X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fgcrypt%2Fcipher.c;h=2813da6b5d0079564041fbe038dae7d45a79b3af;hb=c44b08613508c993e7fd9f625e0b1b4775efffed;hp=77add6c3284dc568d3414b19a92b2dad247f5be9;hpb=551cd19406a560d0d206bff5b4e9da064ec222b6;p=tinc diff --git a/src/gcrypt/cipher.c b/src/gcrypt/cipher.c index 77add6c3..2813da6b 100644 --- a/src/gcrypt/cipher.c +++ b/src/gcrypt/cipher.c @@ -1,6 +1,6 @@ /* cipher.c -- Symmetric block cipher handling - Copyright (C) 2007 Guus Sliepen + Copyright (C) 2007-2022 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -12,52 +12,52 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id$ + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -#include "system.h" +#include "../system.h" #include "cipher.h" -#include "logger.h" -#include "xalloc.h" +#include "../cipher.h" +#include "../logger.h" +#include "../xalloc.h" + +typedef enum gcry_cipher_algos cipher_algo_t; +typedef enum gcry_cipher_modes cipher_mode_t; static struct { const char *name; - int algo; - int mode; - int nid; + cipher_algo_t algo; + cipher_mode_t mode; + nid_t nid; } ciphertable[] = { {"none", GCRY_CIPHER_NONE, GCRY_CIPHER_MODE_NONE, 0}, - {NULL, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_ECB, 92}, + {NULL, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_ECB, 92}, {"blowfish", GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, 91}, - {NULL, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CFB, 93}, - {NULL, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB, 94}, - - {NULL, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 418}, - {"aes", GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 419}, - {NULL, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CFB, 421}, - {NULL, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_OFB, 420}, - - {NULL, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_ECB, 422}, - {"aes192", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC, 423}, - {NULL, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CFB, 425}, - {NULL, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_OFB, 424}, - - {NULL, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_ECB, 426}, - {"aes256", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 427}, - {NULL, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB, 429}, - {NULL, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB, 428}, + {NULL, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CFB, 93}, + {NULL, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB, 94}, + + {"aes-128-ecb", GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 418}, + {"aes-128-cbc", GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 419}, + {"aes-128-cfb", GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CFB, 421}, + {"aes-128-ofb", GCRY_CIPHER_AES, GCRY_CIPHER_MODE_OFB, 420}, + + {"aes-192-ecb", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_ECB, 422}, + {"aes-192-cbc", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC, 423}, + {"aes-192-cfb", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CFB, 425}, + {"aes-192-ofb", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_OFB, 424}, + + {"aes-256-ecb", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_ECB, 426}, + {"aes-256-cbc", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 427}, + {"aes-256-cfb", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB, 429}, + {"aes-256-ofb", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB, 428}, }; -static bool nametocipher(const char *name, int *algo, int *mode) { - size_t i; - - for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) { +static bool nametocipher(const char *name, cipher_algo_t *algo, cipher_mode_t *mode) { + for(size_t i = 0; i < sizeof(ciphertable) / sizeof(*ciphertable); i++) { if(ciphertable[i].name && !strcasecmp(name, ciphertable[i].name)) { *algo = ciphertable[i].algo; *mode = ciphertable[i].mode; @@ -68,10 +68,8 @@ static bool nametocipher(const char *name, int *algo, int *mode) { return false; } -static bool nidtocipher(int nid, int *algo, int *mode) { - size_t i; - - for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) { +static bool nidtocipher(cipher_algo_t *algo, cipher_mode_t *mode, nid_t nid) { + for(size_t i = 0; i < sizeof(ciphertable) / sizeof(*ciphertable); i++) { if(nid == ciphertable[i].nid) { *algo = ciphertable[i].algo; *mode = ciphertable[i].mode; @@ -82,10 +80,8 @@ static bool nidtocipher(int nid, int *algo, int *mode) { return false; } -static bool ciphertonid(int algo, int mode, int *nid) { - size_t i; - - for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) { +static bool ciphertonid(nid_t *nid, cipher_algo_t algo, cipher_mode_t mode) { + for(size_t i = 0; i < sizeof(ciphertable) / sizeof(*ciphertable); i++) { if(algo == ciphertable[i].algo && mode == ciphertable[i].mode) { *nid = ciphertable[i].nid; return true; @@ -95,87 +91,102 @@ static bool ciphertonid(int algo, int mode, int *nid) { return false; } -static bool cipher_open(cipher_t *cipher, int algo, int mode) { +static bool cipher_open(cipher_t *cipher, cipher_algo_t algo, cipher_mode_t mode) { gcry_error_t err; - if(!ciphertonid(algo, mode, &cipher->nid)) { - logger(LOG_DEBUG, _("Cipher %d mode %d has no corresponding nid!"), algo, mode); + if(!ciphertonid(&cipher->nid, algo, mode)) { + logger(DEBUG_ALWAYS, LOG_DEBUG, "Cipher %d mode %d has no corresponding nid!", algo, mode); return false; } if((err = gcry_cipher_open(&cipher->handle, algo, mode, 0))) { - logger(LOG_DEBUG, _("Unable to intialise cipher %d mode %d: %s"), algo, mode, gcry_strerror(err)); + logger(DEBUG_ALWAYS, LOG_DEBUG, "Unable to initialise cipher %d mode %d: %s", algo, mode, gcry_strerror(err)); return false; } cipher->keylen = gcry_cipher_get_algo_keylen(algo); - if(mode == GCRY_CIPHER_MODE_ECB || mode == GCRY_CIPHER_MODE_CBC) - cipher->blklen = gcry_cipher_get_algo_blklen(algo); - else - cipher->blklen = 0; - cipher->key = xmalloc(cipher->keylen + cipher->blklen); + cipher->blklen = gcry_cipher_get_algo_blklen(algo); + cipher->key = xmalloc(cipher_keylength(cipher)); + cipher->padding = mode == GCRY_CIPHER_MODE_ECB || mode == GCRY_CIPHER_MODE_CBC; return true; } bool cipher_open_by_name(cipher_t *cipher, const char *name) { - int algo, mode; + cipher_algo_t algo; + cipher_mode_t mode; if(!nametocipher(name, &algo, &mode)) { - logger(LOG_DEBUG, _("Unknown cipher name '%s'!"), name); + logger(DEBUG_ALWAYS, LOG_DEBUG, "Unknown cipher name '%s'!", name); return false; } return cipher_open(cipher, algo, mode); } -bool cipher_open_by_nid(cipher_t *cipher, int nid) { - int algo, mode; +bool cipher_open_by_nid(cipher_t *cipher, nid_t nid) { + cipher_algo_t algo; + cipher_mode_t mode; - if(!nidtocipher(nid, &algo, &mode)) { - logger(LOG_DEBUG, _("Unknown cipher ID %d!"), nid); + if(!nidtocipher(&algo, &mode, nid)) { + logger(DEBUG_ALWAYS, LOG_DEBUG, "Unknown cipher ID %d!", nid); return false; } return cipher_open(cipher, algo, mode); } -bool cipher_open_blowfish_ofb(cipher_t *cipher) { - return cipher_open(cipher, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB); -} - void cipher_close(cipher_t *cipher) { + if(!cipher) { + return; + } + if(cipher->handle) { gcry_cipher_close(cipher->handle); - cipher->handle = NULL; } - if(cipher->key) { - free(cipher->key); - cipher->key = NULL; - } + xzfree(cipher->key, cipher_keylength(cipher)); + memset(cipher, 0, sizeof(*cipher)); } size_t cipher_keylength(const cipher_t *cipher) { + if(!cipher) { + return 0; + } + return cipher->keylen + cipher->blklen; } -void cipher_get_key(const cipher_t *cipher, void *key) { - memcpy(key, cipher->key, cipher->keylen + cipher->blklen); -} +uint64_t cipher_budget(const cipher_t *cipher) { + if(!cipher) { + return UINT64_MAX; // NULL cipher + } -bool cipher_set_key(cipher_t *cipher, void *key, bool encrypt) { - memcpy(cipher->key, key, cipher->keylen + cipher->blklen); + size_t ivlen = cipher->blklen; + size_t blklen = cipher->blklen; - gcry_cipher_setkey(cipher->handle, cipher->key, cipher->keylen); - gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen); + size_t len = blklen > 1 + ? blklen + : ivlen > 1 ? ivlen : 8; + size_t bits = len * 4 - 1; - return true; + return bits < 64 + ? UINT64_C(1) << bits + : UINT64_MAX; } -bool cipher_set_key_from_rsa(cipher_t *cipher, void *key, size_t len, bool encrypt) { - memcpy(cipher->key, key + len - cipher->keylen, cipher->keylen + cipher->blklen); - memcpy(cipher->key + cipher->keylen, key + len - cipher->keylen - cipher->blklen, cipher->blklen); +size_t cipher_blocksize(const cipher_t *cipher) { + if(!cipher || !cipher->blklen) { + return 1; + } + + return cipher->blklen; +} + +bool cipher_set_key(cipher_t *cipher, void *key, bool encrypt) { + (void)encrypt; + + memcpy(cipher->key, key, cipher_keylength(cipher)); gcry_cipher_setkey(cipher->handle, cipher->key, cipher->keylen); gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen); @@ -183,77 +194,112 @@ bool cipher_set_key_from_rsa(cipher_t *cipher, void *key, size_t len, bool encry return true; } -bool cipher_regenerate_key(cipher_t *cipher, bool encrypt) { - gcry_create_nonce(cipher->key, cipher->keylen + cipher->blklen); +bool cipher_set_key_from_rsa(cipher_t *cipher, void *key, size_t len, bool encrypt) { + (void)encrypt; + memcpy(cipher->key, (char *)key + len - cipher->keylen, cipher->keylen); gcry_cipher_setkey(cipher->handle, cipher->key, cipher->keylen); + + memcpy((char *)cipher->key + cipher->keylen, (char *)key + len - cipher->blklen - cipher->keylen, cipher->blklen); gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen); return true; } -static bool cipher_add_padding(cipher_t *cipher, void *indata, size_t inlen, size_t *outlen) { - size_t reqlen; +bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) { + gcry_error_t err; + uint8_t pad[cipher->blklen]; - if(cipher->blklen == 1) { - *outlen = inlen; - return true; - } + if(cipher->padding) { + if(!oneshot) { + return false; + } - reqlen = ((inlen + 1) / cipher->blklen) * cipher->blklen; - if(reqlen > *outlen) - return false; + size_t reqlen = ((inlen + cipher->blklen) / cipher->blklen) * cipher->blklen; - // add padding + if(*outlen < reqlen) { + logger(DEBUG_ALWAYS, LOG_ERR, "Error while encrypting: not enough room for padding"); + return false; + } - *outlen = reqlen; - return true; -} + uint8_t padbyte = reqlen - inlen; + inlen = reqlen - cipher->blklen; -static bool cipher_remove_padding(cipher_t *cipher, void *indata, size_t inlen, size_t *outlen) { - size_t origlen; + for(int i = 0; i < cipher->blklen; i++) + if(i < cipher->blklen - padbyte) { + pad[i] = ((uint8_t *)indata)[inlen + i]; + } else { + pad[i] = padbyte; + } + } - if(cipher->blklen == 1) { - *outlen = inlen; - return true; + if(oneshot) { + gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen); } - if(inlen % cipher->blklen) + if((err = gcry_cipher_encrypt(cipher->handle, outdata, *outlen, indata, inlen))) { + logger(DEBUG_ALWAYS, LOG_ERR, "Error while encrypting: %s", gcry_strerror(err)); return false; + } - // check and remove padding + if(cipher->padding) { + if((err = gcry_cipher_encrypt(cipher->handle, (char *)outdata + inlen, cipher->blklen, pad, cipher->blklen))) { + logger(DEBUG_ALWAYS, LOG_ERR, "Error while encrypting: %s", gcry_strerror(err)); + return false; + } - *outlen = origlen; + inlen += cipher->blklen; + } + + *outlen = inlen; return true; } -bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) { +bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) { gcry_error_t err; - // To be fixed + if(oneshot) { + gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen); + } - if((err = gcry_cipher_encrypt(cipher->handle, outdata, inlen, indata, inlen))) { - logger(LOG_ERR, _("Error while encrypting: %s"), gcry_strerror(err)); + if((err = gcry_cipher_decrypt(cipher->handle, outdata, *outlen, indata, inlen))) { + logger(DEBUG_ALWAYS, LOG_ERR, "Error while decrypting: %s", gcry_strerror(err)); return false; } - return true; -} + if(cipher->padding) { + if(!oneshot) { + return false; + } -bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) { - gcry_error_t err; + uint8_t padbyte = ((uint8_t *)outdata)[inlen - 1]; - // To be fixed + if(padbyte == 0 || padbyte > cipher->blklen || padbyte > inlen) { + logger(DEBUG_ALWAYS, LOG_ERR, "Error while decrypting: invalid padding"); + return false; + } - if((err = gcry_cipher_decrypt(cipher->handle, outdata, inlen, indata, inlen))) { - logger(LOG_ERR, _("Error while decrypting: %s"), gcry_strerror(err)); - return false; + size_t origlen = inlen - padbyte; + + for(size_t i = inlen - 1; i >= origlen; i--) + if(((uint8_t *)outdata)[i] != padbyte) { + logger(DEBUG_ALWAYS, LOG_ERR, "Error while decrypting: invalid padding"); + return false; + } + + *outlen = origlen; + } else { + *outlen = inlen; } return true; } -int cipher_get_nid(const cipher_t *cipher) { +nid_t cipher_get_nid(const cipher_t *cipher) { + if(!cipher || !cipher->nid) { + return 0; + } + return cipher->nid; }