sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-11-27 00:00:29 -05:00
Code Issues Projects Releases Wiki Activity

Variable key length crypters use default key length if zero given

Browse Source
This commit is contained in:
Martin Willi 2010-08-16 15:12:49 +02:00
parent 806ec8b1d6
commit e2c3b4820b
5 changed files with 54 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/libstrongswan/plugins/aes/aes_crypter.c
View File

@ -1534,6 +1534,9 @@ aes_crypter_t *aes_crypter_create(encryption_algorithm_t algo, size_t key_size)
} }
switch (key_size) switch (key_size)
{ {
case 0:
key_size = 16;
break;
case 32: case 32:
case 24: case 24:
case 16: case 16:

5
src/libstrongswan/plugins/blowfish/blowfish_crypter.c
View File

@ -166,7 +166,8 @@ METHOD(crypter_t, destroy, void,
/* /*
* Described in header * Described in header
*/ */
blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo, size_t key_size) blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo,
size_t key_size)
{ {
private_blowfish_crypter_t *this; private_blowfish_crypter_t *this;
@ -185,7 +186,7 @@ blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo, size_t
.set_key = _set_key, .set_key = _set_key,
.destroy = _destroy, .destroy = _destroy,
}, },
.key_size = key_size, .key_size = key_size ?: 16,
); );
return &this->public; return &this->public;

6
src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
View File

@ -194,7 +194,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
gcrypt_alg = GCRY_CIPHER_CAST5; gcrypt_alg = GCRY_CIPHER_CAST5;
break; break;
case ENCR_BLOWFISH: case ENCR_BLOWFISH:
if (key_size != 16) if (key_size != 16 && key_size != 0)
{ /* gcrypt currently supports 128 bit blowfish only */ { /* gcrypt currently supports 128 bit blowfish only */
return NULL; return NULL;
} }
@ -206,6 +206,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
case ENCR_AES_CBC: case ENCR_AES_CBC:
switch (key_size) switch (key_size)
{ {
case 0:
case 16: case 16:
gcrypt_alg = GCRY_CIPHER_AES128; gcrypt_alg = GCRY_CIPHER_AES128;
break; break;
@ -226,6 +227,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
switch (key_size) switch (key_size)
{ {
#ifdef HAVE_GCRY_CIPHER_CAMELLIA #ifdef HAVE_GCRY_CIPHER_CAMELLIA
case 0:
case 16: case 16:
gcrypt_alg = GCRY_CIPHER_CAMELLIA128; gcrypt_alg = GCRY_CIPHER_CAMELLIA128;
break; break;
@ -243,6 +245,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
case ENCR_SERPENT_CBC: case ENCR_SERPENT_CBC:
switch (key_size) switch (key_size)
{ {
case 0:
case 16: case 16:
gcrypt_alg = GCRY_CIPHER_SERPENT128; gcrypt_alg = GCRY_CIPHER_SERPENT128;
break; break;
@ -259,6 +262,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
case ENCR_TWOFISH_CBC: case ENCR_TWOFISH_CBC:
switch (key_size) switch (key_size)
{ {
case 0:
case 16: case 16:
gcrypt_alg = GCRY_CIPHER_TWOFISH128; gcrypt_alg = GCRY_CIPHER_TWOFISH128;
break; break;

101
src/libstrongswan/plugins/openssl/openssl_crypter.c
View File

@ -40,80 +40,49 @@ struct private_openssl_crypter_t {
const EVP_CIPHER *cipher; const EVP_CIPHER *cipher;
}; };
/**
* Mapping from the algorithms defined in IKEv2 to
* OpenSSL algorithm names and their key length
*/
typedef struct {
/**
* Identifier specified in IKEv2
*/
int ikev2_id;
/**
* Name of the algorithm, as used in OpenSSL
*/
char *name;
/**
* Minimum valid key length in bytes
*/
size_t key_size_min;
/**
* Maximum valid key length in bytes
*/
size_t key_size_max;
} openssl_algorithm_t;
#define END_OF_LIST -1
/**
* Algorithms for encryption
*/
static openssl_algorithm_t encryption_algs[] = {
/* {ENCR_DES_IV64, "***", 0, 0}, */
{ENCR_DES, "des", 8, 8}, /* 64 bits */
{ENCR_3DES, "des3", 24, 24}, /* 192 bits */
{ENCR_RC5, "rc5", 5, 255}, /* 40 to 2040 bits, RFC 2451 */
{ENCR_IDEA, "idea", 16, 16}, /* 128 bits, RFC 2451 */
{ENCR_CAST, "cast", 5, 16}, /* 40 to 128 bits, RFC 2451 */
{ENCR_BLOWFISH, "blowfish", 5, 56}, /* 40 to 448 bits, RFC 2451 */
/* {ENCR_3IDEA, "***", 0, 0}, */
/* {ENCR_DES_IV32, "***", 0, 0}, */
/* {ENCR_NULL, "***", 0, 0}, */ /* handled separately */
/* {ENCR_AES_CBC, "***", 0, 0}, */ /* handled separately */
/* {ENCR_CAMELLIA_CBC, "***", 0, 0}, */ /* handled separately */
/* {ENCR_AES_CTR, "***", 0, 0}, */ /* disabled in evp.h */
{END_OF_LIST, NULL, 0, 0},
};
/** /**
* Look up an OpenSSL algorithm name and validate its key size * Look up an OpenSSL algorithm name and validate its key size
*/ */
static char* lookup_algorithm(openssl_algorithm_t *openssl_algo, static char* lookup_algorithm(u_int16_t ikev2_algo, size_t *key_size)
u_int16_t ikev2_algo, size_t *key_size)
{ {
while (openssl_algo->ikev2_id != END_OF_LIST) struct {
/* identifier specified in IKEv2 */
int ikev2_id;
/* name of the algorithm, as used in OpenSSL */
char *name;
/* default key size in bytes */
size_t key_def;
/* minimum key size */
size_t key_min;
/* maximum key size */
size_t key_max;
} mappings[] = {
{ENCR_DES, "des", 8, 8, 8},
{ENCR_3DES, "des3", 24, 24, 24},
{ENCR_RC5, "rc5", 16, 5, 255},
{ENCR_IDEA, "idea", 16, 16, 16},
{ENCR_CAST, "cast", 16, 5, 16},
{ENCR_BLOWFISH, "blowfish", 16, 5, 56},
};
int i;
for (i = 0; i < countof(mappings); i++)
{ {
if (ikev2_algo == openssl_algo->ikev2_id) if (ikev2_algo == mappings[i].ikev2_id)
{ {
/* set the key size if it is not set */ /* set the key size if it is not set */
if (*key_size == 0 && if (*key_size == 0)
(openssl_algo->key_size_min == openssl_algo->key_size_max))
{ {
*key_size = openssl_algo->key_size_min; *key_size = mappings[i].key_def;
} }
/* validate key size */ /* validate key size */
if (*key_size < openssl_algo->key_size_min || if (*key_size < mappings[i].key_min ||
*key_size > openssl_algo->key_size_max) *key_size > mappings[i].key_max)
{ {
return NULL; return NULL;
} }
return openssl_algo->name; return mappings[i].name;
} }
openssl_algo++;
} }
return NULL; return NULL;
} }
@ -211,10 +180,14 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
{ {
case ENCR_NULL: case ENCR_NULL:
this->cipher = EVP_enc_null(); this->cipher = EVP_enc_null();
key_size = 0;
break; break;
case ENCR_AES_CBC: case ENCR_AES_CBC:
switch (key_size) switch (key_size)
{ {
case 0:
key_size = 16;
/* FALL */
case 16: /* AES 128 */ case 16: /* AES 128 */
this->cipher = EVP_get_cipherbyname("aes128"); this->cipher = EVP_get_cipherbyname("aes128");
break; break;
@ -232,6 +205,9 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
case ENCR_CAMELLIA_CBC: case ENCR_CAMELLIA_CBC:
switch (key_size) switch (key_size)
{ {
case 0:
key_size = 16;
/* FALL */
case 16: /* CAMELLIA 128 */ case 16: /* CAMELLIA 128 */
this->cipher = EVP_get_cipherbyname("camellia128"); this->cipher = EVP_get_cipherbyname("camellia128");
break; break;
@ -247,11 +223,14 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
} }
break; break;
case ENCR_DES_ECB: case ENCR_DES_ECB:
key_size = 8;
this->cipher = EVP_des_ecb(); this->cipher = EVP_des_ecb();
break; break;
default: default:
{ {
char* name = lookup_algorithm(encryption_algs, algo, &key_size); char* name;
name = lookup_algorithm(algo, &key_size);
if (!name) if (!name)
{ {
/* algo unavailable or key_size invalid */ /* algo unavailable or key_size invalid */

3
src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
View File

@ -164,6 +164,9 @@ padlock_aes_crypter_t *padlock_aes_crypter_create(encryption_algorithm_t algo,
} }
switch (key_size) switch (key_size)
{ {
case 0:
key_size = 16;
/* FALL */
case 16: /* AES 128 */ case 16: /* AES 128 */
break; break;
case 24: /* AES-192 */ case 24: /* AES-192 */