From f5475fa440db647c524e04bead3f4599653499a8 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 30 Apr 2008 14:02:25 +0000 Subject: crypter_t api supports in-place encryption using NULL as output parameter --- src/libstrongswan/crypto/crypters/crypter.h | 6 ++-- src/libstrongswan/plugins/aes/aes_crypter.c | 19 +++++++++--- src/libstrongswan/plugins/des/des_crypter.c | 36 +++++++++++++++++----- .../plugins/openssl/openssl_crypter.c | 13 ++++++-- 4 files changed, 57 insertions(+), 17 deletions(-) (limited to 'src') diff --git a/src/libstrongswan/crypto/crypters/crypter.h b/src/libstrongswan/crypto/crypters/crypter.h index 0c1052d63..5a64b1cf7 100644 --- a/src/libstrongswan/crypto/crypters/crypter.h +++ b/src/libstrongswan/crypto/crypters/crypter.h @@ -63,10 +63,11 @@ struct crypter_t { * * The length of the iv must equal to get_block_size(), while the length * of data must be a multiple it. + * If encrypted is NULL, the encryption is done in-place (overwriting data). * * @param data data to encrypt * @param iv initializing vector - * @param encrypted chunk to allocate encrypted data + * @param encrypted chunk to allocate encrypted data, or NULL */ void (*encrypt) (crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted); @@ -76,10 +77,11 @@ struct crypter_t { * * The length of the iv must equal to get_block_size(), while the length * of data must be a multiple it. + * If decrpyted is NULL, the encryption is done in-place (overwriting data). * * @param data data to decrypt * @param iv initializing vector - * @param encrypted chunk to allocate decrypted data + * @param encrypted chunk to allocate decrypted data, or NULL */ void (*decrypt) (crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted); diff --git a/src/libstrongswan/plugins/aes/aes_crypter.c b/src/libstrongswan/plugins/aes/aes_crypter.c index 504281138..046ac9b3d 100644 --- a/src/libstrongswan/plugins/aes/aes_crypter.c +++ b/src/libstrongswan/plugins/aes/aes_crypter.c @@ -1345,9 +1345,16 @@ static void decrypt(private_aes_crypter_t *this, chunk_t data, chunk_t iv, const u_int32_t *iv_i; u_int8_t *in, *out; - *decrypted = chunk_alloc(data.len); + if (decrypted) + { + *decrypted = chunk_alloc(data.len); + out = decrypted->ptr; + } + else + { + out = data.ptr; + } in = data.ptr; - out = decrypted->ptr; pos = data.len-16; in += pos; @@ -1384,9 +1391,13 @@ static void encrypt (private_aes_crypter_t *this, chunk_t data, chunk_t iv, const u_int32_t *iv_i; u_int8_t *in, *out; - *encrypted = chunk_alloc(data.len); in = data.ptr; - out = encrypted->ptr; + out = data.ptr; + if (encrypted) + { + *encrypted = chunk_alloc(data.len); + out = encrypted->ptr; + } pos=0; while(posptr), + des_cbc_encrypt((des_cblock*)(data.ptr), (des_cblock*)out, data.len, this->ks, &ivb, DES_DECRYPT); } @@ -1379,10 +1384,15 @@ static void encrypt(private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { des_cblock ivb; + u_int8_t *out; - *encrypted = chunk_alloc(data.len); + out = data.ptr; + if (encrypted) + { + *encrypted = chunk_alloc(data.len); + } memcpy(&ivb, iv.ptr, sizeof(des_cblock)); - des_cbc_encrypt((des_cblock*)(data.ptr), (des_cblock*)(encrypted->ptr), + des_cbc_encrypt((des_cblock*)(data.ptr), (des_cblock*)out, data.len, this->ks, &ivb, DES_ENCRYPT); } @@ -1393,10 +1403,15 @@ static void decrypt3(private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { des_cblock ivb; + u_int8_t *out; - *decrypted = chunk_alloc(data.len); + out = data.ptr; + if (decrypted) + { + *decrypted = chunk_alloc(data.len); + } memcpy(&ivb, iv.ptr, sizeof(des_cblock)); - des_ede3_cbc_encrypt((des_cblock*)(data.ptr), (des_cblock*)(decrypted->ptr), + des_ede3_cbc_encrypt((des_cblock*)(data.ptr), (des_cblock*)out, data.len, this->ks3[0], this->ks3[1], this->ks3[2], &ivb, DES_DECRYPT); } @@ -1408,10 +1423,15 @@ static void encrypt3(private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { des_cblock ivb; + u_int8_t *out; - *encrypted = chunk_alloc(data.len); + out = data.ptr; + if (encrypted) + { + *encrypted = chunk_alloc(data.len); + } memcpy(&ivb, iv.ptr, sizeof(des_cblock)); - des_ede3_cbc_encrypt((des_cblock*)(data.ptr), (des_cblock*)(encrypted->ptr), + des_ede3_cbc_encrypt((des_cblock*)(data.ptr), (des_cblock*)out, data.len, this->ks3[0], this->ks3[1], this->ks3[2], &ivb, DES_ENCRYPT); } diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c index 8cbeac5d4..8b9b37904 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crypter.c +++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c @@ -116,13 +116,20 @@ static void crypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst, int enc) { int len; + u_char *out; + + out = data.ptr; + if (dst) + { + *dst = chunk_alloc(data.len); + out = dst->ptr; + } EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); EVP_CipherInit_ex(&ctx, this->cipher, NULL, this->key.ptr, iv.ptr, enc); EVP_CIPHER_CTX_set_padding(&ctx, 0); /* disable padding */ - *dst = chunk_alloc(data.len); - EVP_CipherUpdate(&ctx, dst->ptr, &len, data.ptr, data.len); - EVP_CipherFinal_ex(&ctx, dst->ptr, &len); /* since padding is disabled this does nothing */ + EVP_CipherUpdate(&ctx, out, &len, data.ptr, data.len); + EVP_CipherFinal_ex(&ctx, out, &len); /* since padding is disabled this does nothing */ EVP_CIPHER_CTX_cleanup(&ctx); } -- cgit v1.2.3