aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/libcharon/encoding/message.c4
-rw-r--r--src/libcharon/encoding/payloads/encryption_payload.c16
-rw-r--r--src/libcharon/encoding/payloads/encryption_payload.h8
3 files changed, 16 insertions, 12 deletions
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 232cfa353..0d55b8a05 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -1224,9 +1224,9 @@ static status_t decrypt_payloads(private_message_t *this, aead_t *aead)
break;
}
chunk.len -= encryption->get_length(encryption);
- if (!encryption->decrypt(encryption, chunk))
+ status = encryption->decrypt(encryption, chunk);
+ if (status != SUCCESS)
{
- status = VERIFY_ERROR;
break;
}
diff --git a/src/libcharon/encoding/payloads/encryption_payload.c b/src/libcharon/encoding/payloads/encryption_payload.c
index 476f88ec7..3b23ea9fb 100644
--- a/src/libcharon/encoding/payloads/encryption_payload.c
+++ b/src/libcharon/encoding/payloads/encryption_payload.c
@@ -352,7 +352,7 @@ static status_t parse(private_encryption_payload_t *this, chunk_t plain)
if (parser->parse_payload(parser, type, &payload) != SUCCESS)
{
parser->destroy(parser);
- return FALSE;
+ return PARSE_ERROR;
}
if (payload->verify(payload) != SUCCESS)
{
@@ -360,17 +360,17 @@ static status_t parse(private_encryption_payload_t *this, chunk_t plain)
payload_type_names, payload->get_type(payload));
payload->destroy(payload);
parser->destroy(parser);
- return FALSE;
+ return VERIFY_ERROR;
}
type = payload->get_next_type(payload);
this->payloads->insert_last(this->payloads, payload);
}
parser->destroy(parser);
DBG2(DBG_ENC, "parsed content of encryption payload");
- return TRUE;
+ return SUCCESS;
}
-METHOD(encryption_payload_t, decrypt, bool,
+METHOD(encryption_payload_t, decrypt, status_t,
private_encryption_payload_t *this, chunk_t assoc)
{
chunk_t iv, plain, padding, icv, crypt;
@@ -379,7 +379,7 @@ METHOD(encryption_payload_t, decrypt, bool,
if (this->aead == NULL)
{
DBG1(DBG_ENC, "decrypting encryption payload failed, transform missing");
- return FALSE;
+ return INVALID_STATE;
}
/* prepare data to authenticate-decrypt:
@@ -402,7 +402,7 @@ METHOD(encryption_payload_t, decrypt, bool,
(crypt.len - icv.len) % bs)
{
DBG1(DBG_ENC, "decrypting encryption payload failed, invalid length");
- return FALSE;
+ return FAILED;
}
assoc = append_header(this, assoc);
@@ -417,7 +417,7 @@ METHOD(encryption_payload_t, decrypt, bool,
{
DBG1(DBG_ENC, "verifying encryption payload integrity failed");
free(assoc.ptr);
- return FALSE;
+ return FAILED;
}
free(assoc.ptr);
@@ -427,7 +427,7 @@ METHOD(encryption_payload_t, decrypt, bool,
{
DBG1(DBG_ENC, "decrypting encryption payload failed, "
"padding invalid %B", &crypt);
- return FAILED;
+ return PARSE_ERROR;
}
plain.len -= padding.len;
padding.ptr = plain.ptr + plain.len;
diff --git a/src/libcharon/encoding/payloads/encryption_payload.h b/src/libcharon/encoding/payloads/encryption_payload.h
index 9fc61947a..e99c42fb7 100644
--- a/src/libcharon/encoding/payloads/encryption_payload.h
+++ b/src/libcharon/encoding/payloads/encryption_payload.h
@@ -85,9 +85,13 @@ struct encryption_payload_t {
* Decrypt, verify and parse contained payloads.
*
* @param assoc associated data
- * @return TRUE if decrypted and verified successfully
+ * - SUCCESS if parsing successful
+ * - PARSE_ERROR if sub-payload parsing failed
+ * - VERIFY_ERROR if sub-payload verification failed
+ * - FAILED if integrity check failed
+ * - INVALID_STATE if aead not supplied, but needed
*/
- bool (*decrypt) (encryption_payload_t *this, chunk_t assoc);
+ status_t (*decrypt) (encryption_payload_t *this, chunk_t assoc);
/**
* Destroys an encryption_payload_t object.