diff options
| author | Michael Brown <mcb30@ipxe.org> | 2022-10-24 16:52:24 +0100 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2022-10-25 13:21:28 +0100 |
| commit | 8e478e648fb68ac6f07e4e5cd80a5c1fefcb1cf5 (patch) | |
| tree | 59d27d4c71ed6c92b24d7fd6e007ed16e6379399 | |
| parent | 52f72d298abd81a6102ddddf2fff4918e4b077ce (diff) | |
| download | ipxe-8e478e648fb68ac6f07e4e5cd80a5c1fefcb1cf5.zip ipxe-8e478e648fb68ac6f07e4e5cd80a5c1fefcb1cf5.tar.gz ipxe-8e478e648fb68ac6f07e4e5cd80a5c1fefcb1cf5.tar.bz2 | |
[crypto] Allow initialisation vector length to vary from cipher blocksize
Signed-off-by: Michael Brown <mcb30@ipxe.org>
| -rw-r--r-- | src/crypto/crypto_null.c | 3 | ||||
| -rw-r--r-- | src/include/ipxe/cbc.h | 10 | ||||
| -rw-r--r-- | src/include/ipxe/crypto.h | 9 | ||||
| -rw-r--r-- | src/include/ipxe/ecb.h | 5 | ||||
| -rw-r--r-- | src/net/peerblk.c | 3 | ||||
| -rw-r--r-- | src/net/tls.c | 4 | ||||
| -rw-r--r-- | src/tests/cipher_test.c | 6 |
7 files changed, 24 insertions, 16 deletions
diff --git a/src/crypto/crypto_null.c b/src/crypto/crypto_null.c index 9107717..ef6041b 100644 --- a/src/crypto/crypto_null.c +++ b/src/crypto/crypto_null.c @@ -61,7 +61,8 @@ int cipher_null_setkey ( void *ctx __unused, const void *key __unused, return 0; } -void cipher_null_setiv ( void *ctx __unused, const void *iv __unused ) { +void cipher_null_setiv ( void *ctx __unused, const void *iv __unused, + size_t ivlen __unused ) { /* Do nothing */ } diff --git a/src/include/ipxe/cbc.h b/src/include/ipxe/cbc.h index 18a94e1..5c87403 100644 --- a/src/include/ipxe/cbc.h +++ b/src/include/ipxe/cbc.h @@ -33,12 +33,15 @@ static inline int cbc_setkey ( void *ctx, const void *key, size_t keylen, * * @v ctx Context * @v iv Initialisation vector + * @v ivlen Initialisation vector length * @v raw_cipher Underlying cipher algorithm * @v cbc_ctx CBC context */ -static inline void cbc_setiv ( void *ctx __unused, const void *iv, +static inline void cbc_setiv ( void *ctx __unused, + const void *iv, size_t ivlen, struct cipher_algorithm *raw_cipher, void *cbc_ctx ) { + assert ( ivlen == raw_cipher->blocksize ); memcpy ( cbc_ctx, iv, raw_cipher->blocksize ); } @@ -70,9 +73,10 @@ static int _cbc_name ## _setkey ( void *ctx, const void *key, \ return cbc_setkey ( &_cbc_name ## _ctx->raw_ctx, key, keylen, \ &_raw_cipher, &_cbc_name ## _ctx->cbc_ctx );\ } \ -static void _cbc_name ## _setiv ( void *ctx, const void *iv ) { \ +static void _cbc_name ## _setiv ( void *ctx, const void *iv, \ + size_t ivlen ) { \ struct _cbc_name ## _context * _cbc_name ## _ctx = ctx; \ - cbc_setiv ( &_cbc_name ## _ctx->raw_ctx, iv, \ + cbc_setiv ( &_cbc_name ## _ctx->raw_ctx, iv, ivlen, \ &_raw_cipher, &aes_cbc_ctx->cbc_ctx ); \ } \ static void _cbc_name ## _encrypt ( void *ctx, const void *src, \ diff --git a/src/include/ipxe/crypto.h b/src/include/ipxe/crypto.h index 34ab389..931be05 100644 --- a/src/include/ipxe/crypto.h +++ b/src/include/ipxe/crypto.h @@ -64,8 +64,9 @@ struct cipher_algorithm { * * @v ctx Context * @v iv Initialisation vector + * @v ivlen Initialisation vector length */ - void ( * setiv ) ( void *ctx, const void *iv ); + void ( * setiv ) ( void *ctx, const void *iv, size_t ivlen ); /** Encrypt data * * @v ctx Context @@ -190,8 +191,8 @@ static inline int cipher_setkey ( struct cipher_algorithm *cipher, } static inline void cipher_setiv ( struct cipher_algorithm *cipher, - void *ctx, const void *iv ) { - cipher->setiv ( ctx, iv ); + void *ctx, const void *iv, size_t ivlen ) { + cipher->setiv ( ctx, iv, ivlen ); } static inline void cipher_encrypt ( struct cipher_algorithm *cipher, @@ -268,7 +269,7 @@ extern void digest_null_update ( void *ctx, const void *src, size_t len ); extern void digest_null_final ( void *ctx, void *out ); extern int cipher_null_setkey ( void *ctx, const void *key, size_t keylen ); -extern void cipher_null_setiv ( void *ctx, const void *iv ); +extern void cipher_null_setiv ( void *ctx, const void *iv, size_t ivlen ); extern void cipher_null_encrypt ( void *ctx, const void *src, void *dst, size_t len ); extern void cipher_null_decrypt ( void *ctx, const void *src, void *dst, diff --git a/src/include/ipxe/ecb.h b/src/include/ipxe/ecb.h index 4e6aa3c..6c40c61 100644 --- a/src/include/ipxe/ecb.h +++ b/src/include/ipxe/ecb.h @@ -31,8 +31,9 @@ static int _ecb_name ## _setkey ( void *ctx, const void *key, \ size_t keylen ) { \ return cipher_setkey ( &_raw_cipher, ctx, key, keylen ); \ } \ -static void _ecb_name ## _setiv ( void *ctx, const void *iv ) { \ - cipher_setiv ( &_raw_cipher, ctx, iv ); \ +static void _ecb_name ## _setiv ( void *ctx, const void *iv, \ + size_t ivlen ) { \ + cipher_setiv ( &_raw_cipher, ctx, iv, ivlen ); \ } \ static void _ecb_name ## _encrypt ( void *ctx, const void *src, \ void *dst, size_t len ) { \ diff --git a/src/net/peerblk.c b/src/net/peerblk.c index f8994f4..bbd5f16 100644 --- a/src/net/peerblk.c +++ b/src/net/peerblk.c @@ -1033,7 +1033,8 @@ static int peerblk_parse_iv ( struct peerdist_block *peerblk, size_t buf_len, } /* Set initialisation vector */ - cipher_setiv ( peerblk->cipher, peerblk->cipherctx, msg->msg.iv.data ); + cipher_setiv ( peerblk->cipher, peerblk->cipherctx, msg->msg.iv.data, + blksize ); return 0; } diff --git a/src/net/tls.c b/src/net/tls.c index 4aa4d9e..3545f12 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -717,14 +717,14 @@ static int tls_generate_keys ( struct tls_connection *tls ) { /* TX initialisation vector */ cipher_setiv ( tx_cipherspec->suite->cipher, - tx_cipherspec->cipher_ctx, key ); + tx_cipherspec->cipher_ctx, key, iv_size ); DBGC ( tls, "TLS %p TX IV:\n", tls ); DBGC_HD ( tls, key, iv_size ); key += iv_size; /* RX initialisation vector */ cipher_setiv ( rx_cipherspec->suite->cipher, - rx_cipherspec->cipher_ctx, key ); + rx_cipherspec->cipher_ctx, key, iv_size ); DBGC ( tls, "TLS %p RX IV:\n", tls ); DBGC_HD ( tls, key, iv_size ); key += iv_size; diff --git a/src/tests/cipher_test.c b/src/tests/cipher_test.c index 800d6c1..5361502 100644 --- a/src/tests/cipher_test.c +++ b/src/tests/cipher_test.c @@ -61,7 +61,7 @@ void cipher_encrypt_okx ( struct cipher_test *test, const char *file, /* Initialise cipher */ okx ( cipher_setkey ( cipher, ctx, test->key, test->key_len ) == 0, file, line ); - cipher_setiv ( cipher, ctx, test->iv ); + cipher_setiv ( cipher, ctx, test->iv, test->iv_len ); /* Perform encryption */ cipher_encrypt ( cipher, ctx, test->plaintext, ciphertext, len ); @@ -87,7 +87,7 @@ void cipher_decrypt_okx ( struct cipher_test *test, const char *file, /* Initialise cipher */ okx ( cipher_setkey ( cipher, ctx, test->key, test->key_len ) == 0, file, line ); - cipher_setiv ( cipher, ctx, test->iv ); + cipher_setiv ( cipher, ctx, test->iv, test->iv_len ); /* Perform encryption */ cipher_decrypt ( cipher, ctx, test->ciphertext, plaintext, len ); @@ -143,7 +143,7 @@ cipher_cost ( struct cipher_algorithm *cipher, size_t key_len, /* Initialise cipher */ rc = cipher_setkey ( cipher, ctx, key, key_len ); assert ( rc == 0 ); - cipher_setiv ( cipher, ctx, iv ); + cipher_setiv ( cipher, ctx, iv, sizeof ( iv ) ); /* Profile cipher operation */ memset ( &profiler, 0, sizeof ( profiler ) ); |