[crypto] Change cipher_{en,de}crypt() to void functions
It is a programming error, not a runtime error, if we attempt to use block ciphers with an incorrect blocksize, so use an assert() rather than an error status return.
This commit is contained in:
parent
a3219b24a8
commit
b4d3d686cc
|
@ -1,24 +0,0 @@
|
||||||
#include <stdint.h>
|
|
||||||
#include <errno.h>
|
|
||||||
#include <gpxe/crypto.h>
|
|
||||||
|
|
||||||
int cipher_encrypt ( struct cipher_algorithm *cipher,
|
|
||||||
void *ctx, const void *src, void *dst,
|
|
||||||
size_t len ) {
|
|
||||||
if ( ( len & ( cipher->blocksize - 1 ) ) ) {
|
|
||||||
return -EINVAL;
|
|
||||||
}
|
|
||||||
cipher->encrypt ( ctx, src, dst, len );
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int cipher_decrypt ( struct cipher_algorithm *cipher,
|
|
||||||
void *ctx, const void *src, void *dst,
|
|
||||||
size_t len ) {
|
|
||||||
if ( ( len & ( cipher->blocksize - 1 ) ) ) {
|
|
||||||
return -EINVAL;
|
|
||||||
}
|
|
||||||
cipher->decrypt ( ctx, src, dst, len );
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
|
@ -70,7 +70,6 @@ struct cipher_algorithm {
|
||||||
* @v src Data to encrypt
|
* @v src Data to encrypt
|
||||||
* @v dst Buffer for encrypted data
|
* @v dst Buffer for encrypted data
|
||||||
* @v len Length of data
|
* @v len Length of data
|
||||||
* @ret rc Return status code
|
|
||||||
*
|
*
|
||||||
* @v len is guaranteed to be a multiple of @c blocksize.
|
* @v len is guaranteed to be a multiple of @c blocksize.
|
||||||
*/
|
*/
|
||||||
|
@ -82,7 +81,6 @@ struct cipher_algorithm {
|
||||||
* @v src Data to decrypt
|
* @v src Data to decrypt
|
||||||
* @v dst Buffer for decrypted data
|
* @v dst Buffer for decrypted data
|
||||||
* @v len Length of data
|
* @v len Length of data
|
||||||
* @ret rc Return status code
|
|
||||||
*
|
*
|
||||||
* @v len is guaranteed to be a multiple of @c blocksize.
|
* @v len is guaranteed to be a multiple of @c blocksize.
|
||||||
*/
|
*/
|
||||||
|
@ -123,17 +121,30 @@ static inline void cipher_setiv ( struct cipher_algorithm *cipher,
|
||||||
cipher->setiv ( ctx, iv );
|
cipher->setiv ( ctx, iv );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static inline void cipher_encrypt ( struct cipher_algorithm *cipher,
|
||||||
|
void *ctx, const void *src, void *dst,
|
||||||
|
size_t len ) {
|
||||||
|
cipher->encrypt ( ctx, src, dst, len );
|
||||||
|
}
|
||||||
|
#define cipher_encrypt( cipher, ctx, src, dst, len ) do { \
|
||||||
|
assert ( ( len & ( (cipher)->blocksize - 1 ) ) == 0 ); \
|
||||||
|
cipher_encrypt ( (cipher), (ctx), (src), (dst), (len) ); \
|
||||||
|
} while ( 0 )
|
||||||
|
|
||||||
|
static inline void cipher_decrypt ( struct cipher_algorithm *cipher,
|
||||||
|
void *ctx, const void *src, void *dst,
|
||||||
|
size_t len ) {
|
||||||
|
cipher->decrypt ( ctx, src, dst, len );
|
||||||
|
}
|
||||||
|
#define cipher_decrypt( cipher, ctx, src, dst, len ) do { \
|
||||||
|
assert ( ( len & ( (cipher)->blocksize - 1 ) ) == 0 ); \
|
||||||
|
cipher_decrypt ( (cipher), (ctx), (src), (dst), (len) ); \
|
||||||
|
} while ( 0 )
|
||||||
|
|
||||||
static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) {
|
static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) {
|
||||||
return ( cipher->blocksize == 1 );
|
return ( cipher->blocksize == 1 );
|
||||||
}
|
}
|
||||||
|
|
||||||
extern int cipher_encrypt ( struct cipher_algorithm *cipher,
|
|
||||||
void *ctx, const void *src, void *dst,
|
|
||||||
size_t len );
|
|
||||||
extern int cipher_decrypt ( struct cipher_algorithm *cipher,
|
|
||||||
void *ctx, const void *src, void *dst,
|
|
||||||
size_t len );
|
|
||||||
|
|
||||||
extern struct digest_algorithm digest_null;
|
extern struct digest_algorithm digest_null;
|
||||||
extern struct cipher_algorithm cipher_null;
|
extern struct cipher_algorithm cipher_null;
|
||||||
extern struct pubkey_algorithm pubkey_null;
|
extern struct pubkey_algorithm pubkey_null;
|
||||||
|
|
|
@ -1223,15 +1223,9 @@ static int tls_send_plaintext ( struct tls_session *tls, unsigned int type,
|
||||||
tlshdr->length = htons ( plaintext_len );
|
tlshdr->length = htons ( plaintext_len );
|
||||||
memcpy ( cipherspec->cipher_next_ctx, cipherspec->cipher_ctx,
|
memcpy ( cipherspec->cipher_next_ctx, cipherspec->cipher_ctx,
|
||||||
cipherspec->cipher->ctxsize );
|
cipherspec->cipher->ctxsize );
|
||||||
if ( ( rc = cipher_encrypt ( cipherspec->cipher,
|
cipher_encrypt ( cipherspec->cipher, cipherspec->cipher_next_ctx,
|
||||||
cipherspec->cipher_next_ctx, plaintext,
|
plaintext, iob_put ( ciphertext, plaintext_len ),
|
||||||
iob_put ( ciphertext, plaintext_len ),
|
plaintext_len );
|
||||||
plaintext_len ) ) != 0 ) {
|
|
||||||
DBGC ( tls, "TLS %p could not encrypt: %s\n",
|
|
||||||
tls, strerror ( rc ) );
|
|
||||||
DBGC_HD ( tls, plaintext, plaintext_len );
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Free plaintext as soon as possible to conserve memory */
|
/* Free plaintext as soon as possible to conserve memory */
|
||||||
free ( plaintext );
|
free ( plaintext );
|
||||||
|
@ -1393,14 +1387,8 @@ static int tls_new_ciphertext ( struct tls_session *tls,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Decrypt the record */
|
/* Decrypt the record */
|
||||||
if ( ( rc = cipher_decrypt ( cipherspec->cipher,
|
cipher_decrypt ( cipherspec->cipher, cipherspec->cipher_ctx,
|
||||||
cipherspec->cipher_ctx, ciphertext,
|
ciphertext, plaintext, record_len );
|
||||||
plaintext, record_len ) ) != 0 ) {
|
|
||||||
DBGC ( tls, "TLS %p could not decrypt: %s\n",
|
|
||||||
tls, strerror ( rc ) );
|
|
||||||
DBGC_HD ( tls, ciphertext, record_len );
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Split record into content and MAC */
|
/* Split record into content and MAC */
|
||||||
if ( is_stream_cipher ( cipherspec->cipher ) ) {
|
if ( is_stream_cipher ( cipherspec->cipher ) ) {
|
||||||
|
|
Reference in New Issue