diff options
Diffstat (limited to 'Source/charon/transforms/crypters')
| -rw-r--r-- | Source/charon/transforms/crypters/aes_cbc_crypter.c | 144 | ||||
| -rw-r--r-- | Source/charon/transforms/crypters/aes_cbc_crypter.h | 12 | ||||
| -rw-r--r-- | Source/charon/transforms/crypters/crypter.c | 4 | ||||
| -rw-r--r-- | Source/charon/transforms/crypters/crypter.h | 37 |
4 files changed, 105 insertions, 92 deletions
diff --git a/Source/charon/transforms/crypters/aes_cbc_crypter.c b/Source/charon/transforms/crypters/aes_cbc_crypter.c index 2768c06ee..d5d0f9a60 100644 --- a/Source/charon/transforms/crypters/aes_cbc_crypter.c +++ b/Source/charon/transforms/crypters/aes_cbc_crypter.c @@ -41,6 +41,8 @@ #define AES_KS_LENGTH 120 #define AES_RC_LENGTH 29 +#define AES_BLOCK_SIZE 16 + typedef struct private_aes_cbc_crypter_t private_aes_cbc_crypter_t; /** @@ -63,47 +65,48 @@ struct private_aes_cbc_crypter_t { /** * The number of cipher rounds. */ - u_int32_t aes_Nrnd; - - /** - * The encryption key schedule. - */ - u_int32_t aes_e_key[AES_KS_LENGTH]; - /** - * The decryption key schedule. - */ - u_int32_t aes_d_key[AES_KS_LENGTH]; - - /** - * The number of columns in the cipher state. - */ - u_int32_t aes_Ncol; - - /** - * Blocksize of this AES cypher object. - */ - u_int32_t blocksize; - - /** - * Decrypts a block. - * - * No memory gets allocated. - * - * @param this calling object - * @param[in] in_blk block to decrypt - * @param[out] out_blk decrypted data are written to this location - */ - void (*decrypt_block) (const private_aes_cbc_crypter_t *this, const unsigned char in_blk[], unsigned char out_blk[]); - - /** - * Encrypts a block. - * - * No memory gets allocated. - * - * @param this calling object - * @param[in] in_blk block to encrypt - * @param[out] out_blk encrypted data are written to this location - */ + u_int32_t aes_Nrnd; + + /** + * The encryption key schedule. + */ + u_int32_t aes_e_key[AES_KS_LENGTH]; + + /** + * The decryption key schedule. + */ + u_int32_t aes_d_key[AES_KS_LENGTH]; + + /** + * The number of columns in the cipher state. + */ + u_int32_t aes_Ncol; + + /** + * Key size of this AES cypher object. + */ + u_int32_t key_size; + + /** + * Decrypts a block. + * + * No memory gets allocated. + * + * @param this calling object + * @param[in] in_blk block to decrypt + * @param[out] out_blk decrypted data are written to this location + */ + void (*decrypt_block) (const private_aes_cbc_crypter_t *this, const unsigned char in_blk[], unsigned char out_blk[]); + + /** + * Encrypts a block. + * + * No memory gets allocated. + * + * @param this calling object + * @param[in] in_blk block to encrypt + * @param[out] out_blk encrypted data are written to this location + */ void (*encrypt_block) (const private_aes_cbc_crypter_t *this, const unsigned char in_blk[], unsigned char out_blk[]); }; @@ -1464,7 +1467,15 @@ static status_t encrypt (private_aes_cbc_crypter_t *this, chunk_t data, chunk_t */ static size_t get_block_size (private_aes_cbc_crypter_t *this) { - return this->blocksize; + return AES_BLOCK_SIZE; +} + +/** + * Implementation of crypter_t.get_key_size. + */ +static size_t get_key_size (private_aes_cbc_crypter_t *this) +{ + return this->key_size; } /** @@ -1475,7 +1486,7 @@ static status_t set_key (private_aes_cbc_crypter_t *this, chunk_t key) u_int32_t *kf, *kt, rci, f = 0; u_int8_t *in_key = key.ptr; - if (key.len != this->blocksize) + if (key.len != this->key_size) { return INVALID_ARG; } @@ -1574,37 +1585,38 @@ static void destroy (private_aes_cbc_crypter_t *this) /* * Described in header */ -aes_cbc_crypter_t *aes_cbc_crypter_create(size_t blocksize) +aes_cbc_crypter_t *aes_cbc_crypter_create(size_t key_size) { private_aes_cbc_crypter_t *this = allocator_alloc_thing(private_aes_cbc_crypter_t); - + #if !defined(FIXED_TABLES) - if(!tab_gen) { gen_tabs(); tab_gen = 1; } + if(!tab_gen) { gen_tabs(); tab_gen = 1; } #endif - - switch(blocksize) { - case 32: /* bytes */ - this->aes_Ncol = 8; - this->aes_Nkey = 8; - this->blocksize = blocksize; - break; - case 24: /* bytes */ - this->aes_Ncol = 6; - this->aes_Nkey = 6; - this->blocksize = blocksize; - break; - case 16: /* bytes */ - default: - this->aes_Ncol = 4; - this->aes_Nkey = 4; - this->blocksize = 16; - break; - } - + + this->key_size = key_size; + switch(key_size) { + case 32: /* bytes */ + this->aes_Ncol = 8; + this->aes_Nkey = 8; + break; + case 24: /* bytes */ + this->aes_Ncol = 6; + this->aes_Nkey = 6; + break; + case 16: /* bytes */ + this->aes_Ncol = 4; + this->aes_Nkey = 4; + break; + default: + allocator_free(this); + return NULL; + } + /* functions of crypter_t interface */ this->public.crypter_interface.encrypt = (status_t (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt; this->public.crypter_interface.decrypt = (status_t (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt; this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size; + this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size; this->public.crypter_interface.set_key = (status_t (*) (crypter_t *,chunk_t)) set_key; this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy; diff --git a/Source/charon/transforms/crypters/aes_cbc_crypter.h b/Source/charon/transforms/crypters/aes_cbc_crypter.h index 360f2454d..62cd77af7 100644 --- a/Source/charon/transforms/crypters/aes_cbc_crypter.h +++ b/Source/charon/transforms/crypters/aes_cbc_crypter.h @@ -48,14 +48,14 @@ struct aes_cbc_crypter_t { /** * @brief Constructor to create aes_cbc_crypter_t objects. * - * If an unvalid blocksize is specified, 16 is selected. + * Supported key sizes are: 16, 24 or 32. * - * @param blocksize block size of AES crypter - * (16, 24 or 32 are supported) - * Default size is set to 16. - * @return aes_cbc_crypter_t object + * @param key_size key size in bytes + * @return + * - aes_cbc_crypter_t object + * - NULL if key size not supported */ -aes_cbc_crypter_t *aes_cbc_crypter_create(size_t blocksize); +aes_cbc_crypter_t *aes_cbc_crypter_create(size_t key_size); #endif //_AES_CRYPTER_H_ diff --git a/Source/charon/transforms/crypters/crypter.c b/Source/charon/transforms/crypters/crypter.c index aebb220cc..37b96304e 100644 --- a/Source/charon/transforms/crypters/crypter.c +++ b/Source/charon/transforms/crypters/crypter.c @@ -49,13 +49,13 @@ mapping_t encryption_algorithm_m[] = { /* * Described in header. */ -crypter_t *crypter_create(encryption_algorithm_t encryption_algorithm,size_t blocksize) +crypter_t *crypter_create(encryption_algorithm_t encryption_algorithm, size_t key_size) { switch (encryption_algorithm) { case ENCR_AES_CBC: { - return (crypter_t*)aes_cbc_crypter_create(blocksize); + return (crypter_t*)aes_cbc_crypter_create(key_size); } default: return NULL; diff --git a/Source/charon/transforms/crypters/crypter.h b/Source/charon/transforms/crypters/crypter.h index 25a27e142..7f371de8a 100644 --- a/Source/charon/transforms/crypters/crypter.h +++ b/Source/charon/transforms/crypters/crypter.h @@ -33,11 +33,7 @@ typedef enum encryption_algorithm_t encryption_algorithm_t; * Currently only the following algorithms are implemented and therefore supported: * - ENCR_AES_CBC * - * @b Constructors: - * - crypter_create() - * - aes_cbc_crypter_create() - * - * @todo Implement more enryption algorithm, especially 3DES + * @todo Implement more enryption algorithms, such as 3DES * * @ingroup crypters */ @@ -71,18 +67,14 @@ typedef struct crypter_t crypter_t; /** * @brief Generic interface for symmetric encryption algorithms. * - * @todo Distinguish between block_size and key_size, since not all - * algorithms use key_size == block_size (e.g. 3DES). - * - * @todo Add a getter which says if an algorithm uses fixed key size, needed for - * tranform_attribute encoding. + * @b Constructors: + * - crypter_create() * * @ingroup crypters */ struct crypter_t { /** - * @brief Encrypt a chunk of data and allocate space for - * the encrypted value. + * @brief Encrypt a chunk of data and allocate space for the encrypted value. * * @param this calling object * @param data data to encrypt @@ -95,8 +87,7 @@ struct crypter_t { status_t (*encrypt) (crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted); /** - * @brief Decrypt a chunk of data and allocate space for - * the decrypted value. + * @brief Decrypt a chunk of data and allocate space for the decrypted value. * * @param this calling object * @param data data to decrypt @@ -115,6 +106,14 @@ struct crypter_t { * @return block size in bytes */ size_t (*get_block_size) (crypter_t *this); + + /** + * @brief Get the key size of this crypter_t object. + * + * @param this calling object + * @return key size in bytes + */ + size_t (*get_key_size) (crypter_t *this); /** * @brief Set the key for this crypter_t object. @@ -123,7 +122,7 @@ struct crypter_t { * @param key key to set * @return * - SUCCESS - * - INVALID_ARG if key size != block size + * - INVALID_ARG if key length invalid */ status_t (*set_key) (crypter_t *this, chunk_t key); @@ -141,12 +140,14 @@ struct crypter_t { * Currently only the following algorithms are implemented and therefore supported: * - ENCR_AES_CBC * + * The key_size is ignored for algorithms with fixed key size. + * * @param encryption_algorithm Algorithm to use for crypter - * @param blocksize block size in bytes + * @param key_size size of the key in bytes * @return * - crypter_t object - * - NULL if encryption algorithm or blocksize is not supported + * - NULL if encryption algorithm/key_size is not supported */ -crypter_t *crypter_create(encryption_algorithm_t encryption_algorithm, size_t blocksize); +crypter_t *crypter_create(encryption_algorithm_t encryption_algorithm, size_t key_size); #endif /*CRYPTER_H_*/ |