From 8fc6b2d0e0ff9e907daf3f277fecab3c046510c3 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 4 Mar 2019 17:31:28 +0100 Subject: [PATCH] openssl: Generalize the GCM implementation a bit This will allow us to use the implementation also for other algorithms. --- src/libstrongswan/plugins/openssl/Makefile.am | 2 +- .../openssl/{openssl_gcm.c => openssl_aead.c} | 21 ++++++++++++------- .../openssl/{openssl_gcm.h => openssl_aead.h} | 14 ++++++------- .../plugins/openssl/openssl_plugin.c | 4 ++-- 4 files changed, 24 insertions(+), 17 deletions(-) rename src/libstrongswan/plugins/openssl/{openssl_gcm.c => openssl_aead.c} (89%) rename src/libstrongswan/plugins/openssl/{openssl_gcm.h => openssl_aead.h} (76%) diff --git a/src/libstrongswan/plugins/openssl/Makefile.am b/src/libstrongswan/plugins/openssl/Makefile.am index d484092e7e..7b83890fa0 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.am +++ b/src/libstrongswan/plugins/openssl/Makefile.am @@ -29,7 +29,7 @@ libstrongswan_openssl_la_SOURCES = \ openssl_pkcs12.c openssl_pkcs12.h \ openssl_rng.c openssl_rng.h \ openssl_hmac.c openssl_hmac.h \ - openssl_gcm.c openssl_gcm.h \ + openssl_aead.c openssl_aead.h \ openssl_x_diffie_hellman.c openssl_x_diffie_hellman.h \ openssl_ed_private_key.c openssl_ed_private_key.h \ openssl_ed_public_key.c openssl_ed_public_key.h diff --git a/src/libstrongswan/plugins/openssl/openssl_gcm.c b/src/libstrongswan/plugins/openssl/openssl_aead.c similarity index 89% rename from src/libstrongswan/plugins/openssl/openssl_gcm.c rename to src/libstrongswan/plugins/openssl/openssl_aead.c index 4b096f0493..1d5b8fc6aa 100644 --- a/src/libstrongswan/plugins/openssl/openssl_gcm.c +++ b/src/libstrongswan/plugins/openssl/openssl_aead.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Tobias Brunner + * Copyright (C) 2013-2019 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -17,11 +17,18 @@ #if OPENSSL_VERSION_NUMBER >= 0x1000100fL -#include "openssl_gcm.h" +#include "openssl_aead.h" #include #include +/* the generic AEAD identifiers were added with 1.1.0 */ +#ifndef EVP_CTRL_AEAD_SET_IVLEN +#define EVP_CTRL_AEAD_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN +#define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG +#define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG +#endif + /** as defined in RFC 4106 */ #define IV_LEN 8 #define SALT_LEN 4 @@ -82,12 +89,12 @@ static bool crypt(private_aead_t *this, chunk_t data, chunk_t assoc, chunk_t iv, ctx = EVP_CIPHER_CTX_new(); EVP_CIPHER_CTX_set_padding(ctx, 0); if (!EVP_CipherInit_ex(ctx, this->cipher, NULL, NULL, NULL, enc) || - !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, NONCE_LEN, NULL) || + !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, NONCE_LEN, NULL) || !EVP_CipherInit_ex(ctx, NULL, NULL, this->key.ptr, nonce, enc)) { goto done; } - if (!enc && !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, this->icv_size, + if (!enc && !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, this->icv_size, data.ptr + data.len)) { /* set ICV for verification on decryption */ goto done; @@ -101,7 +108,7 @@ static bool crypt(private_aead_t *this, chunk_t data, chunk_t assoc, chunk_t iv, { /* EVP_CipherFinal_ex fails if ICV is incorrect on decryption */ goto done; } - if (enc && !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, this->icv_size, + if (enc && !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, this->icv_size, out + data.len)) { /* copy back the ICV when encrypting */ goto done; @@ -202,8 +209,8 @@ METHOD(aead_t, destroy, void, /* * Described in header */ -aead_t *openssl_gcm_create(encryption_algorithm_t algo, - size_t key_size, size_t salt_size) +aead_t *openssl_aead_create(encryption_algorithm_t algo, + size_t key_size, size_t salt_size) { private_aead_t *this; diff --git a/src/libstrongswan/plugins/openssl/openssl_gcm.h b/src/libstrongswan/plugins/openssl/openssl_aead.h similarity index 76% rename from src/libstrongswan/plugins/openssl/openssl_gcm.h rename to src/libstrongswan/plugins/openssl/openssl_aead.h index a64c901292..b820ed2a09 100644 --- a/src/libstrongswan/plugins/openssl/openssl_gcm.h +++ b/src/libstrongswan/plugins/openssl/openssl_aead.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Tobias Brunner + * Copyright (C) 2013-2019 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -14,14 +14,14 @@ */ /** - * Implements the aead_t interface using OpenSSL in GCM mode. + * Implements the aead_t interface using OpenSSL. * - * @defgroup openssl_gcm openssl_gcm + * @defgroup openssl_aead openssl_aead * @{ @ingroup openssl_p */ -#ifndef OPENSSL_GCM_H_ -#define OPENSSL_GCM_H_ +#ifndef OPENSSL_AEAD_H_ +#define OPENSSL_AEAD_H_ #include @@ -33,7 +33,7 @@ * @param salt_size size of implicit salt length * @return aead_t object, NULL if not supported */ -aead_t *openssl_gcm_create(encryption_algorithm_t algo, size_t key_size, +aead_t *openssl_aead_create(encryption_algorithm_t algo, size_t key_size, size_t salt_size); -#endif /** OPENSSL_GCM_H_ @}*/ +#endif /** OPENSSL_AEAD_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index cbeb6c3b71..0661fdbc5f 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -46,7 +46,7 @@ #include "openssl_pkcs12.h" #include "openssl_rng.h" #include "openssl_hmac.h" -#include "openssl_gcm.h" +#include "openssl_aead.h" #include "openssl_x_diffie_hellman.h" #include "openssl_ed_public_key.h" #include "openssl_ed_private_key.h" @@ -583,7 +583,7 @@ METHOD(plugin_t, get_features, int, #if OPENSSL_VERSION_NUMBER >= 0x1000100fL #ifndef OPENSSL_NO_AES /* AES GCM */ - PLUGIN_REGISTER(AEAD, openssl_gcm_create), + PLUGIN_REGISTER(AEAD, openssl_aead_create), PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16), PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24), PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32), -- 2.39.2