while (i--)
{
- crypter->encrypt(crypter,
- chunk_create(buffer, sizeof(buffer) / bs * bs),
- chunk_create(iv, crypter->get_iv_size(crypter)), NULL);
+ if (!crypter->encrypt(crypter,
+ chunk_create(buffer, sizeof(buffer) / bs * bs),
+ chunk_create(iv, crypter->get_iv_size(crypter)), NULL))
+ {
+ continue;
+ }
crypter->decrypt(crypter,
chunk_create(buffer, sizeof(buffer) / bs * bs),
chunk_create(iv, crypter->get_iv_size(crypter)), NULL);
for (i = 0; i < 3; i++)
{
chunk_t expanded, encrypted;
+
expanded = ExpandDESKey(keys[i]);
crypter->set_key(crypter, expanded);
- crypter->encrypt(crypter, challenge_hash, chunk_empty, &encrypted);
+ if (!crypter->encrypt(crypter, challenge_hash, chunk_empty, &encrypted))
+ {
+ chunk_clear(&expanded);
+ crypter->destroy(crypter);
+ return FAILED;
+ }
memcpy(&response->ptr[i * 8], encrypted.ptr, encrypted.len);
chunk_clear(&encrypted);
chunk_clear(&expanded);
private_aead_t *this, chunk_t plain, chunk_t assoc, chunk_t iv,
chunk_t *encrypted)
{
- this->crypter->encrypt(this->crypter, plain, iv, encrypted);
- return TRUE;
+ return this->crypter->encrypt(this->crypter, plain, iv, encrypted);
}
METHOD(aead_t, decrypt, bool,
out = chunk_skip(out, iv.len);
/* inline encryption */
- crypter->encrypt(crypter, encr, iv, NULL);
+ if (!crypter->encrypt(crypter, encr, iv, NULL))
+ {
+ return FALSE;
+ }
/* add ENCR_DATA attribute */
hdr = (attr_hdr_t*)out.ptr;
if (encrypted)
{
- this->crypter->encrypt(this->crypter, plain, iv, &encr);
+ if (!this->crypter->encrypt(this->crypter, plain, iv, &encr))
+ {
+ return FALSE;
+ }
if (!this->signer->allocate_signature(this->signer, encr, &sig))
{
+ free(encr.ptr);
return FALSE;
}
*encrypted = chunk_cat("cmm", iv, encr, sig);
}
else
{
- this->crypter->encrypt(this->crypter, plain, iv, NULL);
- if (!this->signer->get_signature(this->signer,
+ if (!this->crypter->encrypt(this->crypter, plain, iv, NULL) ||
+ !this->signer->get_signature(this->signer,
plain, plain.ptr + plain.len))
{
return FALSE;
* @param data data to encrypt
* @param iv initializing vector
* @param encrypted chunk to allocate encrypted data, or NULL
+ * @return TRUE if encryption successful
*/
- void (*encrypt) (crypter_t *this, chunk_t data, chunk_t iv,
+ __attribute__((warn_unused_result))
+ bool (*encrypt) (crypter_t *this, chunk_t data, chunk_t iv,
chunk_t *encrypted);
/**
start_timing(&start);
while (end_timing(&start) < this->bench_time)
{
- crypter->encrypt(crypter, buf, chunk_from_thing(iv), NULL);
- runs++;
+ if (crypter->encrypt(crypter, buf, chunk_from_thing(iv), NULL))
+ {
+ runs++;
+ }
crypter->decrypt(crypter, buf, chunk_from_thing(iv), NULL);
runs++;
}
/* allocated encryption */
plain = chunk_create(vector->plain, vector->len);
- crypter->encrypt(crypter, plain, iv, &cipher);
+ if (!crypter->encrypt(crypter, plain, iv, &cipher))
+ {
+ failed = TRUE;
+ }
if (!memeq(vector->cipher, cipher.ptr, cipher.len))
{
failed = TRUE;
failed = TRUE;
}
/* inline encryption */
- crypter->encrypt(crypter, plain, iv, NULL);
+ if (!crypter->encrypt(crypter, plain, iv, NULL))
+ {
+ failed = TRUE;
+ }
if (!memeq(vector->cipher, plain.ptr, plain.len))
{
failed = TRUE;
/* symmetric encryption of data object */
crypter->set_key(crypter, symmetricKey);
- crypter->encrypt(crypter, in, iv, &out);
+ if (!crypter->encrypt(crypter, in, iv, &out))
+ {
+ crypter->destroy(crypter);
+ chunk_clear(&in);
+ chunk_clear(&symmetricKey);
+ chunk_free(&iv);
+ return FALSE;
+ }
crypter->destroy(crypter);
chunk_clear(&in);
DBG3(DBG_LIB, " encrypted data: %B", &out);
}
}
-METHOD(crypter_t, encrypt, void,
+METHOD(crypter_t, encrypt, bool,
private_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
int pos;
out+=16;
pos+=16;
}
+ return TRUE;
}
METHOD(crypter_t, get_block_size, size_t,
}
}
-METHOD(crypter_t, encrypt, void,
+METHOD(crypter_t, encrypt, bool,
private_af_alg_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
if (dst)
{
this->ops->crypt(this->ops, ALG_OP_ENCRYPT, iv, data, data.ptr);
}
+ return TRUE;
}
METHOD(crypter_t, get_block_size, size_t,
free(iv.ptr);
}
-METHOD(crypter_t, encrypt, void,
+METHOD(crypter_t, encrypt, bool,
private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
chunk_t *encrypted)
{
BF_cbc_encrypt(in, out, data.len, &this->schedule, iv.ptr, 1);
free(iv.ptr);
+
+ return TRUE;
}
METHOD(crypter_t, get_block_size, size_t,
/**
* En-/Decrypt data
*/
-static void crypt_data(private_ccm_aead_t *this, chunk_t iv,
+static bool crypt_data(private_ccm_aead_t *this, chunk_t iv,
chunk_t in, chunk_t out)
{
char ctr[BLOCK_SIZE];
while (in.len > 0)
{
memcpy(block, ctr, BLOCK_SIZE);
- this->crypter->encrypt(this->crypter, chunk_from_thing(block),
- chunk_from_thing(zero), NULL);
+ if (!this->crypter->encrypt(this->crypter, chunk_from_thing(block),
+ chunk_from_thing(zero), NULL))
+ {
+ return FALSE;
+ }
chunk_increment(chunk_from_thing(ctr));
if (in.ptr != out.ptr)
in = chunk_skip(in, BLOCK_SIZE);
out = chunk_skip(out, BLOCK_SIZE);
}
+ return TRUE;
}
/**
* En-/Decrypt the ICV
*/
-static void crypt_icv(private_ccm_aead_t *this, chunk_t iv, char *icv)
+static bool crypt_icv(private_ccm_aead_t *this, chunk_t iv, char *icv)
{
char ctr[BLOCK_SIZE];
char zero[BLOCK_SIZE];
build_ctr(this, 0, iv, ctr);
memset(zero, 0, BLOCK_SIZE);
- this->crypter->encrypt(this->crypter, chunk_from_thing(ctr),
- chunk_from_thing(zero), NULL);
+ if (!this->crypter->encrypt(this->crypter, chunk_from_thing(ctr),
+ chunk_from_thing(zero), NULL))
+ {
+ return FALSE;
+ }
memxor(icv, ctr, this->icv_size);
+ return TRUE;
}
/**
* Create the ICV
*/
-static void create_icv(private_ccm_aead_t *this, chunk_t plain, chunk_t assoc,
+static bool create_icv(private_ccm_aead_t *this, chunk_t plain, chunk_t assoc,
chunk_t iv, char *icv)
{
char zero[BLOCK_SIZE];
memset(pos, 0, len);
/* encrypt inline with CBC, zero IV */
- this->crypter->encrypt(this->crypter, chunk, chunk_from_thing(zero), NULL);
+ if (!this->crypter->encrypt(this->crypter, chunk,
+ chunk_from_thing(zero), NULL))
+ {
+ free(chunk.ptr);
+ return FALSE;
+ }
/* copy last icv_size bytes as ICV to output */
memcpy(icv, chunk.ptr + chunk.len - BLOCK_SIZE, this->icv_size);
- /* encrypt the ICV value */
- crypt_icv(this, iv, icv);
-
free(chunk.ptr);
+
+ /* encrypt the ICV value */
+ return crypt_icv(this, iv, icv);
}
/**
{
char buf[this->icv_size];
- create_icv(this, plain, assoc, iv, buf);
-
- return memeq(buf, icv, this->icv_size);
+ return create_icv(this, plain, assoc, iv, buf) &&
+ memeq(buf, icv, this->icv_size);
}
METHOD(aead_t, encrypt, bool,
if (encrypted)
{
*encrypted = chunk_alloc(plain.len + this->icv_size);
- create_icv(this, plain, assoc, iv, encrypted->ptr + plain.len);
- crypt_data(this, iv, plain, *encrypted);
- }
- else
- {
- create_icv(this, plain, assoc, iv, plain.ptr + plain.len);
- crypt_data(this, iv, plain, plain);
+ return create_icv(this, plain, assoc, iv, encrypted->ptr + plain.len) &&
+ crypt_data(this, iv, plain, *encrypted);
}
- return TRUE;
+ return create_icv(this, plain, assoc, iv, plain.ptr + plain.len) &&
+ crypt_data(this, iv, plain, plain);
}
METHOD(aead_t, decrypt, bool,
if (plain)
{
*plain = chunk_alloc(encrypted.len);
- crypt_data(this, iv, encrypted, *plain);
- return verify_icv(this, *plain, assoc, iv,
- encrypted.ptr + encrypted.len);
- }
- else
- {
- crypt_data(this, iv, encrypted, encrypted);
- return verify_icv(this, encrypted, assoc, iv,
+ return crypt_data(this, iv, encrypted, *plain) &&
+ verify_icv(this, *plain, assoc, iv,
encrypted.ptr + encrypted.len);
}
+ return crypt_data(this, iv, encrypted, encrypted) &&
+ verify_icv(this, encrypted, assoc, iv,
+ encrypted.ptr + encrypted.len);
}
METHOD(aead_t, get_block_size, size_t,
/**
* process supplied data, but do not run final operation
*/
-static void update(private_mac_t *this, chunk_t data)
+static bool update(private_mac_t *this, chunk_t data)
{
chunk_t iv;
{ /* no complete block (or last block), just copy into remaining */
memcpy(this->remaining + this->remaining_bytes, data.ptr, data.len);
this->remaining_bytes += data.len;
- return;
+ return TRUE;
}
iv = chunk_alloca(this->b);
this->b - this->remaining_bytes);
data = chunk_skip(data, this->b - this->remaining_bytes);
memxor(this->t, this->remaining, this->b);
- this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
+ if (!this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL))
+ {
+ return FALSE;
+ }
/* process blocks M_2 ... M_n-1 */
while (data.len > this->b)
memcpy(this->remaining, data.ptr, this->b);
data = chunk_skip(data, this->b);
memxor(this->t, this->remaining, this->b);
- this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
+ if (!this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL))
+ {
+ return FALSE;
+ }
}
/* store remaining bytes of block M_n */
memcpy(this->remaining, data.ptr, data.len);
this->remaining_bytes = data.len;
+
+ return TRUE;
}
/**
* process last block M_last
*/
-static void final(private_mac_t *this, u_int8_t *out)
+static bool final(private_mac_t *this, u_int8_t *out)
{
chunk_t iv;
* T := AES-128(K,T);
*/
memxor(this->t, this->remaining, this->b);
- this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
+ if (!this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL))
+ {
+ return FALSE;
+ }
memcpy(out, this->t, this->b);
/* reset state */
memset(this->t, 0, this->b);
this->remaining_bytes = 0;
+
+ return TRUE;
}
METHOD(mac_t, get_mac, bool,
private_mac_t *this, chunk_t data, u_int8_t *out)
{
/* update T, do not process last block */
- update(this, data);
+ if (!update(this, data))
+ {
+ return FALSE;
+ }
if (out)
{ /* if not in append mode, process last block and output result */
- final(this, out);
+ return final(this, out);
}
return TRUE;
}
l = chunk_alloca(this->b);
memset(l.ptr, 0, l.len);
this->k->set_key(this->k, resized);
- this->k->encrypt(this->k, l, iv, NULL);
+ if (!this->k->encrypt(this->k, l, iv, NULL))
+ {
+ return FALSE;
+ }
derive_key(l);
memcpy(this->k1, l.ptr, l.len);
derive_key(l);
/**
* Do the CTR crypto operation
*/
-static void crypt_ctr(private_ctr_ipsec_crypter_t *this,
+static bool crypt_ctr(private_ctr_ipsec_crypter_t *this,
chunk_t in, chunk_t out)
{
size_t is, bs;
memset(iv, 0, is);
memcpy(block, state.ptr, bs);
- this->crypter->encrypt(this->crypter,
- chunk_create(block, bs), chunk_create(iv, is), NULL);
+ if (!this->crypter->encrypt(this->crypter, chunk_create(block, bs),
+ chunk_create(iv, is), NULL))
+ {
+ return FALSE;
+ }
chunk_increment(state);
if (in.ptr != out.ptr)
in = chunk_skip(in, bs);
out = chunk_skip(out, bs);
}
+ return TRUE;
}
-METHOD(crypter_t, crypt, void,
+METHOD(crypter_t, crypt, bool,
private_ctr_ipsec_crypter_t *this, chunk_t in, chunk_t iv, chunk_t *out)
{
memcpy(this->state.iv, iv.ptr, sizeof(this->state.iv));
if (out)
{
*out = chunk_alloc(in.len);
- crypt_ctr(this, in, *out);
- }
- else
- {
- crypt_ctr(this, in, in);
+ return crypt_ctr(this, in, *out);
}
+ return crypt_ctr(this, in, in);
}
METHOD(crypter_t, get_block_size, size_t,
}
-METHOD(crypter_t, encrypt, void,
+METHOD(crypter_t, encrypt, bool,
private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
des_cblock ivb;
memcpy(&ivb, iv.ptr, sizeof(des_cblock));
des_cbc_encrypt((des_cblock*)(data.ptr), (des_cblock*)out,
data.len, this->ks, &ivb, DES_ENCRYPT);
+ return TRUE;
}
METHOD(crypter_t, decrypt_ecb, void,
data.len, this->ks, DES_DECRYPT);
}
-METHOD(crypter_t, encrypt_ecb, void,
+METHOD(crypter_t, encrypt_ecb, bool,
private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
u_int8_t *out;
}
des_ecb_encrypt((des_cblock*)(data.ptr), (des_cblock*)out,
data.len, this->ks, DES_ENCRYPT);
+ return TRUE;
}
METHOD(crypter_t, decrypt3, void,
&ivb, DES_DECRYPT);
}
-METHOD(crypter_t, encrypt3, void,
+METHOD(crypter_t, encrypt3, bool,
private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
des_cblock ivb;
des_ede3_cbc_encrypt((des_cblock*)(data.ptr), (des_cblock*)out,
data.len, this->ks3[0], this->ks3[1], this->ks3[2],
&ivb, DES_ENCRYPT);
+ return TRUE;
}
METHOD(crypter_t, get_block_size, size_t,
/**
* GCTR function, en-/decrypts x inline
*/
-static void gctr(private_gcm_aead_t *this, char *icb, chunk_t x)
+static bool gctr(private_gcm_aead_t *this, char *icb, chunk_t x)
{
char cb[BLOCK_SIZE], iv[BLOCK_SIZE], tmp[BLOCK_SIZE];
while (x.len)
{
memcpy(tmp, cb, BLOCK_SIZE);
- this->crypter->encrypt(this->crypter, chunk_from_thing(tmp),
- chunk_from_thing(iv), NULL);
+ if (!this->crypter->encrypt(this->crypter, chunk_from_thing(tmp),
+ chunk_from_thing(iv), NULL))
+ {
+ return FALSE;
+ }
memxor(x.ptr, tmp, min(BLOCK_SIZE, x.len));
chunk_increment(chunk_from_thing(cb));
x = chunk_skip(x, BLOCK_SIZE);
}
+ return TRUE;
}
/**
/**
* Create GHASH subkey H
*/
-static void create_h(private_gcm_aead_t *this, char *h)
+static bool create_h(private_gcm_aead_t *this, char *h)
{
char zero[BLOCK_SIZE];
memset(zero, 0, BLOCK_SIZE);
memset(h, 0, BLOCK_SIZE);
- this->crypter->encrypt(this->crypter, chunk_create(h, BLOCK_SIZE),
- chunk_from_thing(zero), NULL);
+ return this->crypter->encrypt(this->crypter, chunk_create(h, BLOCK_SIZE),
+ chunk_from_thing(zero), NULL);
}
/**
* Encrypt/decrypt
*/
-static void crypt(private_gcm_aead_t *this, char *j, chunk_t in, chunk_t out)
+static bool crypt(private_gcm_aead_t *this, char *j, chunk_t in, chunk_t out)
{
char icb[BLOCK_SIZE];
{
memcpy(out.ptr, in.ptr, in.len);
}
- gctr(this, icb, out);
+ return gctr(this, icb, out);
}
/**
* Create ICV
*/
-static void create_icv(private_gcm_aead_t *this, chunk_t assoc, chunk_t crypt,
+static bool create_icv(private_gcm_aead_t *this, chunk_t assoc, chunk_t crypt,
char *j, char *icv)
{
size_t assoc_pad, crypt_pad;
ghash(this, chunk, s);
free(chunk.ptr);
- gctr(this, j, chunk_from_thing(s));
-
+ if (!gctr(this, j, chunk_from_thing(s)))
+ {
+ return FALSE;
+ }
memcpy(icv, s, this->icv_size);
+ return TRUE;
}
/**
{
char tmp[this->icv_size];
- create_icv(this, assoc, crypt, j, tmp);
-
- return memeq(tmp, icv, this->icv_size);
+ return create_icv(this, assoc, crypt, j, tmp) &&
+ memeq(tmp, icv, this->icv_size);
}
METHOD(aead_t, encrypt, bool,
if (encrypted)
{
*encrypted = chunk_alloc(plain.len + this->icv_size);
- crypt(this, j, plain, *encrypted);
- create_icv(this, assoc,
- chunk_create(encrypted->ptr, encrypted->len - this->icv_size),
- j, encrypted->ptr + encrypted->len - this->icv_size);
- }
- else
- {
- crypt(this, j, plain, plain);
- create_icv(this, assoc, plain, j, plain.ptr + plain.len);
+ return crypt(this, j, plain, *encrypted) &&
+ create_icv(this, assoc,
+ chunk_create(encrypted->ptr, encrypted->len - this->icv_size),
+ j, encrypted->ptr + encrypted->len - this->icv_size);
}
- return TRUE;
+ return crypt(this, j, plain, plain) &&
+ create_icv(this, assoc, plain, j, plain.ptr + plain.len);
}
METHOD(aead_t, decrypt, bool,
if (plain)
{
*plain = chunk_alloc(encrypted.len);
- crypt(this, j, encrypted, *plain);
+ return crypt(this, j, encrypted, *plain);
}
- else
- {
- crypt(this, j, encrypted, encrypted);
- }
- return TRUE;
+ return crypt(this, j, encrypted, encrypted);
}
METHOD(aead_t, get_block_size, size_t,
memcpy(this->salt, key.ptr + key.len - SALT_SIZE, SALT_SIZE);
key.len -= SALT_SIZE;
this->crypter->set_key(this->crypter, key);
- create_h(this, this->h);
- return TRUE;
+ return create_h(this, this->h);
}
METHOD(aead_t, destroy, void,
/**
* Set the IV for en/decryption
*/
-static void set_iv(private_gcrypt_crypter_t *this, chunk_t iv)
+static bool set_iv(private_gcrypt_crypter_t *this, chunk_t iv)
{
if (this->ctr_mode)
{
memcpy(this->ctr.iv, iv.ptr, sizeof(this->ctr.iv));
this->ctr.counter = htonl(1);
- gcry_cipher_setctr(this->h, &this->ctr, sizeof(this->ctr));
- }
- else
- {
- gcry_cipher_setiv(this->h, iv.ptr, iv.len);
+ return gcry_cipher_setctr(this->h, &this->ctr, sizeof(this->ctr)) == 0;
}
+ return gcry_cipher_setiv(this->h, iv.ptr, iv.len) == 0;
}
METHOD(crypter_t, decrypt, void,
}
}
-METHOD(crypter_t, encrypt, void,
+METHOD(crypter_t, encrypt, bool,
private_gcrypt_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
- set_iv(this, iv);
-
- if (dst)
+ if (!set_iv(this, iv))
{
- *dst = chunk_alloc(data.len);
- gcry_cipher_encrypt(this->h, dst->ptr, dst->len, data.ptr, data.len);
+ return FALSE;
}
- else
+ if (dst)
{
- gcry_cipher_encrypt(this->h, data.ptr, data.len, NULL, 0);
+ *dst = chunk_alloc(data.len);
+ return gcry_cipher_encrypt(this->h, dst->ptr, dst->len,
+ data.ptr, data.len) == 0;
}
+ return gcry_cipher_encrypt(this->h, data.ptr, data.len, NULL, 0) == 0;
}
METHOD(crypter_t, get_block_size, size_t,
/**
* Do the actual en/decryption in an EVP context
*/
-static void crypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv,
+static bool crypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv,
chunk_t *dst, int enc)
{
int len;
}
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
- EVP_CipherInit_ex(&ctx, this->cipher, NULL, NULL, NULL, enc);
- EVP_CIPHER_CTX_set_padding(&ctx, 0); /* disable padding */
- EVP_CIPHER_CTX_set_key_length(&ctx, this->key.len);
- EVP_CipherInit_ex(&ctx, NULL, NULL, this->key.ptr, iv.ptr, enc);
- EVP_CipherUpdate(&ctx, out, &len, data.ptr, data.len);
- EVP_CipherFinal_ex(&ctx, out + len, &len); /* since padding is disabled this does nothing */
- EVP_CIPHER_CTX_cleanup(&ctx);
+ return EVP_CipherInit_ex(&ctx, this->cipher, NULL, NULL, NULL, enc) &&
+ EVP_CIPHER_CTX_set_padding(&ctx, 0) /* disable padding */ &&
+ EVP_CIPHER_CTX_set_key_length(&ctx, this->key.len) &&
+ EVP_CipherInit_ex(&ctx, NULL, NULL, this->key.ptr, iv.ptr, enc) &&
+ EVP_CipherUpdate(&ctx, out, &len, data.ptr, data.len) &&
+ /* since padding is disabled this does nothing */
+ EVP_CipherFinal_ex(&ctx, out + len, &len) &&
+ EVP_CIPHER_CTX_cleanup(&ctx);
}
METHOD(crypter_t, decrypt, void,
crypt(this, data, iv, dst, 0);
}
-METHOD(crypter_t, encrypt, void,
+METHOD(crypter_t, encrypt, bool,
private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
- crypt(this, data, iv, dst, 1);
+ return crypt(this, data, iv, dst, 1);
}
METHOD(crypter_t, get_block_size, size_t,
crypt(this, iv.ptr, data, dst, TRUE);
}
-METHOD(crypter_t, encrypt, void,
+METHOD(crypter_t, encrypt, bool,
private_padlock_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
crypt(this, iv.ptr, data, dst, FALSE);
+ return TRUE;
}
METHOD(crypter_t, get_block_size, size_t,
/**
* xcbc supplied data, but do not run final operation
*/
-static void update(private_mac_t *this, chunk_t data)
+static bool update(private_mac_t *this, chunk_t data)
{
chunk_t iv;
{ /* no complete block, just copy into remaining */
memcpy(this->remaining + this->remaining_bytes, data.ptr, data.len);
this->remaining_bytes += data.len;
- return;
+ return TRUE;
}
iv = chunk_alloca(this->b);
this->b - this->remaining_bytes);
data = chunk_skip(data, this->b - this->remaining_bytes);
memxor(this->e, this->remaining, this->b);
- this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL);
+ if (!this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL))
+ {
+ return FALSE;
+ }
/* process blocks M[2] ... M[n-1] */
while (data.len > this->b)
memcpy(this->remaining, data.ptr, this->b);
data = chunk_skip(data, this->b);
memxor(this->e, this->remaining, this->b);
- this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL);
+ if (!this->k1->encrypt(this->k1, chunk_create(this->e, this->b),
+ iv, NULL))
+ {
+ return FALSE;
+ }
}
/* store remaining bytes of block M[n] */
memcpy(this->remaining, data.ptr, data.len);
this->remaining_bytes = data.len;
+
+ return TRUE;
}
/**
* run last round, data is in this->e
*/
-static void final(private_mac_t *this, u_int8_t *out)
+static bool final(private_mac_t *this, u_int8_t *out)
{
chunk_t iv;
*/
memxor(this->e, this->remaining, this->b);
memxor(this->e, this->k2, this->b);
- this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL);
}
else
{
*/
memxor(this->e, this->remaining, this->b);
memxor(this->e, this->k3, this->b);
- this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL);
+ }
+ if (!this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL))
+ {
+ return FALSE;
}
memcpy(out, this->e, this->b);
memset(this->e, 0, this->b);
this->remaining_bytes = 0;
this->zero = TRUE;
+
+ return TRUE;
}
METHOD(mac_t, get_mac, bool,
private_mac_t *this, chunk_t data, u_int8_t *out)
{
/* update E, do not process last block */
- update(this, data);
+ if (!update(this, data))
+ {
+ return FALSE;
+ }
if (out)
{ /* if not in append mode, process last block and output result */
- final(this, out);
+ return final(this, out);
}
return TRUE;
}
* K2 = 0x02020202020202020202020202020202 encrypted with Key K
* K3 = 0x03030303030303030303030303030303 encrypted with Key K
*/
- this->k1->set_key(this->k1, lengthened);
+
+ memset(k1.ptr, 0x01, this->b);
memset(this->k2, 0x02, this->b);
- this->k1->encrypt(this->k1, chunk_create(this->k2, this->b), iv, NULL);
memset(this->k3, 0x03, this->b);
- this->k1->encrypt(this->k1, chunk_create(this->k3, this->b), iv, NULL);
- memset(k1.ptr, 0x01, this->b);
- this->k1->encrypt(this->k1, k1, iv, NULL);
+
+ this->k1->set_key(this->k1, lengthened);
+ if (!this->k1->encrypt(this->k1, chunk_create(this->k2, this->b), iv, NULL) ||
+ !this->k1->encrypt(this->k1, chunk_create(this->k3, this->b), iv, NULL) ||
+ !this->k1->encrypt(this->k1, k1, iv, NULL))
+ {
+ return FALSE;
+ }
this->k1->set_key(this->k1, k1);
memwipe(k1.ptr, k1.len);
*data = chunk_cat("mmcc", *data, mac, padding,
chunk_from_thing(padding_length));
/* encrypt inline */
- this->crypter_out->encrypt(this->crypter_out, *data, iv, NULL);
+ if (!this->crypter_out->encrypt(this->crypter_out, *data,
+ iv, NULL))
+ {
+ if (!this->iv_out.len)
+ {
+ free(iv.ptr);
+ }
+ free(data->ptr);
+ return FAILED;
+ }
if (this->iv_out.len)
{ /* next record IV is last ciphertext block of this record */
projects / thirdparty / strongswan.git / commitdiff
