Browse Source

changed aes transform to cipher text stealing mode

pull/380/head
Logan007 4 years ago
parent
commit
b4f9caa00b
  1. 8
      include/aes.h
  2. 14
      src/aes.c
  3. 6
      src/transform_aes.c

8
include/aes.h

@ -28,6 +28,10 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#define AES_BLOCK_SIZE 16
#define AES_IV_SIZE (AES_BLOCK_SIZE)
#define AES256_KEY_BYTES (256/8)
#define AES192_KEY_BYTES (192/8)
#define AES128_KEY_BYTES (128/8)
@ -48,10 +52,10 @@ typedef struct aes_context_t {
int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len,
unsigned char *iv, aes_context_t *ctx);
const unsigned char *iv, aes_context_t *ctx);
int aes_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len,
unsigned char *iv, aes_context_t *ctx);
const unsigned char *iv, aes_context_t *ctx);
int aes_ecb_decrypt (unsigned char *out, const unsigned char *in, aes_context_t *ctx);

14
src/aes.c

@ -45,7 +45,7 @@ static char *openssl_err_as_string (void) {
/* ****************************************************** */
int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len,
unsigned char *iv, aes_context_t *ctx) {
const unsigned char *iv, aes_context_t *ctx) {
#ifdef HAVE_OPENSSL_1_1
int evp_len;
@ -75,20 +75,21 @@ int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len,
EVP_CIPHER_CTX_reset(ctx->enc_ctx);
#else
uint8_t tmp_iv[AES_IV_SIZE];
memcpy (tmp_iv, iv, AES_IV_SIZE);
AES_cbc_encrypt(in, // source
out, // destination
in_len, // enc size
&(ctx->enc_key),
iv,
tmp_iv,
AES_ENCRYPT);
memset(iv, 0, AES_BLOCK_SIZE);
#endif
}
/* ****************************************************** */
int aes_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len,
unsigned char *iv, aes_context_t *ctx) {
const unsigned char *iv, aes_context_t *ctx) {
#ifdef HAVE_OPENSSL_1_1
int evp_len;
@ -118,13 +119,14 @@ int aes_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len,
EVP_CIPHER_CTX_reset(ctx->dec_ctx);
#else
uint8_t tmp_iv[AES_IV_SIZE];
memcpy (tmp_iv, iv, AES_IV_SIZE);
AES_cbc_encrypt(in, // source
out, // destination
in_len, // enc size
&(ctx->dec_key),
iv,
tmp_iv,
AES_DECRYPT);
memset(iv, 0, AES_BLOCK_SIZE);
#endif
return 0;

6
src/transform_aes.c

@ -22,8 +22,6 @@
#ifdef N2N_HAVE_AES
#define AES_BLOCK_SIZE 16
// size of random value prepended to plaintext defaults to AES BLOCK_SIZE;
// gradually abandoning security, lower values could be chosen;
// however, minimum transmission size with cipher text stealing scheme is one
@ -31,11 +29,9 @@
// might encounter an issue with lower values here
#define AES_PREAMBLE_SIZE (AES_BLOCK_SIZE)
#define AES_IV_SIZE (AES_BLOCK_SIZE)
// cbc mode is being used with random value prepended to plaintext
// instead of iv so, actual iv is null_iv
uint8_t null_iv[AES_IV_SIZE] = {0};
const uint8_t null_iv[AES_IV_SIZE] = {0};
typedef struct transop_aes {
aes_context_t *ctx;

Loading…
Cancel
Save