mirror of
https://github.com/ntop/n2n.git
synced 2024-09-19 16:41:11 +02:00
Move AES IV out of struct sa_aes
This commit is contained in:
parent
84593a2254
commit
c702ca8686
|
@ -44,9 +44,7 @@ struct sa_aes
|
|||
n2n_cipherspec_t spec; /* cipher spec parameters */
|
||||
n2n_sa_t sa_id; /* security association index */
|
||||
AES_KEY enc_key; /* tx key */
|
||||
n2n_aes_ivec_t enc_ivec; /* tx CBC state */
|
||||
AES_KEY dec_key; /* tx key */
|
||||
n2n_aes_ivec_t dec_ivec; /* tx CBC state */
|
||||
AES_KEY iv_enc_key; /* key used to encrypt the IV */
|
||||
uint8_t iv_ext_val[AES128_KEY_BYTES]; /* key used to extend the random IV seed to full block size */
|
||||
};
|
||||
|
@ -190,6 +188,7 @@ static int transop_encode_aes( n2n_trans_op_t * arg,
|
|||
size_t tx_sa_num = 0;
|
||||
uint64_t iv_seed = 0;
|
||||
uint8_t padding = 0;
|
||||
n2n_aes_ivec_t enc_ivec = {0};
|
||||
|
||||
/* The transmit sa is periodically updated */
|
||||
tx_sa_num = aes_choose_tx_sa( priv, peer_mac );
|
||||
|
@ -228,12 +227,12 @@ static int transop_encode_aes( n2n_trans_op_t * arg,
|
|||
assembly[len2 - 1] = padding;
|
||||
traceEvent( TRACE_DEBUG, "padding = %u, seed = %016lx", padding, iv_seed );
|
||||
|
||||
set_aes_cbc_iv(sa, sa->enc_ivec, iv_seed);
|
||||
set_aes_cbc_iv(sa, enc_ivec, iv_seed);
|
||||
|
||||
AES_cbc_encrypt( assembly, /* source */
|
||||
outbuf + TRANSOP_AES_PREAMBLE_SIZE, /* dest */
|
||||
len2, /* enc size */
|
||||
&(sa->enc_key), sa->enc_ivec, AES_ENCRYPT );
|
||||
&(sa->enc_key), enc_ivec, AES_ENCRYPT );
|
||||
|
||||
len2 += TRANSOP_AES_PREAMBLE_SIZE; /* size of data carried in UDP. */
|
||||
}
|
||||
|
@ -321,14 +320,15 @@ static int transop_decode_aes( n2n_trans_op_t * arg,
|
|||
if ( 0 == (len % AES_BLOCK_SIZE ) )
|
||||
{
|
||||
uint8_t padding;
|
||||
n2n_aes_ivec_t dec_ivec = {0};
|
||||
|
||||
set_aes_cbc_iv(sa, sa->dec_ivec, iv_seed);
|
||||
set_aes_cbc_iv(sa, dec_ivec, iv_seed);
|
||||
|
||||
AES_cbc_encrypt( (inbuf + TRANSOP_AES_PREAMBLE_SIZE),
|
||||
assembly, /* destination */
|
||||
len,
|
||||
&(sa->dec_key),
|
||||
sa->dec_ivec, AES_DECRYPT );
|
||||
dec_ivec, AES_DECRYPT );
|
||||
|
||||
/* last byte is how much was padding: max value should be
|
||||
* AES_BLOCKSIZE-1 */
|
||||
|
@ -401,8 +401,6 @@ static int setup_aes_key(transop_aes_t *priv, const uint8_t *key, ssize_t key_si
|
|||
/* Clear out any old possibly longer key matter. */
|
||||
memset( &(sa->enc_key), 0, sizeof(sa->enc_key) );
|
||||
memset( &(sa->dec_key), 0, sizeof(sa->dec_key) );
|
||||
memset( &(sa->enc_ivec), 0, sizeof(sa->enc_ivec) );
|
||||
memset( &(sa->dec_ivec), 0, sizeof(sa->dec_ivec) );
|
||||
memset( &(sa->iv_enc_key), 0, sizeof(sa->iv_enc_key) );
|
||||
memset( &(sa->iv_ext_val), 0, sizeof(sa->iv_ext_val) );
|
||||
|
||||
|
@ -583,9 +581,9 @@ int transop_aes_init( n2n_trans_op_t * ttt )
|
|||
sa->sa_id=0;
|
||||
memset( &(sa->spec), 0, sizeof(n2n_cipherspec_t) );
|
||||
memset( &(sa->enc_key), 0, sizeof(sa->enc_key) );
|
||||
memset( &(sa->enc_ivec), 0, sizeof(sa->enc_ivec) );
|
||||
memset( &(sa->dec_key), 0, sizeof(sa->dec_key) );
|
||||
memset( &(sa->dec_ivec), 0, sizeof(sa->dec_ivec) );
|
||||
memset( &(sa->iv_enc_key), 0, sizeof(sa->iv_enc_key) );
|
||||
memset( &(sa->iv_ext_val), 0, sizeof(sa->iv_ext_val) );
|
||||
}
|
||||
|
||||
retval = 0;
|
||||
|
|
Loading…
Reference in New Issue
Block a user