lupine/hide-eid
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Prep for 6-in-6, 4-in-6, 6-in-4

Browse Source
This commit is contained in:
Nick Thomas
2013-08-15 00:09:23 +01:00
parent 2ffff92d36
commit 1cdf838ac9
5 changed files with 212 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
pass-1/rlocs.c
View File

@@ -558,6 +558,10 @@ int rlocs_update_peer_context(struct rlocs *reg, struct rloc *x, struct rloc *y)
* decrypt packet data. */
EVP_CIPHER_CTX_init( &entry->ctx );
entry->reg = reg;
entry->x = x;
entry->y = y;
entry->path_mtu = DEFAULT_PATH_MTU;
entry->in_use = 1;
@@ -573,16 +577,14 @@ fail:
}
static inline struct peer_context *rlocs_get_peer_ctx( struct rlocs *reg, struct rloc *x, struct rloc *y )
struct peer_context *rlocs_get_peer_ctx( struct rlocs *reg, struct rloc *x, struct rloc *y )
{
return &reg->peer_contexts[x->context_id][y->context_id];
}
ssize_t rlocs_encrypt( struct rlocs *reg, struct rloc *x, struct rloc *y, unsigned char *data, size_t data_len, unsigned char *dest, size_t dest_len )
ssize_t rlocs_encrypt( struct peer_context *pctx, unsigned char *data, size_t data_len, unsigned char *dest, size_t dest_len )
{
struct peer_context *entry = rlocs_get_peer_ctx( reg, x, y );
if ( !entry->in_use && !rlocs_update_peer_context( reg, x, y ) ) {
if ( !pctx->in_use && !rlocs_update_peer_context( pctx->reg, pctx->x, pctx->y ) ) {
warn( "Couldn't build an encryption context for these rlocs" );
return -1;
}
@@ -596,29 +598,29 @@ ssize_t rlocs_encrypt( struct rlocs *reg, struct rloc *x, struct rloc *y, unsign
}
unsigned char *iv = dest;
unsigned char *secret = (unsigned char *)&entry->secret[0];
unsigned char *secret = (unsigned char *)&pctx->secret[0];
size_t written = 16;
int outl = dest_len - written;
RAND_pseudo_bytes( iv, 16 );
if ( !EVP_EncryptInit_ex( &entry->ctx, EVP_aes_256_gcm(), NULL, NULL, NULL ) ) {
if ( !EVP_EncryptInit_ex( &pctx->ctx, EVP_aes_256_gcm(), NULL, NULL, NULL ) ) {
warn( "EVP_EncryptInit_ex() (1) failed" );
goto fail;
}
if ( !EVP_CIPHER_CTX_ctrl( &entry->ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL)) {
if ( !EVP_CIPHER_CTX_ctrl( &pctx->ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL)) {
warn ("Setting IV len to 16 failed" );
goto fail;
}
if ( !EVP_EncryptInit_ex( &entry->ctx, NULL, NULL, secret, iv ) ) {
if ( !EVP_EncryptInit_ex( &pctx->ctx, NULL, NULL, secret, iv ) ) {
warn( "EVP_EncryptInit_ex() (2) failed" );
goto fail;
}
if ( !EVP_EncryptUpdate( &entry->ctx, dest + written, &outl, data, data_len ) ) {
if ( !EVP_EncryptUpdate( &pctx->ctx, dest + written, &outl, data, data_len ) ) {
warn( "EVP_EncryptUpdate() failed" );
goto fail;
}
@@ -628,7 +630,7 @@ ssize_t rlocs_encrypt( struct rlocs *reg, struct rloc *x, struct rloc *y, unsign
written += outl;
outl = dest_len - written;
if ( !EVP_EncryptFinal_ex( &entry->ctx, dest + written, &outl ) ) {
if ( !EVP_EncryptFinal_ex( &pctx->ctx, dest + written, &outl ) ) {
warn( "EVP_EncryptFinal_ex() failed" );
goto fail;
}
@@ -636,7 +638,7 @@ ssize_t rlocs_encrypt( struct rlocs *reg, struct rloc *x, struct rloc *y, unsign
written += outl;
/* Get the tag */
if( !EVP_CIPHER_CTX_ctrl( &entry->ctx, EVP_CTRL_GCM_GET_TAG, 16, dest + written ) ) {
if( !EVP_CIPHER_CTX_ctrl( &pctx->ctx, EVP_CTRL_GCM_GET_TAG, 16, dest + written ) ) {
warn( "Getting GCM tag for our encrypted data failed" );
goto fail;
}
@@ -648,17 +650,15 @@ fail:
return -1;
}
ssize_t rlocs_decrypt( struct rlocs *reg, struct rloc *x, struct rloc *y, unsigned char *data, size_t data_len, unsigned char *dest, size_t dest_len )
ssize_t rlocs_decrypt( struct peer_context *pctx, unsigned char *data, size_t data_len, unsigned char *dest, size_t dest_len )
{
struct peer_context *entry = rlocs_get_peer_ctx( reg, x, y );
if ( !entry->in_use && !rlocs_update_peer_context( reg, x, y ) ) {
if ( !pctx->in_use && !rlocs_update_peer_context( pctx->reg, pctx->x, pctx->y ) ) {
warn( "Couldn't build a decryption context for these rlocs" );
return -1;
}
unsigned char *iv = data;
unsigned char *secret = (unsigned char *)&entry->secret[0];
unsigned char *secret = (unsigned char *)&pctx->secret[0];
size_t written = 0;
int outl = dest_len;
@@ -668,22 +668,22 @@ ssize_t rlocs_decrypt( struct rlocs *reg, struct rloc *x, struct rloc *y, unsign
goto fail;
}
if ( !EVP_DecryptInit_ex( &entry->ctx, EVP_aes_256_gcm(), NULL, NULL, NULL ) ) {
if ( !EVP_DecryptInit_ex( &pctx->ctx, EVP_aes_256_gcm(), NULL, NULL, NULL ) ) {
warn( "EVP_DecryptInit_ex() (1) failed" );
goto fail;
}
if ( !EVP_CIPHER_CTX_ctrl(&entry->ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL)) {
if ( !EVP_CIPHER_CTX_ctrl(&pctx->ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL)) {
warn ("Setting IV len to 16 failed" );
goto fail;
}
if ( !EVP_DecryptInit_ex( &entry->ctx, NULL, NULL, secret, iv ) ) {
if ( !EVP_DecryptInit_ex( &pctx->ctx, NULL, NULL, secret, iv ) ) {
warn( "EVP_DecryptInit_ex() (2) failed" );
goto fail;
}
if ( !EVP_DecryptUpdate( &entry->ctx, dest, &outl, data + 16, data_len - 32 ) ) {
if ( !EVP_DecryptUpdate( &pctx->ctx, dest, &outl, data + 16, data_len - 32 ) ) {
warn( "EVP_DecryptUpdate() failed" );
goto fail;
}
@@ -691,12 +691,12 @@ ssize_t rlocs_decrypt( struct rlocs *reg, struct rloc *x, struct rloc *y, unsign
written += outl;
outl = dest_len - written;
if( !EVP_CIPHER_CTX_ctrl(&entry->ctx, EVP_CTRL_GCM_SET_TAG, 16, data + (data_len - 16 ) ) ) {
if( !EVP_CIPHER_CTX_ctrl(&pctx->ctx, EVP_CTRL_GCM_SET_TAG, 16, data + (data_len - 16 ) ) ) {
warn( "Failed to provide GCM tag to decrypt routine" );
goto fail;
}
if ( !EVP_DecryptFinal_ex( &entry->ctx, dest + written, &outl ) ) {
if ( !EVP_DecryptFinal_ex( &pctx->ctx, dest + written, &outl ) ) {
warn( "EVP_DecryptFinal_ex() failed - bad tag?" );
goto fail;
}