diff options
| -rw-r--r-- | include/ouroboros/crypt.h | 4 | ||||
| -rw-r--r-- | src/lib/crypt.c | 28 | ||||
| -rw-r--r-- | src/lib/crypt/openssl.c | 14 | ||||
| -rw-r--r-- | src/lib/crypt/openssl.h | 4 | ||||
| -rw-r--r-- | src/lib/dev.c | 24 |
5 files changed, 67 insertions, 7 deletions
diff --git a/include/ouroboros/crypt.h b/include/ouroboros/crypt.h index c463d9a8..20b3c262 100644 --- a/include/ouroboros/crypt.h +++ b/include/ouroboros/crypt.h @@ -284,6 +284,10 @@ int crypt_decrypt(struct crypt_ctx * ctx, buffer_t in, buffer_t * out); +int crypt_get_ivsz(struct crypt_ctx * ctx); + +int crypt_get_tagsz(struct crypt_ctx * ctx); + int crypt_load_crt_file(const char * path, void ** crt); diff --git a/src/lib/crypt.c b/src/lib/crypt.c index a050fe38..600f8336 100644 --- a/src/lib/crypt.c +++ b/src/lib/crypt.c @@ -619,6 +619,34 @@ void crypt_destroy_ctx(struct crypt_ctx * crypt) free(crypt); } +int crypt_get_ivsz(struct crypt_ctx * ctx) +{ + if (ctx == NULL) + return -EINVAL; + +#ifdef HAVE_OPENSSL + assert(ctx->ctx != NULL); + return openssl_crypt_get_ivsz(ctx->ctx); +#else + assert(ctx->ctx == NULL); + return -ENOTSUP; +#endif +} + +int crypt_get_tagsz(struct crypt_ctx * ctx) +{ + if (ctx == NULL) + return -EINVAL; + +#ifdef HAVE_OPENSSL + assert(ctx->ctx != NULL); + return openssl_crypt_get_tagsz(ctx->ctx); +#else + assert(ctx->ctx == NULL); + return -ENOTSUP; +#endif +} + int crypt_load_privkey_file(const char * path, void ** key) { diff --git a/src/lib/crypt/openssl.c b/src/lib/crypt/openssl.c index bd3f1239..5eee2a13 100644 --- a/src/lib/crypt/openssl.c +++ b/src/lib/crypt/openssl.c @@ -996,6 +996,20 @@ void openssl_crypt_destroy_ctx(struct ossl_crypt_ctx * ctx) free(ctx); } +int openssl_crypt_get_ivsz(struct ossl_crypt_ctx * ctx) +{ + assert(ctx != NULL); + + return ctx->ivsz; +} + +int openssl_crypt_get_tagsz(struct ossl_crypt_ctx * ctx) +{ + assert(ctx != NULL); + + return ctx->tagsz; +} + /* AUTHENTICATION */ int openssl_load_crt_file(const char * path, diff --git a/src/lib/crypt/openssl.h b/src/lib/crypt/openssl.h index c28d0b4d..083e8dde 100644 --- a/src/lib/crypt/openssl.h +++ b/src/lib/crypt/openssl.h @@ -73,6 +73,10 @@ struct ossl_crypt_ctx * openssl_crypt_create_ctx(struct crypt_sk * sk); void openssl_crypt_destroy_ctx(struct ossl_crypt_ctx * ctx); +int openssl_crypt_get_ivsz(struct ossl_crypt_ctx * ctx); + +int openssl_crypt_get_tagsz(struct ossl_crypt_ctx * ctx); + /* AUTHENTICATION */ int openssl_load_crt_file(const char * path, diff --git a/src/lib/dev.c b/src/lib/dev.c index 2c0dbf28..31f4fb78 100644 --- a/src/lib/dev.c +++ b/src/lib/dev.c @@ -100,6 +100,8 @@ struct flow { ssize_t part_idx; struct crypt_ctx * crypt; + int headsz; /* IV */ + int tailsz; /* Tag + CRC */ struct timespec snd_act; struct timespec rcv_act; @@ -269,11 +271,11 @@ static int sdb_encrypt(struct flow * flow, if (crypt_encrypt(flow->crypt, in, &out) < 0) goto fail_encrypt; - head = shm_du_buff_head_alloc(sdb, IVSZ); + head = shm_du_buff_head_alloc(sdb, flow->headsz); if (head == NULL) goto fail_alloc; - tail = shm_du_buff_tail_alloc(sdb, (out.len - in.len) - IVSZ); + tail = shm_du_buff_tail_alloc(sdb, flow->tailsz); if (tail == NULL) goto fail_alloc; @@ -305,8 +307,8 @@ static int sdb_decrypt(struct flow * flow, return -ENOMEM; - head = shm_du_buff_head_release(sdb, IVSZ) + IVSZ; - shm_du_buff_tail_release(sdb, (in.len - out.len) - IVSZ); + head = shm_du_buff_head_release(sdb, flow->headsz) + flow->headsz; + shm_du_buff_tail_release(sdb, flow->tailsz); memcpy(head, out.data, out.len); @@ -543,11 +545,15 @@ static int flow_init(struct flow_info * info, flow->snd_act = now; flow->rcv_act = now; flow->crypt = NULL; + flow->headsz = 0; + flow->tailsz = 0; if (IS_ENCRYPTED(sk)) { flow->crypt = crypt_create_ctx(sk); if (flow->crypt == NULL) goto fail_crypt; + flow->headsz = crypt_get_ivsz(flow->crypt); + flow->tailsz = crypt_get_tagsz(flow->crypt); } assert(flow->frcti == NULL); @@ -1235,10 +1241,14 @@ static int chk_crc(struct shm_du_buff * sdb) static int add_crc(struct shm_du_buff * sdb) { - uint8_t * head = shm_du_buff_head(sdb); - uint8_t * tail = shm_du_buff_tail_alloc(sdb, CRCLEN); + uint8_t * head; + uint8_t * tail; + + tail = shm_du_buff_tail_alloc(sdb, CRCLEN); if (tail == NULL) - return -1; + return -ENOMEM; + + head = shm_du_buff_head(sdb); mem_hash(HASH_CRC32, tail, head, tail - head); |