X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/blobdiff_plain/b7886fd46ab05c97b8a072e497903622bd1d5290..refs/heads/master:/transform-cbcmac.c diff --git a/transform-cbcmac.c b/transform-cbcmac.c index ebf4702..ad9e901 100644 --- a/transform-cbcmac.c +++ b/transform-cbcmac.c @@ -1,5 +1,24 @@ /* Transform module - bulk data transformation */ +/* + * This file is part of secnet. + * See README for full list of copyright holders. + * + * secnet is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * secnet is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 3 along with secnet; if not, see + * https://www.gnu.org/licenses/gpl.html. + */ + /* For now it's hard-coded to do sequence number/pkcs5/serpent-cbcmac/serpent with a 256 bit key for each instance of serpent. We also require key material for the IVs for @@ -82,8 +101,8 @@ static void transform_delkey(void *sst) ti->keyed=False; } -static uint32_t transform_forward(void *sst, struct buffer_if *buf, - const char **errmsg) +static transform_apply_return transform_forward(void *sst, + struct buffer_if *buf, const char **errmsg) { struct transform_inst *ti=sst; uint8_t *padp; @@ -153,8 +172,8 @@ static uint32_t transform_forward(void *sst, struct buffer_if *buf, return 0; } -static uint32_t transform_reverse(void *sst, struct buffer_if *buf, - const char **errmsg) +static transform_apply_return transform_reverse(void *sst, + struct buffer_if *buf, const char **errmsg) { struct transform_inst *ti=sst; uint8_t *padp; @@ -172,7 +191,7 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf, if (buf->size < 4 + 16 + 16) { *errmsg="msg too short"; - return 1; + return transform_apply_err; } /* CBC */ @@ -184,7 +203,7 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf, /* Assert bufsize is multiple of blocksize */ if (buf->size&0xf) { *errmsg="msg not multiple of cipher blocksize"; - return 1; + return transform_apply_err; } serpentbe_encrypt(&ti->cryptkey,iv,iv); for (n=buf->start; nstart+buf->size; n+=16) @@ -212,9 +231,9 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf, serpentbe_encrypt(&ti->mackey,macplain,macacc); } serpentbe_encrypt(&ti->mackey,macacc,macacc); - if (!consttime_memeq(macexpected,macacc,16)!=0) { + if (!consttime_memeq(macexpected,macacc,16)) { *errmsg="invalid MAC"; - return 1; + return transform_apply_err; } /* PKCS5, stolen from IWJ */ @@ -223,7 +242,7 @@ static uint32_t transform_reverse(void *sst, struct buffer_if *buf, padlen=*padp; if (!padlen || (padlen > PKCS5_MASK+1)) { *errmsg="pkcs5: invalid length"; - return 1; + return transform_apply_err; } buf_unappend(buf,padlen-1); @@ -273,7 +292,7 @@ static list_t *transform_apply(closure_t *self, struct cloc loc, /* First parameter must be a dict */ item=list_elem(args,0); if (!item || item->type!=t_dict) - cfgfatal(loc,"userv-ipif","parameter must be a dictionary\n"); + cfgfatal(loc,"serpent256-cbc","parameter must be a dictionary\n"); dict=item->data.dict; @@ -337,7 +356,7 @@ void transform_cbcmac_module(dict_t *dict) const char *errmsg; int i; - tr = safe_malloc(sizeof(struct transform),"test transform"); + NEW(tr); tr->max_seq_skew = 20; ti = transform_create(tr);