From: angelos Date: Wed, 29 Mar 2000 07:09:40 +0000 (+0000) Subject: Better support for weird IV schemes (like ESP half-IV, or the swap X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=6ed400791d9adc80112f6cb213122546820f49e8;p=openbsd Better support for weird IV schemes (like ESP half-IV, or the swap encryption block-number IV). --- diff --git a/sys/crypto/crypto.h b/sys/crypto/crypto.h index ef11a18ec3e..f4515fb6abb 100644 --- a/sys/crypto/crypto.h +++ b/sys/crypto/crypto.h @@ -66,6 +66,7 @@ struct cryptoini int cri_klen; /* Key length, in bits */ int cri_rnd; /* Algorithm rounds, where relevant */ caddr_t cri_key; /* key to use */ + u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */ struct cryptoini *cri_next; }; @@ -78,10 +79,12 @@ struct cryptodesc int crd_flags; #define CRD_F_ENCRYPT 0x1 /* Set when doing encryption */ -#define CRD_F_HALFIV 0x2 -#define CRD_F_IV_PRESENT 0x4 /* Used/sensible only when encrypting */ +#define CRD_F_IV_PRESENT 0x2 /* When encrypting, IV is already in + place, so don't copy. */ +#define CRD_F_IV_EXPLICIT 0x4 /* IV explicitly provided */ struct cryptoini CRD_INI; /* Initialization/context data */ +#define crd_iv CRD_INI.cri_iv #define crd_key CRD_INI.cri_key #define crd_rnd CRD_INI.cri_rnd #define crd_alg CRD_INI.cri_alg diff --git a/sys/crypto/cryptosoft.c b/sys/crypto/cryptosoft.c index ec291177422..5091ea61b15 100644 --- a/sys/crypto/cryptosoft.c +++ b/sys/crypto/cryptosoft.c @@ -85,25 +85,12 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, { if (crd->crd_flags & CRD_F_ENCRYPT) { - /* Inject IV */ - if (crd->crd_flags & CRD_F_HALFIV) - { - if (crd->crd_flags & CRD_F_IV_PRESENT) - bcopy(buf + crd->crd_inject, sw->sw_iv, blks / 2); - - /* "Cook" half-IV */ - for (k = 0; k < blks / 2; k++) - sw->sw_iv[(blks / 2) + k] = ~sw->sw_iv[k]; + /* IV explicitly provided ? */ + if (crd->crd_flags & CRD_F_IV_EXPLICIT) + bcopy(crd->crd_iv, sw->sw_iv, blks); - bcopy(sw->sw_iv, buf + crd->crd_inject, blks / 2); - } - else - { - if (crd->crd_flags & CRD_F_IV_PRESENT) - bcopy(buf + crd->crd_inject, sw->sw_iv, blks); - else - bcopy(sw->sw_iv, buf + crd->crd_inject, blks); - } + if (!(crd->crd_flags & CRD_F_IV_PRESENT)) + bcopy(sw->sw_iv, buf + crd->crd_inject, blks); for (i = crd->crd_skip; i < crd->crd_skip + crd->crd_len; @@ -125,13 +112,11 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, } else /* Decrypt */ { - /* Copy the IV off the buffer */ - bcopy(buf + crd->crd_inject, sw->sw_iv, blks); - - /* "Cook" half-IV */ - if (crd->crd_flags & CRD_F_HALFIV) - for (k = 0; k < blks / 2; k++) - sw->sw_iv[(blks / 2) + k] = ~sw->sw_iv[k]; + /* IV explicitly provided ? */ + if (crd->crd_flags & CRD_F_IV_EXPLICIT) + bcopy(crd->crd_iv, sw->sw_iv, blks); + else /* IV preceeds data */ + bcopy(buf + crd->crd_inject, sw->sw_iv, blks); /* * Start at the end, so we don't need to keep the encrypted @@ -162,32 +147,23 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, /* Initialize the IV */ if (crd->crd_flags & CRD_F_ENCRYPT) { - if (crd->crd_flags & CRD_F_IV_PRESENT) - m_copydata(m, crd->crd_inject, blks, iv); + /* IV explicitly provided ? */ + if (crd->crd_flags & CRD_F_IV_EXPLICIT) + bcopy(crd->crd_iv, iv, blks); else - bcopy(sw->sw_iv, iv, blks); + bcopy(sw->sw_iv, iv, blks); /* Use IV from context */ - /* "Cook" half-IV */ - if (crd->crd_flags & CRD_F_HALFIV) - { - for (k = 0; k < blks / 2; k++) - iv[(blks / 2) + k] = ~iv[k]; - - if (!(crd->crd_flags & CRD_F_IV_PRESENT)) - m_copyback(m, crd->crd_inject, blks / 2, iv); - } - else - if (!(crd->crd_flags & CRD_F_IV_PRESENT)) - m_copyback(m, crd->crd_inject, blks, iv); + /* Do we need to write the IV */ + if (!(crd->crd_flags & CRD_F_IV_PRESENT)) + m_copyback(m, crd->crd_inject, blks, iv); } - else + else /* Decryption */ { - m_copydata(m, crd->crd_inject, blks, iv); /* Get IV off mbuf */ - - /* "Cook" half-IV */ - if (crd->crd_flags & CRD_F_HALFIV) - for (k = 0; k < blks / 2; k++) - iv[(blks / 2) + k] = ~iv[k]; + /* IV explicitly provided ? */ + if (crd->crd_flags & CRD_F_IV_EXPLICIT) + bcopy(crd->crd_iv, iv, blks); + else + m_copydata(m, crd->crd_inject, blks, iv); /* Get IV off mbuf */ } ivp = iv;