mirror of
https://github.com/ntop/n2n.git
synced 2024-09-20 00:51:10 +02:00
changed aes transform to cipher text stealing mode
This commit is contained in:
parent
680248d154
commit
b4f9caa00b
|
@ -28,6 +28,10 @@
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
|
|
||||||
|
|
||||||
|
#define AES_BLOCK_SIZE 16
|
||||||
|
#define AES_IV_SIZE (AES_BLOCK_SIZE)
|
||||||
|
|
||||||
#define AES256_KEY_BYTES (256/8)
|
#define AES256_KEY_BYTES (256/8)
|
||||||
#define AES192_KEY_BYTES (192/8)
|
#define AES192_KEY_BYTES (192/8)
|
||||||
#define AES128_KEY_BYTES (128/8)
|
#define AES128_KEY_BYTES (128/8)
|
||||||
|
@ -48,10 +52,10 @@ typedef struct aes_context_t {
|
||||||
|
|
||||||
|
|
||||||
int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len,
|
int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len,
|
||||||
unsigned char *iv, aes_context_t *ctx);
|
const unsigned char *iv, aes_context_t *ctx);
|
||||||
|
|
||||||
int aes_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len,
|
int aes_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len,
|
||||||
unsigned char *iv, aes_context_t *ctx);
|
const unsigned char *iv, aes_context_t *ctx);
|
||||||
|
|
||||||
int aes_ecb_decrypt (unsigned char *out, const unsigned char *in, aes_context_t *ctx);
|
int aes_ecb_decrypt (unsigned char *out, const unsigned char *in, aes_context_t *ctx);
|
||||||
|
|
||||||
|
|
14
src/aes.c
14
src/aes.c
|
@ -45,7 +45,7 @@ static char *openssl_err_as_string (void) {
|
||||||
/* ****************************************************** */
|
/* ****************************************************** */
|
||||||
|
|
||||||
int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len,
|
int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len,
|
||||||
unsigned char *iv, aes_context_t *ctx) {
|
const unsigned char *iv, aes_context_t *ctx) {
|
||||||
|
|
||||||
#ifdef HAVE_OPENSSL_1_1
|
#ifdef HAVE_OPENSSL_1_1
|
||||||
int evp_len;
|
int evp_len;
|
||||||
|
@ -75,20 +75,21 @@ int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len,
|
||||||
|
|
||||||
EVP_CIPHER_CTX_reset(ctx->enc_ctx);
|
EVP_CIPHER_CTX_reset(ctx->enc_ctx);
|
||||||
#else
|
#else
|
||||||
|
uint8_t tmp_iv[AES_IV_SIZE];
|
||||||
|
memcpy (tmp_iv, iv, AES_IV_SIZE);
|
||||||
AES_cbc_encrypt(in, // source
|
AES_cbc_encrypt(in, // source
|
||||||
out, // destination
|
out, // destination
|
||||||
in_len, // enc size
|
in_len, // enc size
|
||||||
&(ctx->enc_key),
|
&(ctx->enc_key),
|
||||||
iv,
|
tmp_iv,
|
||||||
AES_ENCRYPT);
|
AES_ENCRYPT);
|
||||||
memset(iv, 0, AES_BLOCK_SIZE);
|
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ****************************************************** */
|
/* ****************************************************** */
|
||||||
|
|
||||||
int aes_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len,
|
int aes_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len,
|
||||||
unsigned char *iv, aes_context_t *ctx) {
|
const unsigned char *iv, aes_context_t *ctx) {
|
||||||
|
|
||||||
#ifdef HAVE_OPENSSL_1_1
|
#ifdef HAVE_OPENSSL_1_1
|
||||||
int evp_len;
|
int evp_len;
|
||||||
|
@ -118,13 +119,14 @@ int aes_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len,
|
||||||
|
|
||||||
EVP_CIPHER_CTX_reset(ctx->dec_ctx);
|
EVP_CIPHER_CTX_reset(ctx->dec_ctx);
|
||||||
#else
|
#else
|
||||||
|
uint8_t tmp_iv[AES_IV_SIZE];
|
||||||
|
memcpy (tmp_iv, iv, AES_IV_SIZE);
|
||||||
AES_cbc_encrypt(in, // source
|
AES_cbc_encrypt(in, // source
|
||||||
out, // destination
|
out, // destination
|
||||||
in_len, // enc size
|
in_len, // enc size
|
||||||
&(ctx->dec_key),
|
&(ctx->dec_key),
|
||||||
iv,
|
tmp_iv,
|
||||||
AES_DECRYPT);
|
AES_DECRYPT);
|
||||||
memset(iv, 0, AES_BLOCK_SIZE);
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
@ -22,8 +22,6 @@
|
||||||
#ifdef N2N_HAVE_AES
|
#ifdef N2N_HAVE_AES
|
||||||
|
|
||||||
|
|
||||||
#define AES_BLOCK_SIZE 16
|
|
||||||
|
|
||||||
// size of random value prepended to plaintext defaults to AES BLOCK_SIZE;
|
// size of random value prepended to plaintext defaults to AES BLOCK_SIZE;
|
||||||
// gradually abandoning security, lower values could be chosen;
|
// gradually abandoning security, lower values could be chosen;
|
||||||
// however, minimum transmission size with cipher text stealing scheme is one
|
// however, minimum transmission size with cipher text stealing scheme is one
|
||||||
|
@ -31,11 +29,9 @@
|
||||||
// might encounter an issue with lower values here
|
// might encounter an issue with lower values here
|
||||||
#define AES_PREAMBLE_SIZE (AES_BLOCK_SIZE)
|
#define AES_PREAMBLE_SIZE (AES_BLOCK_SIZE)
|
||||||
|
|
||||||
#define AES_IV_SIZE (AES_BLOCK_SIZE)
|
|
||||||
|
|
||||||
// cbc mode is being used with random value prepended to plaintext
|
// cbc mode is being used with random value prepended to plaintext
|
||||||
// instead of iv so, actual iv is null_iv
|
// instead of iv so, actual iv is null_iv
|
||||||
uint8_t null_iv[AES_IV_SIZE] = {0};
|
const uint8_t null_iv[AES_IV_SIZE] = {0};
|
||||||
|
|
||||||
typedef struct transop_aes {
|
typedef struct transop_aes {
|
||||||
aes_context_t *ctx;
|
aes_context_t *ctx;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user