diff options
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/ipt_CRYPT.c | 5 | ||||
| -rw-r--r-- | kernel/seppl.c | 30 | ||||
| -rw-r--r-- | kernel/seppl.h | 3 |
3 files changed, 38 insertions, 0 deletions
diff --git a/kernel/ipt_CRYPT.c b/kernel/ipt_CRYPT.c index c4a2daf..68b5784 100644 --- a/kernel/ipt_CRYPT.c +++ b/kernel/ipt_CRYPT.c @@ -98,6 +98,11 @@ static unsigned int ipt_CRYPT_target(struct sk_buff **pskb, unsigned int hooknum // Copy the IV seppl_copy_iv(ti->key, iv); + // Encrypt to make it randomish + sg[0].page = virt_to_page((void*) iv); + sg[0].offset = (((long) (void *) iv) & ~PAGE_MASK); + sg[0].length = ivs; + crypto_cipher_encrypt(ti->key->tfm_ecb, sg, sg, sg[0].length ); // Fill the crypted header ch->ident = 0x00; diff --git a/kernel/seppl.c b/kernel/seppl.c index ddb6bba..b15afbe 100644 --- a/kernel/seppl.c +++ b/kernel/seppl.c @@ -168,6 +168,8 @@ int seppl_add_key(u8 algorithm, const char *name, const u8 *key_data) { key->key = key->iv = NULL; key->tfm = NULL; + key->key_ecb = NULL; + key->tfm_ecb = NULL; atomic_set(&key->usage, 0); spin_lock_init(&key->iv_spinlock); @@ -201,6 +203,26 @@ int seppl_add_key(u8 algorithm, const char *name, const u8 *key_data) { key->blocksize = crypto_tfm_alg_blocksize(key->tfm); proc_file->size += 8 + key->keysize; + + /* Set up a random ecb key for making good IVs */ + if (!(key->tfm_ecb = crypto_alloc_tfm("aes", CRYPTO_TFM_MODE_ECB))) { + printk(KERN_ERR "SEPPL: Failed to load ecb cipher.\n"); + goto cleanup; + } + + if ( !(key->key_ecb = kmalloc( 128/8, GFP_KERNEL ))) { + r = -ENOMEM; + printk( KERN_ERR "SEPPL: kmalloc() failed #2a\n" ); + goto cleanup; + } + + get_random_bytes(key->key_ecb, 128/8); + + if (crypto_cipher_setkey(key->tfm_ecb, key->key_ecb, 128/8)) { + printk(KERN_ERR "SEPPL: Failed to set ecb cipher key.\n"); + goto cleanup; + } + atomic_set(&key->ready, 1); printk(KERN_INFO "SEPPL: Added key sucessfully.\n"); @@ -229,6 +251,7 @@ cleanup: spin_unlock(&keyring_lock); + /* Free the data transform */ if (key->tfm) crypto_free_tfm(key->tfm); @@ -238,6 +261,13 @@ cleanup: if (key->iv) kfree(key->iv); + /* Free the IV transform */ + if (key->tfm_ecb) + crypto_free_tfm(key->tfm_ecb); + + if (key->key_ecb) + kfree(key->key_ecb); + kfree(key); } diff --git a/kernel/seppl.h b/kernel/seppl.h index 273d865..282ba26 100644 --- a/kernel/seppl.h +++ b/kernel/seppl.h @@ -44,6 +44,9 @@ struct seppl_key { u8 *iv; u8 *key; + struct crypto_tfm *tfm_ecb; /* for encrypting iv */ + u8 *key_ecb; + unsigned int ivsize; unsigned int keysize; unsigned int blocksize; |