gcrypt: Return correct IV length (0) for ECB mode

author Tobias Brunner <tobias@strongswan.org>

Tue, 13 Sep 2022 13:26:47 +0000 (15:26 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Thu, 15 Sep 2022 10:16:12 +0000 (12:16 +0200)
author Tobias Brunner <tobias@strongswan.org>
Tue, 13 Sep 2022 13:26:47 +0000 (15:26 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Thu, 15 Sep 2022 10:16:12 +0000 (12:16 +0200)
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c

index 81f615cde1cda1cb5e9ffa684a73f92cf76ca855..8933c6978e54bdb1faf31848940bebbfa50c2899 100644 (file)
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
@@ -45,7 +45,7 @@ struct private_gcrypt_crypter_t {
         /**
          * are we using counter mode?
          */
-       bool ctr_mode;
+       int mode;
  
         /**
          * counter state
@@ -62,13 +62,17 @@ struct private_gcrypt_crypter_t {
   */
  static bool set_iv(private_gcrypt_crypter_t *this, chunk_t iv)
  {
-       if (this->ctr_mode)
+       if (this->mode == GCRY_CIPHER_MODE_CTR)
         {
                 memcpy(this->ctr.iv, iv.ptr, sizeof(this->ctr.iv));
                 this->ctr.counter = htonl(1);
                 return gcry_cipher_setctr(this->h, &this->ctr, sizeof(this->ctr)) == 0;
         }
-       return gcry_cipher_setiv(this->h, iv.ptr, iv.len) == 0;
+       if (iv.len)
+       {
+               return gcry_cipher_setiv(this->h, iv.ptr, iv.len) == 0;
+       }
+       return TRUE;
  }
  
  METHOD(crypter_t, decrypt, bool,
@@ -108,7 +112,7 @@ METHOD(crypter_t, get_block_size, size_t,
  {
         size_t len = 0;
  
-       if (this->ctr_mode)
+       if (this->mode == GCRY_CIPHER_MODE_CTR)
         {       /* counter mode does not need any padding */
                 return 1;
         }
@@ -121,9 +125,14 @@ METHOD(crypter_t, get_iv_size, size_t,
  {
         size_t len = 0;
  
-       if (this->ctr_mode)
+       switch (this->mode)
         {
-               return sizeof(this->ctr.iv);
+               case GCRY_CIPHER_MODE_CTR:
+                       return sizeof(this->ctr.iv);
+               case GCRY_CIPHER_MODE_ECB:
+                       return 0;
+               default:
+                       break;
         }
         gcry_cipher_algo_info(this->alg, GCRYCTL_GET_BLKLEN, NULL, &len);
         return len;
@@ -135,7 +144,7 @@ METHOD(crypter_t, get_key_size, size_t,
         size_t len = 0;
  
         gcry_cipher_algo_info(this->alg, GCRYCTL_GET_KEYLEN, NULL, &len);
-       if (this->ctr_mode)
+       if (this->mode == GCRY_CIPHER_MODE_CTR)
         {
                 return len + sizeof(this->ctr.nonce);
         }
@@ -145,7 +154,7 @@ METHOD(crypter_t, get_key_size, size_t,
  METHOD(crypter_t, set_key, bool,
         private_gcrypt_crypter_t *this, chunk_t key)
  {
-       if (this->ctr_mode)
+       if (this->mode == GCRY_CIPHER_MODE_CTR)
         {
                 /* last 4 bytes are the nonce */
                 memcpy(this->ctr.nonce, key.ptr + key.len - sizeof(this->ctr.nonce),
@@ -308,7 +317,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
                         },
                 },
                 .alg = gcrypt_alg,
-               .ctr_mode = mode == GCRY_CIPHER_MODE_CTR,
+               .mode = mode,
         );
  
         err = gcry_cipher_open(&this->h, gcrypt_alg, mode, 0);
author	Tobias Brunner <tobias@strongswan.org>
	Tue, 13 Sep 2022 13:26:47 +0000 (15:26 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Thu, 15 Sep 2022 10:16:12 +0000 (12:16 +0200)