_t decrypt(private_encryption_payload_t *this)
this->logger->log(this->logger, CONTROL|LEVEL2, "decrypting encryption payload");
+ this->logger->log_chunk(this->logger, RAW|LEVEL2, "data before decryption with IV and (invalid) signature", &this->encrypted);
+
if (this->signer == NULL || this->crypter == NULL)
{
@@ -373,12 +382,16 @@ static status_t decrypt(private_encryption_payload_t *this)
/* free previus data, if any */
allocator_free(this->decrypted.ptr);
+ this->logger->log_chunk(this->logger, RAW|LEVEL2, "data before decryption", &concatenated);
+
status = this->crypter->decrypt(this->crypter, concatenated, iv, &(this->decrypted));
if (status != SUCCESS)
{
this->logger->log(this->logger, ERROR|LEVEL1, "could not decrypt, decryption failed");
return FAILED;
}
+ this->logger->log_chunk(this->logger, RAW|LEVEL2, "data after decryption with padding", &this->decrypted);
+
/* get padding length, sits just bevore signature */
padding_length = *(this->decrypted.ptr + this->decrypted.len - 1);
@@ -396,6 +409,7 @@ static status_t decrypt(private_encryption_payload_t *this)
/* free padding */
this->decrypted.ptr = allocator_realloc(this->decrypted.ptr, this->decrypted.len);
+ this->logger->log_chunk(this->logger, RAW|LEVEL2, "data after decryption without padding", &this->decrypted);
this->logger->log(this->logger, CONTROL|LEVEL2, "decryption successful, trying to parse content");
return (this->parse(this));
}
diff --git a/Source/charon/encoding/payloads/proposal_substructure.c b/Source/charon/encoding/payloads/proposal_substructure.c
index 2cf96fbb6..922dde40d 100644
--- a/Source/charon/encoding/payloads/proposal_substructure.c
+++ b/Source/charon/encoding/payloads/proposal_substructure.c
@@ -226,6 +226,7 @@ static void set_next_type(private_proposal_substructure_t *this,payload_type_t t
*/
static size_t get_length(private_proposal_substructure_t *this)
{
+ this->compute_length(this);
return this->proposal_length;
}
@@ -384,9 +385,8 @@ static void compute_length (private_proposal_substructure_t *this)
iterator->destroy(iterator);
length += this->spi.len;
- this->transforms_count= transforms_count;
- this->proposal_length = length;
-
+ this->transforms_count = transforms_count;
+ this->proposal_length = length;
}
/**
@@ -411,8 +411,8 @@ static size_t get_spi_size (private_proposal_substructure_t *this)
void add_to_proposal(private_proposal_substructure_t *this, proposal_t *proposal)
{
iterator_t *iterator = this->transforms->create_iterator(this->transforms, TRUE);
+ u_int32_t spi;
- proposal->set_spi(proposal, this->protocol_id, *((u_int32_t*)this->spi.ptr));
while (iterator->has_next(iterator))
{
@@ -430,6 +430,10 @@ void add_to_proposal(private_proposal_substructure_t *this, proposal_t *proposal
proposal->add_algorithm(proposal, this->protocol_id, transform_type, transform_id, key_length);
}
iterator->destroy(iterator);
+
+ spi = *((u_int32_t*)this->spi.ptr);
+
+ proposal->set_spi(proposal, this->protocol_id, spi);
}
/**
@@ -561,14 +565,6 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *
algorithm_t *algo;
transform_substructure_t *transform;
- /* take over general infos */
- this->spi_size = proto == IKE ? 8 : 4;
- this->spi.len = this->spi_size;
- this->spi.ptr = allocator_alloc(this->spi_size);
- *((u_int32_t*)this->spi.ptr) = proposal->get_spi(proposal, proto);
- this->proposal_number = proposal->get_number(proposal);
- this->protocol_id = proto;
-
/* encryption algorithm is only availble in ESP */
iterator = proposal->create_algorithm_iterator(proposal, proto, ENCRYPTION_ALGORITHM);
while (iterator->has_next(iterator))
@@ -623,5 +619,13 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *
}
iterator->destroy(iterator);
+ /* take over general infos */
+ this->spi_size = proto == IKE ? 8 : 4;
+ this->spi.len = this->spi_size;
+ this->spi.ptr = allocator_alloc(this->spi_size);
+ *((u_int32_t*)this->spi.ptr) = proposal->get_spi(proposal, proto);
+ this->proposal_number = proposal->get_number(proposal);
+ this->protocol_id = proto;
+
return &(this->public);
}
diff --git a/Source/charon/encoding/payloads/transform_substructure.c b/Source/charon/encoding/payloads/transform_substructure.c
index e2f368fd8..9b0bbf4ed 100644
--- a/Source/charon/encoding/payloads/transform_substructure.c
+++ b/Source/charon/encoding/payloads/transform_substructure.c
@@ -343,7 +343,6 @@ static void compute_length (private_transform_substructure_t *this)
iterator->destroy(iterator);
this->transform_length = length;
-
}
/**
@@ -476,20 +475,13 @@ transform_substructure_t *transform_substructure_create_type(transform_type_t tr
transform->set_transform_type(transform,transform_type);
transform->set_transform_id(transform,transform_id);
- switch (transform_type)
+ /* a keylength attribute is only created for AES encryption */
+ if (transform_type == ENCRYPTION_ALGORITHM &&
+ transform_id == ENCR_AES_CBC)
{
- case ENCRYPTION_ALGORITHM:
- case PSEUDO_RANDOM_FUNCTION:
- case INTEGRITY_ALGORITHM:
- {
- transform_attribute_t *attribute = transform_attribute_create_key_length(key_length);
- transform->add_transform_attribute(transform,attribute);
- break;
- }
- default:
- {
- /* no keylength attribute is created */
- }
- }
+ transform_attribute_t *attribute = transform_attribute_create_key_length(key_length);
+ transform->add_transform_attribute(transform,attribute);
+ }
+
return transform;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-21 07:37:41 +0000