/* * How many bytes will we add to frame buffer for a given * set of crypto options? */ void crypto_adjust_frame_parameters(struct frame *frame, const struct key_type* kt, bool cipher_defined, bool use_iv, bool packet_id, bool packet_id_long_form) { size_t crypto_overhead = 0; if (packet_id) crypto_overhead += packet_id_size (packet_id_long_form); if (cipher_defined) { if (use_iv) crypto_overhead += cipher_kt_iv_size (kt->cipher); /* extra block required by cipher_ctx_update() */ crypto_overhead += cipher_kt_block_size (kt->cipher); } crypto_overhead += kt->hmac_length; frame_add_to_extra_frame (frame, crypto_overhead); msg(D_MTU_DEBUG, "%s: Adjusting frame parameters for crypto by %zu bytes", __func__, crypto_overhead); }
/* * How many bytes will we add to frame buffer for a given * set of crypto options? */ void crypto_adjust_frame_parameters(struct frame *frame, const struct key_type* kt, bool cipher_defined, bool use_iv, bool packet_id, bool packet_id_long_form) { frame_add_to_extra_frame (frame, (packet_id ? packet_id_size (packet_id_long_form) : 0) + ((cipher_defined && use_iv) ? cipher_kt_iv_size (kt->cipher) : 0) + (cipher_defined ? cipher_kt_block_size (kt->cipher) : 0) + /* worst case padding expansion */ kt->hmac_length); }
/* given a key and key_type, build a key_ctx */ void init_key_ctx (struct key_ctx *ctx, struct key *key, const struct key_type *kt, int enc, const char *prefix) { struct gc_arena gc = gc_new (); CLEAR (*ctx); if (kt->cipher && kt->cipher_length > 0) { ALLOC_OBJ(ctx->cipher, cipher_ctx_t); cipher_ctx_init (ctx->cipher, key->cipher, kt->cipher_length, kt->cipher, enc); msg (D_HANDSHAKE, "%s: Cipher '%s' initialized with %d bit key", prefix, cipher_kt_name(kt->cipher), kt->cipher_length *8); dmsg (D_SHOW_KEYS, "%s: CIPHER KEY: %s", prefix, format_hex (key->cipher, kt->cipher_length, 0, &gc)); dmsg (D_CRYPTO_DEBUG, "%s: CIPHER block_size=%d iv_size=%d", prefix, cipher_kt_block_size(kt->cipher), cipher_kt_iv_size(kt->cipher)); } if (kt->digest && kt->hmac_length > 0) { ALLOC_OBJ(ctx->hmac, hmac_ctx_t); hmac_ctx_init (ctx->hmac, key->hmac, kt->hmac_length, kt->digest); msg (D_HANDSHAKE, "%s: Using %d bit message hash '%s' for HMAC authentication", prefix, md_kt_size(kt->digest) * 8, md_kt_name(kt->digest)); dmsg (D_SHOW_KEYS, "%s: HMAC KEY: %s", prefix, format_hex (key->hmac, kt->hmac_length, 0, &gc)); dmsg (D_CRYPTO_DEBUG, "%s: HMAC size=%d block_size=%d", prefix, md_kt_size(kt->digest), hmac_ctx_size(ctx->hmac)); } gc_free (&gc); }