aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/plugins')
-rw-r--r--src/libstrongswan/plugins/ctr/Makefile.am16
-rw-r--r--src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c171
-rw-r--r--src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h54
-rw-r--r--src/libstrongswan/plugins/ctr/ctr_plugin.c61
-rw-r--r--src/libstrongswan/plugins/ctr/ctr_plugin.h42
5 files changed, 344 insertions, 0 deletions
diff --git a/src/libstrongswan/plugins/ctr/Makefile.am b/src/libstrongswan/plugins/ctr/Makefile.am
new file mode 100644
index 000000000..893171aab
--- /dev/null
+++ b/src/libstrongswan/plugins/ctr/Makefile.am
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-ctr.la
+else
+plugin_LTLIBRARIES = libstrongswan-ctr.la
+endif
+
+libstrongswan_ctr_la_SOURCES = \
+ ctr_plugin.h ctr_plugin.c \
+ ctr_ipsec_crypter.h ctr_ipsec_crypter.c
+
+libstrongswan_ctr_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c
new file mode 100644
index 000000000..5f7666ffa
--- /dev/null
+++ b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c
@@ -0,0 +1,171 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ctr_ipsec_crypter.h"
+
+typedef struct private_ctr_ipsec_crypter_t private_ctr_ipsec_crypter_t;
+
+/**
+ * Private data of an ctr_ipsec_crypter_t object.
+ */
+struct private_ctr_ipsec_crypter_t {
+
+ /**
+ * Public ctr_ipsec_crypter_t interface.
+ */
+ ctr_ipsec_crypter_t public;
+
+ /**
+ * Underlying CBC crypter
+ */
+ crypter_t *crypter;
+
+ /**
+ * counter state
+ */
+ struct {
+ char nonce[4];
+ char iv[8];
+ u_int32_t counter;
+ } __attribute__((packed)) state;
+};
+
+/**
+ * Do the CTR crypto operation
+ */
+static void crypt_ctr(private_ctr_ipsec_crypter_t *this,
+ chunk_t in, chunk_t out)
+{
+ size_t is, bs;
+ chunk_t state;
+
+ is = this->crypter->get_iv_size(this->crypter);
+ bs = sizeof(this->state);
+
+ this->state.counter = htonl(1);
+ state = chunk_create((char*)&this->state, bs);
+
+ while (in.len > 0)
+ {
+ char iv[is], block[bs];
+
+ memset(iv, 0, is);
+ memcpy(block, state.ptr, bs);
+ this->crypter->encrypt(this->crypter,
+ chunk_create(block, bs), chunk_create(iv, is), NULL);
+ chunk_increment(state);
+
+ if (in.ptr != out.ptr)
+ {
+ memcpy(out.ptr, in.ptr, min(in.len, bs));
+ }
+ memxor(out.ptr, block, min(in.len, bs));
+ in = chunk_skip(in, bs);
+ out = chunk_skip(out, bs);
+ }
+}
+
+METHOD(crypter_t, crypt, void,
+ private_ctr_ipsec_crypter_t *this, chunk_t in, chunk_t iv, chunk_t *out)
+{
+ memcpy(this->state.iv, iv.ptr, sizeof(this->state.iv));
+
+ if (out)
+ {
+ *out = chunk_alloc(in.len);
+ crypt_ctr(this, in, *out);
+ }
+ else
+ {
+ crypt_ctr(this, in, in);
+ }
+}
+
+METHOD(crypter_t, get_block_size, size_t,
+ private_ctr_ipsec_crypter_t *this)
+{
+ return 1;
+}
+
+METHOD(crypter_t, get_iv_size, size_t,
+ private_ctr_ipsec_crypter_t *this)
+{
+ return sizeof(this->state.iv);
+}
+
+METHOD(crypter_t, get_key_size, size_t,
+ private_ctr_ipsec_crypter_t *this)
+{
+ return this->crypter->get_key_size(this->crypter)
+ + sizeof(this->state.nonce);
+}
+
+METHOD(crypter_t, set_key, void,
+ private_ctr_ipsec_crypter_t *this, chunk_t key)
+{
+ memcpy(this->state.nonce, key.ptr + key.len - sizeof(this->state.nonce),
+ sizeof(this->state.nonce));
+ key.len -= sizeof(this->state.nonce);
+ this->crypter->set_key(this->crypter, key);
+}
+
+METHOD(crypter_t, destroy, void,
+ private_ctr_ipsec_crypter_t *this)
+{
+ this->crypter->destroy(this->crypter);
+ free(this);
+}
+
+/**
+ * See header
+ */
+ctr_ipsec_crypter_t *ctr_ipsec_crypter_create(encryption_algorithm_t algo,
+ size_t key_size)
+{
+ private_ctr_ipsec_crypter_t *this;
+
+ switch (algo)
+ {
+ case ENCR_AES_CTR:
+ algo = ENCR_AES_CBC;
+ break;
+ case ENCR_CAMELLIA_CTR:
+ algo = ENCR_CAMELLIA_CBC;
+ break;
+ default:
+ return NULL;
+ }
+
+ INIT(this,
+ .public.crypter = {
+ .encrypt = _crypt,
+ .decrypt = _crypt,
+ .get_block_size = _get_block_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ .crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size),
+ );
+
+ if (!this->crypter)
+ {
+ free(this);
+ return NULL;
+ }
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h
new file mode 100644
index 000000000..db21aec3b
--- /dev/null
+++ b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ctr_ipsec_crypter ctr_ipsec_crypter
+ * @{ @ingroup ctr
+ */
+
+#ifndef CTR_IPSEC_CRYPTER_H_
+#define CTR_IPSEC_CRYPTER_H_
+
+#include <crypto/crypters/crypter.h>
+
+typedef struct ctr_ipsec_crypter_t ctr_ipsec_crypter_t;
+
+/**
+ * Counter Mode wrapper for encryption algorithms, IPsec variant (RFC3686).
+ */
+struct ctr_ipsec_crypter_t {
+
+ /**
+ * Implements crypter_t interface.
+ */
+ crypter_t crypter;
+};
+
+/**
+ * Create a ctr_ipsec_crypter instance.
+ */
+ctr_ipsec_crypter_t *ctr_ipsec_crypter_create();
+
+/**
+ * Create a ctr_ipsec_crypter instance.
+ *
+ * @param key_size key size in bytes
+ * @param algo algorithm to implement, a counter mode
+ * @return crypter, NULL if not supported
+ */
+ctr_ipsec_crypter_t *ctr_ipsec_crypter_create(encryption_algorithm_t algo,
+ size_t key_size);
+
+#endif /** CTR_IPSEC_CRYPTER_H_ @}*/
diff --git a/src/libstrongswan/plugins/ctr/ctr_plugin.c b/src/libstrongswan/plugins/ctr/ctr_plugin.c
new file mode 100644
index 000000000..d9ff436e2
--- /dev/null
+++ b/src/libstrongswan/plugins/ctr/ctr_plugin.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ctr_plugin.h"
+
+#include <library.h>
+
+#include "ctr_ipsec_crypter.h"
+
+typedef struct private_ctr_plugin_t private_ctr_plugin_t;
+
+/**
+ * private data of ctr_plugin
+ */
+struct private_ctr_plugin_t {
+
+ /**
+ * public functions
+ */
+ ctr_plugin_t public;
+};
+
+METHOD(plugin_t, destroy, void,
+ private_ctr_plugin_t *this)
+{
+ lib->crypto->remove_crypter(lib->crypto,
+ (crypter_constructor_t)ctr_ipsec_crypter_create);
+
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *ctr_plugin_create()
+{
+ private_ctr_plugin_t *this;
+
+ INIT(this,
+ .public.plugin.destroy = _destroy,
+ );
+
+ lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR,
+ (crypter_constructor_t)ctr_ipsec_crypter_create);
+ lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR,
+ (crypter_constructor_t)ctr_ipsec_crypter_create);
+
+ return &this->public.plugin;
+}
diff --git a/src/libstrongswan/plugins/ctr/ctr_plugin.h b/src/libstrongswan/plugins/ctr/ctr_plugin.h
new file mode 100644
index 000000000..7b2f901dc
--- /dev/null
+++ b/src/libstrongswan/plugins/ctr/ctr_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ctr ctr
+ * @ingroup plugins
+ *
+ * @defgroup ctr_plugin ctr_plugin
+ * @{ @ingroup ctr
+ */
+
+#ifndef CTR_PLUGIN_H_
+#define CTR_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct ctr_plugin_t ctr_plugin_t;
+
+/**
+ * Plugin providing CTR mode operation of symmetric encryption algorithms.
+ */
+struct ctr_plugin_t {
+
+ /**
+ * Implements plugin interface.
+ */
+ plugin_t plugin;
+};
+
+#endif /** CTR_PLUGIN_H_ @}*/
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-21 10:23:22 +0000