mirror of
https://github.com/ntop/n2n.git
synced 2024-09-19 16:41:11 +02:00
changed aes transform to cipher text stealing mode
This commit is contained in:
parent
680248d154
commit
b4f9caa00b
|
@ -28,6 +28,10 @@
|
|||
#include <openssl/evp.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
|
||||
#define AES_BLOCK_SIZE 16
|
||||
#define AES_IV_SIZE (AES_BLOCK_SIZE)
|
||||
|
||||
#define AES256_KEY_BYTES (256/8)
|
||||
#define AES192_KEY_BYTES (192/8)
|
||||
#define AES128_KEY_BYTES (128/8)
|
||||
|
@ -48,10 +52,10 @@ typedef struct aes_context_t {
|
|||
|
||||
|
||||
int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len,
|
||||
unsigned char *iv, aes_context_t *ctx);
|
||||
const unsigned char *iv, aes_context_t *ctx);
|
||||
|
||||
int aes_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len,
|
||||
unsigned char *iv, aes_context_t *ctx);
|
||||
const unsigned char *iv, aes_context_t *ctx);
|
||||
|
||||
int aes_ecb_decrypt (unsigned char *out, const unsigned char *in, aes_context_t *ctx);
|
||||
|
||||
|
|
14
src/aes.c
14
src/aes.c
|
@ -45,7 +45,7 @@ static char *openssl_err_as_string (void) {
|
|||
/* ****************************************************** */
|
||||
|
||||
int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len,
|
||||
unsigned char *iv, aes_context_t *ctx) {
|
||||
const unsigned char *iv, aes_context_t *ctx) {
|
||||
|
||||
#ifdef HAVE_OPENSSL_1_1
|
||||
int evp_len;
|
||||
|
@ -75,20 +75,21 @@ int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len,
|
|||
|
||||
EVP_CIPHER_CTX_reset(ctx->enc_ctx);
|
||||
#else
|
||||
uint8_t tmp_iv[AES_IV_SIZE];
|
||||
memcpy (tmp_iv, iv, AES_IV_SIZE);
|
||||
AES_cbc_encrypt(in, // source
|
||||
out, // destination
|
||||
in_len, // enc size
|
||||
&(ctx->enc_key),
|
||||
iv,
|
||||
tmp_iv,
|
||||
AES_ENCRYPT);
|
||||
memset(iv, 0, AES_BLOCK_SIZE);
|
||||
#endif
|
||||
}
|
||||
|
||||
/* ****************************************************** */
|
||||
|
||||
int aes_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len,
|
||||
unsigned char *iv, aes_context_t *ctx) {
|
||||
const unsigned char *iv, aes_context_t *ctx) {
|
||||
|
||||
#ifdef HAVE_OPENSSL_1_1
|
||||
int evp_len;
|
||||
|
@ -118,13 +119,14 @@ int aes_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len,
|
|||
|
||||
EVP_CIPHER_CTX_reset(ctx->dec_ctx);
|
||||
#else
|
||||
uint8_t tmp_iv[AES_IV_SIZE];
|
||||
memcpy (tmp_iv, iv, AES_IV_SIZE);
|
||||
AES_cbc_encrypt(in, // source
|
||||
out, // destination
|
||||
in_len, // enc size
|
||||
&(ctx->dec_key),
|
||||
iv,
|
||||
tmp_iv,
|
||||
AES_DECRYPT);
|
||||
memset(iv, 0, AES_BLOCK_SIZE);
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
|
|
|
@ -22,8 +22,6 @@
|
|||
#ifdef N2N_HAVE_AES
|
||||
|
||||
|
||||
#define AES_BLOCK_SIZE 16
|
||||
|
||||
// size of random value prepended to plaintext defaults to AES BLOCK_SIZE;
|
||||
// gradually abandoning security, lower values could be chosen;
|
||||
// however, minimum transmission size with cipher text stealing scheme is one
|
||||
|
@ -31,11 +29,9 @@
|
|||
// might encounter an issue with lower values here
|
||||
#define AES_PREAMBLE_SIZE (AES_BLOCK_SIZE)
|
||||
|
||||
#define AES_IV_SIZE (AES_BLOCK_SIZE)
|
||||
|
||||
// cbc mode is being used with random value prepended to plaintext
|
||||
// instead of iv so, actual iv is null_iv
|
||||
uint8_t null_iv[AES_IV_SIZE] = {0};
|
||||
const uint8_t null_iv[AES_IV_SIZE] = {0};
|
||||
|
||||
typedef struct transop_aes {
|
||||
aes_context_t *ctx;
|
||||
|
|
Loading…
Reference in New Issue
Block a user