aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rwxr-xr-xsrc/charon/config/credentials/credential_store.h2
-rw-r--r--src/charon/sa/ike_sa.c12
-rw-r--r--src/charon/testing/aes_cbc_crypter_test.c101
-rw-r--r--src/charon/testing/testcases.c2
-rw-r--r--src/libstrongswan/crypto/crypters/aes_cbc_crypter.c12
5 files changed, 110 insertions, 19 deletions
diff --git a/src/charon/config/credentials/credential_store.h b/src/charon/config/credentials/credential_store.h
index 6f395ce99..e7f606699 100755
--- a/src/charon/config/credentials/credential_store.h
+++ b/src/charon/config/credentials/credential_store.h
@@ -85,8 +85,6 @@ struct credential_store_t {
/**
* @brief Is there a matching RSA private key belonging to an RSA public key?
*
- * The returned rsa_private_key_t must be destroyed by the caller after usage.
- *
* @param this calling object
* @param pubkey public key
* @return TRUE if matching private key was found
diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c
index 4bffae94b..61dc7b6f9 100644
--- a/src/charon/sa/ike_sa.c
+++ b/src/charon/sa/ike_sa.c
@@ -435,7 +435,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
/* SK_ai/SK_ar used for integrity protection */
if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &algo))
{
- this->logger->log(this->logger, ERROR|LEVEL2, "No integrity algoithm selected?!");
+ this->logger->log(this->logger, ERROR, "No integrity algoithm selected?!");
return FAILED;
}
if (this->signer_initiator != NULL)
@@ -451,7 +451,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
this->signer_responder = signer_create(algo->algorithm);
if (this->signer_initiator == NULL || this->signer_responder == NULL)
{
- this->logger->log(this->logger, ERROR|LEVEL1,
+ this->logger->log(this->logger, ERROR,
"INTEGRITY_ALGORITHM %s not supported!",
mapping_find(integrity_algorithm_m,algo->algorithm));
return FAILED;
@@ -459,12 +459,12 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
key_size = this->signer_initiator->get_key_size(this->signer_initiator);
prf_plus->allocate_bytes(prf_plus, key_size, &key);
- this->logger->log_chunk(this->logger, PRIVATE, "Sk_ai secret", key);
+ this->logger->log_chunk(this->logger, CONTROL|LEVEL1, "Sk_ai secret", key);
this->signer_initiator->set_key(this->signer_initiator, key);
chunk_free(&key);
prf_plus->allocate_bytes(prf_plus, key_size, &key);
- this->logger->log_chunk(this->logger, PRIVATE, "Sk_ar secret", key);
+ this->logger->log_chunk(this->logger, CONTROL|LEVEL1, "Sk_ar secret", key);
this->signer_responder->set_key(this->signer_responder, key);
chunk_free(&key);
@@ -472,7 +472,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
/* SK_ei/SK_er used for encryption */
if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &algo))
{
- this->logger->log(this->logger, ERROR|LEVEL2, "No encryption algoithm selected!?");
+ this->logger->log(this->logger, ERROR, "No encryption algoithm selected!?");
return FAILED;
}
if (this->crypter_initiator != NULL)
@@ -488,7 +488,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
this->crypter_responder = crypter_create(algo->algorithm, algo->key_size / 8);
if (this->crypter_initiator == NULL || this->crypter_responder == NULL)
{
- this->logger->log(this->logger, ERROR|LEVEL1,
+ this->logger->log(this->logger, ERROR,
"ENCRYPTION_ALGORITHM %s (key size %d) not supported!",
mapping_find(encryption_algorithm_m, algo->algorithm),
algo->key_size);
diff --git a/src/charon/testing/aes_cbc_crypter_test.c b/src/charon/testing/aes_cbc_crypter_test.c
index 30dae3926..c65a473af 100644
--- a/src/charon/testing/aes_cbc_crypter_test.c
+++ b/src/charon/testing/aes_cbc_crypter_test.c
@@ -197,5 +197,106 @@ void test_aes_cbc_crypter(protected_tester_t *tester)
chunk_free(&decrypted3);
crypter->destroy(crypter);
+
+ /**
+ * Test4: Own en-/decrypt test using AES-256
+ *
+ * PLAINTEXT: 00112233445566778899aabbccddeeff
+ * KEY: 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+ * INPUT: 00112233445566778899aabbccddeeff
+ * OUTPUT: 8ea2b7ca516745bfeafc49904b496089
+ */
+ u_int8_t key4[] = {
+ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+ 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
+ 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
+ 0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f
+ };
+ chunk_t key4_chunk = {ptr: key4, len : 32};
+ u_int8_t iv4[] = {
+ 0x8c,0xe8,0x2e,0xef,0xbe,0xa0,0xda,0x3c,
+ 0x44,0x69,0x9e,0xd7,0xdb,0x51,0xb7,0xd9
+ };
+ chunk_t iv4_chunk = {ptr: iv4, len : 16};
+ u_int8_t plaintext4[] = {
+ 0xa0,0xa1,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7,
+ 0xa8,0xa9,0xaa,0xab,0xac,0xad,0xae,0xaf,
+ 0xb0,0xb1,0xb2,0xb3,0xb4,0xb5,0xb6,0xb7,
+ 0xb8,0xb9,0xba,0xbb,0xbc,0xbd,0xbe,0xbf,
+ 0xc0,0xc1,0xc2,0xc3,0xc4,0xc5,0xc6,0xc7,
+ 0xc8,0xc9,0xca,0xcb,0xcc,0xcd,0xce,0xcf,
+ 0xd0,0xd1,0xd2,0xd3,0xd4,0xd5,0xd6,0xd7,
+ 0xd8,0xd9,0xda,0xdb,0xdc,0xdd,0xde,0xdf
+ };
+ chunk_t data4 = {ptr: plaintext4, len : 64};
+ chunk_t encrypted4;
+ chunk_t decrypted4;
+
+ crypter = (crypter_t *) aes_cbc_crypter_create(32);
+ tester->assert_true(tester, (crypter != NULL), "create call test");
+
+ tester->assert_true(tester, (crypter->set_key(crypter,key4_chunk) == SUCCESS), "set_key call test");
+
+ tester->assert_true(tester, (crypter->encrypt(crypter,data4,iv4_chunk,&encrypted4) == SUCCESS), "encrypt call test");
+
+ tester->assert_true(tester, (crypter->decrypt(crypter,encrypted4,iv4_chunk,&decrypted4) == SUCCESS), "decrypt call test");
+ chunk_free(&encrypted4);
+
+ logger->log_chunk(logger,RAW,"expected decrypted :", data4);
+ logger->log_chunk(logger,RAW,"decrypted :", decrypted4);
+ tester->assert_true(tester, (memcmp(decrypted4.ptr, plaintext4, 64) == 0), "decrypted value");
+
+ chunk_free(&decrypted4);
+ crypter->destroy(crypter);
+
+ /**
+ * Test4: Own en-/decrypt test using AES-192
+ *
+ * PLAINTEXT: 00112233445566778899aabbccddeeff
+ * KEY: 000102030405060708090a0b0c0d0e0f1011121314151617
+ * INPUT: 00112233445566778899aabbccddeeff
+ * OUTPUT: 8ea2b7ca516745bfeafc49904b496089
+ */
+ u_int8_t key5[] = {
+ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+ 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
+ 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17
+ };
+ chunk_t key5_chunk = {ptr: key5, len : 24};
+ u_int8_t iv5[] = {
+ 0x8c,0xe8,0x2e,0xef,0xbe,0xa0,0xda,0x3c,
+ 0x44,0x69,0x9e,0xd7,0xdb,0x51,0xb7,0xd9
+ };
+ chunk_t iv5_chunk = {ptr: iv5, len : 16};
+ u_int8_t plaintext5[] = {
+ 0xa0,0xa1,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7,
+ 0xa8,0xa9,0xaa,0xab,0xac,0xad,0xae,0xaf,
+ 0xb0,0xb1,0xb2,0xb3,0xb4,0xb5,0xb6,0xb7,
+ 0xb8,0xb9,0xba,0xbb,0xbc,0xbd,0xbe,0xbf,
+ 0xc0,0xc1,0xc2,0xc3,0xc4,0xc5,0xc6,0xc7,
+ 0xc8,0xc9,0xca,0xcb,0xcc,0xcd,0xce,0xcf,
+ 0xd0,0xd1,0xd2,0xd3,0xd4,0xd5,0xd6,0xd7,
+ 0xd8,0xd9,0xda,0xdb,0xdc,0xdd,0xde,0xdf
+ };
+ chunk_t data5 = {ptr: plaintext5, len : 64};
+ chunk_t encrypted5;
+ chunk_t decrypted5;
+
+ crypter = (crypter_t *) aes_cbc_crypter_create(24);
+ tester->assert_true(tester, (crypter != NULL), "create call test");
+
+ tester->assert_true(tester, (crypter->set_key(crypter,key5_chunk) == SUCCESS), "set_key call test");
+
+ tester->assert_true(tester, (crypter->encrypt(crypter,data5,iv5_chunk,&encrypted5) == SUCCESS), "encrypt call test");
+
+ tester->assert_true(tester, (crypter->decrypt(crypter,encrypted5,iv5_chunk,&decrypted5) == SUCCESS), "decrypt call test");
+ chunk_free(&encrypted4);
+
+ logger->log_chunk(logger,RAW,"expected decrypted :", data5);
+ logger->log_chunk(logger,RAW,"decrypted :", decrypted5);
+ tester->assert_true(tester, (memcmp(decrypted5.ptr, plaintext5, 64) == 0), "decrypted value");
+
+ chunk_free(&decrypted5);
+ crypter->destroy(crypter);
}
diff --git a/src/charon/testing/testcases.c b/src/charon/testing/testcases.c
index c4a4ad986..5e9bac535 100644
--- a/src/charon/testing/testcases.c
+++ b/src/charon/testing/testcases.c
@@ -252,7 +252,7 @@ int main()
tester_t *tester = tester_create(test_output, FALSE);
//tester->perform_tests(tester,all_tests);
- tester->perform_test(tester,&proposal_test);
+ tester->perform_test(tester,&aes_cbc_crypter_test);
tester->destroy(tester);
diff --git a/src/libstrongswan/crypto/crypters/aes_cbc_crypter.c b/src/libstrongswan/crypto/crypters/aes_cbc_crypter.c
index 9b7b07c62..979364062 100644
--- a/src/libstrongswan/crypto/crypters/aes_cbc_crypter.c
+++ b/src/libstrongswan/crypto/crypters/aes_cbc_crypter.c
@@ -77,11 +77,6 @@ struct private_aes_cbc_crypter_t {
u_int32_t aes_d_key[AES_KS_LENGTH];
/**
- * The number of columns in the cipher state.
- */
- u_int32_t aes_Ncol;
-
- /**
* Key size of this AES cypher object.
*/
u_int32_t key_size;
@@ -967,7 +962,7 @@ static void gen_tabs(void)
f2 ^= f4 ^ f8 ^ upr(f2 ^ f9,3) ^ upr(f4 ^ f9,2) ^ upr(f9,1))
#endif
-#define nc (this->aes_Ncol)
+#define nc (AES_BLOCK_SIZE/4)
// Initialise the key schedule from the user supplied key. The key
// length is now specified in bytes - 16, 24 or 32 as appropriate.
@@ -1490,7 +1485,7 @@ static status_t set_key (private_aes_cbc_crypter_t *this, chunk_t key)
return INVALID_ARG;
}
- this->aes_Nrnd = (this->aes_Nkey > (this->aes_Ncol) ? this->aes_Nkey : (this->aes_Ncol)) + 6;
+ this->aes_Nrnd = (this->aes_Nkey > (nc) ? this->aes_Nkey : (nc)) + 6;
this->aes_e_key[0] = const_word_in(in_key );
this->aes_e_key[1] = const_word_in(in_key + 4);
@@ -1595,15 +1590,12 @@ aes_cbc_crypter_t *aes_cbc_crypter_create(size_t key_size)
this->key_size = key_size;
switch(key_size) {
case 32: /* bytes */
- this->aes_Ncol = 8;
this->aes_Nkey = 8;
break;
case 24: /* bytes */
- this->aes_Ncol = 6;
this->aes_Nkey = 6;
break;
case 16: /* bytes */
- this->aes_Ncol = 4;
this->aes_Nkey = 4;
break;
default:
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-14 12:28:14 +0000