r15172@catbus: nickm | 2007-09-19 11:50:02 -0400

New (untested) code to implement AES-with-IV.  Currently, IVs are generated randomly.  Once tested, should be (almost) a drop-in replacement for the CBC functions.


svn:r11519
This commit is contained in:
Nick Mathewson 2007-09-19 15:53:41 +00:00
parent 7e93139a85
commit 5f7950e874
2 changed files with 88 additions and 1 deletions

View File

@ -1074,7 +1074,24 @@ crypto_cipher_set_key(crypto_cipher_env_t *env, const char *key)
return -1; return -1;
memcpy(env->key, key, CIPHER_KEY_LEN); memcpy(env->key, key, CIPHER_KEY_LEN);
return 0;
}
/** DOCDOC */
void
crypto_cipher_generate_iv(char *iv_out)
{
/* XXXX020 It's possible we want to get fancier here. */
crypto_rand(iv_out, CIPHER_IV_LEN);
}
/** DOCDOC */
int
crypto_cipher_set_iv(crypto_cipher_env_t *env, const char *iv)
{
tor_assert(env);
tor_assert(iv);
aes_set_iv(env->cipher, iv);
return 0; return 0;
} }
@ -1144,8 +1161,67 @@ crypto_cipher_decrypt(crypto_cipher_env_t *env, char *to,
return 0; return 0;
} }
#define AES_CIPHER_BLOCK_SIZE 16
/** Encrypt <b>fromlen</b> bytes (at least 1) from <b>from</b> with the key in
* <b>cipher</b> to the buffer in <b>to</b> of length
* <b>tolen</b>. <b>tolen</b> must be at least <b>fromlen</b> plus
* CIPHER_IV_LEN bytes for the initialization vector. On success, return the
* number of bytes written, on failure, return -1.
*
* This function adjusts the current position of the counter in <b>cipher</b>
* to immediately after the encrypted data.
*/
int
crypto_cipher_encrypt_with_iv(crypto_cipher_env_t *cipher,
char *to, size_t tolen,
const char *from, size_t fromlen)
{
tor_assert(cipher);
tor_assert(from);
tor_assert(to);
if (tolen < fromlen + CIPHER_IV_LEN)
return -1;
crypto_cipher_generate_iv(to);
if (crypto_cipher_set_iv(cipher, to)<0)
return -1;
crypto_cipher_encrypt(cipher, to+CIPHER_IV_LEN, from, fromlen);
crypto_free_cipher_env(cipher);
return fromlen + CIPHER_IV_LEN;
}
/** Encrypt <b>fromlen</b> bytes (at least 1+CIPHER_IV_LEN) from <b>from</b>
* with the key in <b>cipher</b> to the buffer in <b>to</b> of length
* <b>tolen</b>. <b>tolen</b> must be at least <b>fromlen</b> minus
* CIPHER_IV_LEN bytes for the initialization vector. On success, return the
* number of bytes written, on failure, return -1.
*
* This function adjusts the current position of the counter in <b>cipher</b>
* to immediately after the decrypted data.
*/
int
crypto_cipher_decrypt_with_iv(crypto_cipher_env_t *cipher,
char *to, size_t tolen,
const char *from, size_t fromlen)
{
tor_assert(cipher);
tor_assert(from);
tor_assert(to);
if (fromlen < CIPHER_IV_LEN)
return -1;
if (tolen < fromlen - CIPHER_IV_LEN)
return -1;
if (crypto_cipher_set_iv(cipher, from)<0)
return -1;
crypto_cipher_encrypt(cipher, to, from+CIPHER_IV_LEN, fromlen-CIPHER_IV_LEN);
crypto_free_cipher_env(cipher);
return fromlen - CIPHER_IV_LEN;
}
#define AES_CIPHER_BLOCK_SIZE 16
#define AES_IV_SIZE 16 #define AES_IV_SIZE 16
/** Encrypt <b>fromlen</b> bytes (at least 1) from <b>from</b> with the /** Encrypt <b>fromlen</b> bytes (at least 1) from <b>from</b> with the

View File

@ -21,6 +21,8 @@
#define DIGEST_LEN 20 #define DIGEST_LEN 20
/** Length of our symmetric cipher's keys. */ /** Length of our symmetric cipher's keys. */
#define CIPHER_KEY_LEN 16 #define CIPHER_KEY_LEN 16
/** Length of our symmetric cipher's IV. */
#define CIPHER_IV_LEN 16
/** Length of our public keys. */ /** Length of our public keys. */
#define PK_BYTES (1024/8) #define PK_BYTES (1024/8)
/** Length of our DH keys. */ /** Length of our DH keys. */
@ -115,6 +117,8 @@ int crypto_pk_check_fingerprint_syntax(const char *s);
/* symmetric crypto */ /* symmetric crypto */
int crypto_cipher_generate_key(crypto_cipher_env_t *env); int crypto_cipher_generate_key(crypto_cipher_env_t *env);
int crypto_cipher_set_key(crypto_cipher_env_t *env, const char *key); int crypto_cipher_set_key(crypto_cipher_env_t *env, const char *key);
void crypto_cipher_generate_iv(char *iv_out);
int crypto_cipher_set_iv(crypto_cipher_env_t *env, const char *iv);
const char *crypto_cipher_get_key(crypto_cipher_env_t *env); const char *crypto_cipher_get_key(crypto_cipher_env_t *env);
int crypto_cipher_encrypt_init_cipher(crypto_cipher_env_t *env); int crypto_cipher_encrypt_init_cipher(crypto_cipher_env_t *env);
int crypto_cipher_decrypt_init_cipher(crypto_cipher_env_t *env); int crypto_cipher_decrypt_init_cipher(crypto_cipher_env_t *env);
@ -124,6 +128,13 @@ int crypto_cipher_encrypt(crypto_cipher_env_t *env, char *to,
int crypto_cipher_decrypt(crypto_cipher_env_t *env, char *to, int crypto_cipher_decrypt(crypto_cipher_env_t *env, char *to,
const char *from, size_t fromlen); const char *from, size_t fromlen);
int crypto_cipher_encrypt_with_iv(crypto_cipher_env_t *env,
char *to, size_t tolen,
const char *from, size_t fromlen);
int crypto_cipher_decrypt_with_iv(crypto_cipher_env_t *env,
char *to, size_t tolen,
const char *from, size_t fromlen);
int crypto_cipher_encrypt_cbc(const char *key, char *to, size_t tolen, int crypto_cipher_encrypt_cbc(const char *key, char *to, size_t tolen,
const char *from, size_t fromlen); const char *from, size_t fromlen);
int crypto_cipher_decrypt_cbc(const char *key, char *to, size_t tolen, int crypto_cipher_decrypt_cbc(const char *key, char *to, size_t tolen,