*
* This file is part of Trivial IP Encryption (TrIPE).
*
- * TrIPE is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
+ * TrIPE is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at your
+ * option) any later version.
*
- * TrIPE is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
+ * TrIPE is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
*
* You should have received a copy of the GNU General Public License
- * along with TrIPE; if not, write to the Free Software Foundation,
- * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ * along with TrIPE. If not, see <https://www.gnu.org/licenses/>.
*/
/*----- Header files ------------------------------------------------------*/
/*----- Static variables --------------------------------------------------*/
-static gmac *mac;
+static bulkchal *bchal;
static uint32 oseq;
static seqwin iseq;
-/*----- Main code ---------------------------------------------------------*/
+/*----- Challenges --------------------------------------------------------*/
/* --- @c_genkey@ --- *
*
static void c_genkey(void)
{
- if (mac && GM_CLASS(mac) == algs.m && oseq < 0x07ffffff) return;
- if (mac) GM_DESTROY(mac);
- assert(algs.mksz < sizeof(buf_t));
- rand_get(RAND_GLOBAL, buf_t, algs.mksz);
- mac = GM_KEY(algs.m, buf_t, algs.mksz);
+ bulkalgs *bulk = master->algs.bulk;
+ if (bchal && bchal->ops == bulk->ops && oseq < 0x07ffffff) return;
+ if (bchal) bchal->ops->freechal(bchal);
+ bchal = bulk->ops->genchal(bulk);
+ bchal->ops = bulk->ops;
oseq = 0;
seq_reset(&iseq);
- IF_TRACING(T_CHAL, {
- trace(T_CHAL, "chal: generated new challenge key");
- trace_block(T_CRYPTO, "chal: new key", buf_t, algs.mksz);
- })
}
/* --- @c_new@ --- *
*
- * Arguments: @buf *b@ = where to put the challenge
+ * Arguments: @const void *m@ = pointer to associated message, or null
+ * @size_t msz@ = length of associated message
+ * @buf *b@ = where to put the challenge
*
* Returns: Zero if OK, nonzero on error.
*
* Use: Issues a new challenge.
*/
-int c_new(buf *b)
+int c_new(const void *m, size_t msz, buf *b)
{
- octet *p;
- ghash *h;
+ const octet *p;
+ octet *t;
+ int rc;
c_genkey();
p = BCUR(b);
- if (buf_putu32(b, oseq++)) return (-1);
- h = GM_INIT(mac);
- GH_HASH(h, p, BCUR(b) - p);
- buf_put(b, GH_DONE(h, 0), algs.tagsz);
- GH_DESTROY(h);
- if (BBAD(b)) return (-1);
+ if (buf_putu32(b, oseq) || (t = buf_get(b, bchal->tagsz)) == 0)
+ { rc = -1; goto done; }
+ if (bchal->ops->chaltag(bchal, m, msz, oseq, t)) { rc = -1; goto done; }
IF_TRACING(T_CHAL, {
- trace(T_CHAL, "chal: issuing challenge %lu", (unsigned long)(oseq - 1));
+ trace(T_CHAL, "chal: issuing challenge %lu", (unsigned long)oseq);
+ if (msz) trace_block(T_CRYPTO, "chal: message block", m, msz);
trace_block(T_CRYPTO, "chal: challenge block", p, BCUR(b) - p);
})
- return (0);
+ rc = 0;
+done:
+ oseq++;
+ return (rc);
}
/* --- @c_check@ --- *
*
- * Arguments: @buf *b@ = where to find the challenge
+ * Arguments: @const void *m@ = pointer to associated message, or null
+ * @size_t msz@ = length of associated message
+ * @buf *b@ = where to find the challenge
*
* Returns: Zero if OK, nonzero if it didn't work.
*
* Use: Checks a challenge. On failure, the buffer is broken.
*/
-int c_check(buf *b)
+int c_check(const void *m, size_t msz, buf *b)
{
- const octet *p;
- size_t sz = 4 + algs.tagsz;
+ const octet *p, *t;
uint32 seq;
- ghash *h;
- int ok;
- if ((p = buf_get(b, sz)) == 0) {
- a_warn("CHAL", "invalid-challenge", A_END);
+ if (!bchal) {
+ a_warn("CHAL", "impossible-challenge", A_END);
goto fail;
}
- IF_TRACING(T_CHAL, trace_block(T_CRYPTO, "chal: check challenge", p, sz); )
- if (!mac) {
- a_warn("CHAL", "impossible-challenge", A_END);
+ p = BCUR(b);
+ if (buf_getu32(b, &seq) || (t = buf_get(b, bchal->tagsz)) == 0) {
+ a_warn("CHAL", "invalid-challenge", A_END);
goto fail;
}
- h = GM_INIT(mac);
- GH_HASH(h, p, 4);
- ok = (memcmp(GH_DONE(h, 0), p + 4, algs.tagsz) == 0);
- GH_DESTROY(h);
- if (!ok) {
+ IF_TRACING(T_CHAL, {
+ trace(T_CHAL, "chal: checking challenge, seq = %lu", (unsigned long)seq);
+ if (msz) trace_block(T_CRYPTO, "chal: message block", m, msz);
+ trace_block(T_CRYPTO, "chal: check challenge", p, BCUR(b) - p);
+ })
+ if (bchal->ops->chalvrf(bchal, m, msz, seq, t)) {
a_warn("CHAL", "incorrect-tag", A_END);
goto fail;
}
- seq = LOAD32(p);
- if (seq_check(&iseq, LOAD32(p), "CHAL"))
- goto fail;
- T( trace(T_CHAL, "chal: checked challenge %lu", (unsigned long)seq); )
+ if (seq_check(&iseq, seq, "CHAL")) goto fail;
+ T( trace(T_CHAL, "chal: challenge ok"); )
return (0);
fail: