narenas
/
opengnsys_ipxe
mirror of https://github.com/ipxe/ipxe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[crypto] Allow initialisation vector length to vary from cipher blocksize 

Signed-off-by: Michael Brown <mcb30@ipxe.org>
pull/785/head
Michael Brown 2022-10-24 16:52:24 +01:00
parent 52f72d298a
commit 8e478e648f
7 changed files with 24 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/crypto/crypto_null.c
View File

@ -61,7 +61,8 @@ int cipher_null_setkey ( void *ctx __unused, const void *key __unused,
return 0;
}
void cipher_null_setiv ( void *ctx __unused, const void *iv __unused ) {
void cipher_null_setiv ( void *ctx __unused, const void *iv __unused,
size_t ivlen __unused ) {
/* Do nothing */
}

10
src/include/ipxe/cbc.h
View File

@ -33,12 +33,15 @@ static inline int cbc_setkey ( void *ctx, const void *key, size_t keylen,
*
* @v ctx Context
* @v iv Initialisation vector
* @v ivlen Initialisation vector length
* @v raw_cipher Underlying cipher algorithm
* @v cbc_ctx CBC context
*/
static inline void cbc_setiv ( void *ctx __unused, const void *iv,
static inline void cbc_setiv ( void *ctx __unused,
const void *iv, size_t ivlen,
struct cipher_algorithm *raw_cipher,
void *cbc_ctx ) {
assert ( ivlen == raw_cipher->blocksize );
memcpy ( cbc_ctx, iv, raw_cipher->blocksize );
}
@ -70,9 +73,10 @@ static int _cbc_name ## _setkey ( void *ctx, const void *key, \
return cbc_setkey ( &_cbc_name ## _ctx->raw_ctx, key, keylen, \
&_raw_cipher, &_cbc_name ## _ctx->cbc_ctx );\
} \
static void _cbc_name ## _setiv ( void *ctx, const void *iv ) { \
static void _cbc_name ## _setiv ( void *ctx, const void *iv, \
size_t ivlen ) { \
struct _cbc_name ## _context * _cbc_name ## _ctx = ctx; \
cbc_setiv ( &_cbc_name ## _ctx->raw_ctx, iv, \
cbc_setiv ( &_cbc_name ## _ctx->raw_ctx, iv, ivlen, \
&_raw_cipher, &aes_cbc_ctx->cbc_ctx ); \
} \
static void _cbc_name ## _encrypt ( void *ctx, const void *src, \

9
src/include/ipxe/crypto.h
View File

@ -64,8 +64,9 @@ struct cipher_algorithm {
*
* @v ctx Context
* @v iv Initialisation vector
* @v ivlen Initialisation vector length
*/
void ( * setiv ) ( void *ctx, const void *iv );
void ( * setiv ) ( void *ctx, const void *iv, size_t ivlen );
/** Encrypt data
*
* @v ctx Context
@ -190,8 +191,8 @@ static inline int cipher_setkey ( struct cipher_algorithm *cipher,
}
static inline void cipher_setiv ( struct cipher_algorithm *cipher,
void *ctx, const void *iv ) {
cipher->setiv ( ctx, iv );
void *ctx, const void *iv, size_t ivlen ) {
cipher->setiv ( ctx, iv, ivlen );
}
static inline void cipher_encrypt ( struct cipher_algorithm *cipher,
@ -268,7 +269,7 @@ extern void digest_null_update ( void *ctx, const void *src, size_t len );
extern void digest_null_final ( void *ctx, void *out );
extern int cipher_null_setkey ( void *ctx, const void *key, size_t keylen );
extern void cipher_null_setiv ( void *ctx, const void *iv );
extern void cipher_null_setiv ( void *ctx, const void *iv, size_t ivlen );
extern void cipher_null_encrypt ( void *ctx, const void *src, void *dst,
size_t len );
extern void cipher_null_decrypt ( void *ctx, const void *src, void *dst,

5
src/include/ipxe/ecb.h
View File

@ -31,8 +31,9 @@ static int _ecb_name ## _setkey ( void *ctx, const void *key, \
size_t keylen ) { \
return cipher_setkey ( &_raw_cipher, ctx, key, keylen ); \
} \
static void _ecb_name ## _setiv ( void *ctx, const void *iv ) { \
cipher_setiv ( &_raw_cipher, ctx, iv ); \
static void _ecb_name ## _setiv ( void *ctx, const void *iv, \
size_t ivlen ) { \
cipher_setiv ( &_raw_cipher, ctx, iv, ivlen ); \
} \
static void _ecb_name ## _encrypt ( void *ctx, const void *src, \
void *dst, size_t len ) { \

3
src/net/peerblk.c
View File

@ -1033,7 +1033,8 @@ static int peerblk_parse_iv ( struct peerdist_block *peerblk, size_t buf_len,
}
/* Set initialisation vector */
cipher_setiv ( peerblk->cipher, peerblk->cipherctx, msg->msg.iv.data );
cipher_setiv ( peerblk->cipher, peerblk->cipherctx, msg->msg.iv.data,
blksize );
return 0;
}

4
src/net/tls.c
View File

@ -717,14 +717,14 @@ static int tls_generate_keys ( struct tls_connection *tls ) {
/* TX initialisation vector */
cipher_setiv ( tx_cipherspec->suite->cipher,
tx_cipherspec->cipher_ctx, key );
tx_cipherspec->cipher_ctx, key, iv_size );
DBGC ( tls, "TLS %p TX IV:\n", tls );
DBGC_HD ( tls, key, iv_size );
key += iv_size;
/* RX initialisation vector */
cipher_setiv ( rx_cipherspec->suite->cipher,
rx_cipherspec->cipher_ctx, key );
rx_cipherspec->cipher_ctx, key, iv_size );
DBGC ( tls, "TLS %p RX IV:\n", tls );
DBGC_HD ( tls, key, iv_size );
key += iv_size;

6
src/tests/cipher_test.c
View File

@ -61,7 +61,7 @@ void cipher_encrypt_okx ( struct cipher_test *test, const char *file,
/* Initialise cipher */
okx ( cipher_setkey ( cipher, ctx, test->key, test->key_len ) == 0,
file, line );
cipher_setiv ( cipher, ctx, test->iv );
cipher_setiv ( cipher, ctx, test->iv, test->iv_len );
/* Perform encryption */
cipher_encrypt ( cipher, ctx, test->plaintext, ciphertext, len );
@ -87,7 +87,7 @@ void cipher_decrypt_okx ( struct cipher_test *test, const char *file,
/* Initialise cipher */
okx ( cipher_setkey ( cipher, ctx, test->key, test->key_len ) == 0,
file, line );
cipher_setiv ( cipher, ctx, test->iv );
cipher_setiv ( cipher, ctx, test->iv, test->iv_len );
/* Perform encryption */
cipher_decrypt ( cipher, ctx, test->ciphertext, plaintext, len );
@ -143,7 +143,7 @@ cipher_cost ( struct cipher_algorithm *cipher, size_t key_len,
/* Initialise cipher */
rc = cipher_setkey ( cipher, ctx, key, key_len );
assert ( rc == 0 );
cipher_setiv ( cipher, ctx, iv );
cipher_setiv ( cipher, ctx, iv, sizeof ( iv ) );
/* Profile cipher operation */
memset ( &profiler, 0, sizeof ( profiler ) );