aboutsummaryrefslogtreecommitdiff
path: root/src/libmbedcrypto.c
diff options
context:
space:
mode:
authorJakub Jelen <jjelen@redhat.com>2018-10-04 12:55:23 +0200
committerAndreas Schneider <asn@cryptomilk.org>2018-10-09 13:05:38 +0200
commita2120e168b70218a82617b630e2030ff126a21ec (patch)
treeb29a865c41082017bffcad7a54100ca575efbc48 /src/libmbedcrypto.c
parent5790036a2305d5610ac55adb5382ea55d043998f (diff)
downloadlibssh-a2120e168b70218a82617b630e2030ff126a21ec.tar.gz
libssh-a2120e168b70218a82617b630e2030ff126a21ec.tar.xz
libssh-a2120e168b70218a82617b630e2030ff126a21ec.zip
libmbedtls: Simplify the cipher setup
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/libmbedcrypto.c')
-rw-r--r--src/libmbedcrypto.c138
1 files changed, 56 insertions, 82 deletions
diff --git a/src/libmbedcrypto.c b/src/libmbedcrypto.c
index 85c50797..8a2a7d96 100644
--- a/src/libmbedcrypto.c
+++ b/src/libmbedcrypto.c
@@ -509,78 +509,88 @@ void hmac_final(HMACCTX c, unsigned char *hashmacbuf, unsigned int *len)
SAFE_FREE(c);
}
-static int cipher_set_encrypt_key(struct ssh_cipher_struct *cipher, void *key,
- void *IV)
+static int
+cipher_init(struct ssh_cipher_struct *cipher,
+ mbedtls_operation_t operation,
+ void *key,
+ void *IV)
{
-
const mbedtls_cipher_info_t *cipher_info = NULL;
+ mbedtls_cipher_context_t *ctx;
int rc;
- mbedtls_cipher_init(&cipher->encrypt_ctx);
+ if (operation == MBEDTLS_ENCRYPT) {
+ ctx = &cipher->encrypt_ctx;
+ } else if (operation == MBEDTLS_DECRYPT) {
+ ctx = &cipher->decrypt_ctx;
+ } else {
+ SSH_LOG(SSH_LOG_WARNING, "unknown operation");
+ return 1;
+ }
+
+ mbedtls_cipher_init(ctx);
cipher_info = mbedtls_cipher_info_from_type(cipher->type);
- rc = mbedtls_cipher_setup(&cipher->encrypt_ctx, cipher_info);
+ rc = mbedtls_cipher_setup(ctx, cipher_info);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setup failed");
goto error;
}
- rc = mbedtls_cipher_setkey(&cipher->encrypt_ctx, key,
+ rc = mbedtls_cipher_setkey(ctx, key,
cipher_info->key_bitlen,
- MBEDTLS_ENCRYPT);
+ operation);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed");
goto error;
}
- rc = mbedtls_cipher_set_iv(&cipher->encrypt_ctx, IV, cipher_info->iv_size);
-
+ rc = mbedtls_cipher_set_iv(ctx, IV, cipher_info->iv_size);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_iv failed");
goto error;
}
- rc = mbedtls_cipher_reset(&cipher->encrypt_ctx);
-
- if (rc != 0) {
- SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed");
- goto error;
- }
-
- return SSH_OK;
+ return 0;
error:
- mbedtls_cipher_free(&cipher->encrypt_ctx);
- return SSH_ERROR;
+ mbedtls_cipher_free(ctx);
+ return 1;
}
-static int cipher_set_encrypt_key_cbc(struct ssh_cipher_struct *cipher, void *key,
- void *IV)
+static int
+cipher_set_encrypt_key(struct ssh_cipher_struct *cipher,
+ void *key,
+ void *IV)
{
-
- const mbedtls_cipher_info_t *cipher_info = NULL;
int rc;
- mbedtls_cipher_init(&cipher->encrypt_ctx);
- cipher_info = mbedtls_cipher_info_from_type(cipher->type);
-
- rc = mbedtls_cipher_setup(&cipher->encrypt_ctx, cipher_info);
+ rc = cipher_init(cipher, MBEDTLS_ENCRYPT, key, IV);
if (rc != 0) {
- SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setup failed");
+ SSH_LOG(SSH_LOG_WARNING, "cipher_init failed");
goto error;
}
- rc = mbedtls_cipher_setkey(&cipher->encrypt_ctx, key,
- cipher_info->key_bitlen,
- MBEDTLS_ENCRYPT);
+ rc = mbedtls_cipher_reset(&cipher->encrypt_ctx);
if (rc != 0) {
- SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed");
+ SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed");
goto error;
}
- rc = mbedtls_cipher_set_iv(&cipher->encrypt_ctx, IV, cipher_info->iv_size);
+ return SSH_OK;
+error:
+ return SSH_ERROR;
+}
+
+static int
+cipher_set_encrypt_key_cbc(struct ssh_cipher_struct *cipher,
+ void *key,
+ void *IV)
+{
+ int rc;
+ rc = cipher_init(cipher, MBEDTLS_ENCRYPT, key, IV);
if (rc != 0) {
- SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_iv failed");
+ SSH_LOG(SSH_LOG_WARNING, "cipher_init failed");
goto error;
}
@@ -595,7 +605,6 @@ static int cipher_set_encrypt_key_cbc(struct ssh_cipher_struct *cipher, void *ke
}
rc = mbedtls_cipher_reset(&cipher->encrypt_ctx);
-
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed");
goto error;
@@ -607,37 +616,20 @@ error:
return SSH_ERROR;
}
-static int cipher_set_decrypt_key(struct ssh_cipher_struct *cipher, void *key,
- void *IV)
+static int
+cipher_set_decrypt_key(struct ssh_cipher_struct *cipher,
+ void *key,
+ void *IV)
{
- const mbedtls_cipher_info_t *cipher_info = NULL;
int rc;
- mbedtls_cipher_init(&cipher->decrypt_ctx);
- cipher_info = mbedtls_cipher_info_from_type(cipher->type);
-
- rc = mbedtls_cipher_setup(&cipher->decrypt_ctx, cipher_info);
- if (rc != 0) {
- SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed");
- goto error;
- }
-
- rc = mbedtls_cipher_setkey(&cipher->decrypt_ctx, key,
- cipher_info->key_bitlen,
- MBEDTLS_DECRYPT);
- if (rc != 0) {
- SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed");
- goto error;
- }
-
- rc = mbedtls_cipher_set_iv(&cipher->decrypt_ctx, IV, cipher_info->iv_size);
+ rc = cipher_init(cipher, MBEDTLS_DECRYPT, key, IV);
if (rc != 0) {
- SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_iv failed");
+ SSH_LOG(SSH_LOG_WARNING, "cipher_init failed");
goto error;
}
mbedtls_cipher_reset(&cipher->decrypt_ctx);
-
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed");
goto error;
@@ -649,45 +641,27 @@ error:
return SSH_ERROR;
}
-static int cipher_set_decrypt_key_cbc(struct ssh_cipher_struct *cipher, void *key,
- void *IV)
+static int
+cipher_set_decrypt_key_cbc(struct ssh_cipher_struct *cipher,
+ void *key,
+ void *IV)
{
- const mbedtls_cipher_info_t *cipher_info;
int rc;
- mbedtls_cipher_init(&cipher->decrypt_ctx);
- cipher_info = mbedtls_cipher_info_from_type(cipher->type);
-
- rc = mbedtls_cipher_setup(&cipher->decrypt_ctx, cipher_info);
- if (rc != 0) {
- SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed");
- goto error;
- }
-
- rc = mbedtls_cipher_setkey(&cipher->decrypt_ctx, key,
- cipher_info->key_bitlen,
- MBEDTLS_DECRYPT);
+ rc = cipher_init(cipher, MBEDTLS_DECRYPT, key, IV);
if (rc != 0) {
- SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed");
- goto error;
- }
-
- rc = mbedtls_cipher_set_iv(&cipher->decrypt_ctx, IV, cipher_info->iv_size);
- if (rc != 0) {
- SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_iv failed");
+ SSH_LOG(SSH_LOG_WARNING, "cipher_init failed");
goto error;
}
rc = mbedtls_cipher_set_padding_mode(&cipher->decrypt_ctx,
MBEDTLS_PADDING_NONE);
-
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_padding_mode failed");
goto error;
}
mbedtls_cipher_reset(&cipher->decrypt_ctx);
-
if (rc != 0) {
SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed");
goto error;