Instead of always initialize the encrypt and decrypt keys separately,
implement an helper function init_key_ctx_bi() that takes care of
both of them for us.
Reduces code duplication and improves readability.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Antonio Quartulli <a@unstable.cc>
Message-Id: <20170707044704.7239-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15011.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
... | ... |
@@ -873,6 +873,26 @@ init_key_ctx(struct key_ctx *ctx, const struct key *key, |
873 | 873 |
} |
874 | 874 |
|
875 | 875 |
void |
876 |
+init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2, |
|
877 |
+ int key_direction, const struct key_type *kt, const char *name) |
|
878 |
+{ |
|
879 |
+ char log_prefix[128] = { 0 }; |
|
880 |
+ struct key_direction_state kds; |
|
881 |
+ |
|
882 |
+ key_direction_state_init(&kds, key_direction); |
|
883 |
+ |
|
884 |
+ openvpn_snprintf(log_prefix, sizeof(log_prefix), "Outgoing %s", name); |
|
885 |
+ init_key_ctx(&ctx->encrypt, &key2->keys[kds.out_key], kt, |
|
886 |
+ OPENVPN_OP_ENCRYPT, log_prefix); |
|
887 |
+ |
|
888 |
+ openvpn_snprintf(log_prefix, sizeof(log_prefix), "Incoming %s", name); |
|
889 |
+ init_key_ctx(&ctx->decrypt, &key2->keys[kds.in_key], kt, |
|
890 |
+ OPENVPN_OP_DECRYPT, log_prefix); |
|
891 |
+ |
|
892 |
+ ctx->initialized = true; |
|
893 |
+} |
|
894 |
+ |
|
895 |
+void |
|
876 | 896 |
free_key_ctx(struct key_ctx *ctx) |
877 | 897 |
{ |
878 | 898 |
if (ctx->cipher) |
... | ... |
@@ -1161,7 +1181,6 @@ crypto_read_openvpn_key(const struct key_type *key_type, |
1161 | 1161 |
{ |
1162 | 1162 |
struct key2 key2; |
1163 | 1163 |
struct key_direction_state kds; |
1164 |
- char log_prefix[128] = { 0 }; |
|
1165 | 1164 |
|
1166 | 1165 |
if (key_inline) |
1167 | 1166 |
{ |
... | ... |
@@ -1186,13 +1205,7 @@ crypto_read_openvpn_key(const struct key_type *key_type, |
1186 | 1186 |
must_have_n_keys(key_file, opt_name, &key2, kds.need_keys); |
1187 | 1187 |
|
1188 | 1188 |
/* initialize key in both directions */ |
1189 |
- openvpn_snprintf(log_prefix, sizeof(log_prefix), "Outgoing %s", key_name); |
|
1190 |
- init_key_ctx(&ctx->encrypt, &key2.keys[kds.out_key], key_type, |
|
1191 |
- OPENVPN_OP_ENCRYPT, log_prefix); |
|
1192 |
- openvpn_snprintf(log_prefix, sizeof(log_prefix), "Incoming %s", key_name); |
|
1193 |
- init_key_ctx(&ctx->decrypt, &key2.keys[kds.in_key], key_type, |
|
1194 |
- OPENVPN_OP_DECRYPT, log_prefix); |
|
1195 |
- |
|
1189 |
+ init_key_ctx_bi(ctx, &key2, key_direction, key_type, key_name); |
|
1196 | 1190 |
secure_memzero(&key2, sizeof(key2)); |
1197 | 1191 |
} |
1198 | 1192 |
|
... | ... |
@@ -318,6 +318,10 @@ void init_key_ctx(struct key_ctx *ctx, const struct key *key, |
318 | 318 |
|
319 | 319 |
void free_key_ctx(struct key_ctx *ctx); |
320 | 320 |
|
321 |
+void init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2, |
|
322 |
+ int key_direction, const struct key_type *kt, |
|
323 |
+ const char *name); |
|
324 |
+ |
|
321 | 325 |
void free_key_ctx_bi(struct key_ctx_bi *ctx); |
322 | 326 |
|
323 | 327 |
|
... | ... |
@@ -1840,20 +1840,8 @@ generate_key_expansion(struct key_ctx_bi *key, |
1840 | 1840 |
} |
1841 | 1841 |
|
1842 | 1842 |
/* Initialize OpenSSL key contexts */ |
1843 |
- |
|
1844 |
- ASSERT(server == true || server == false); |
|
1845 |
- |
|
1846 |
- init_key_ctx(&key->encrypt, |
|
1847 |
- &key2.keys[(int)server], |
|
1848 |
- key_type, |
|
1849 |
- OPENVPN_OP_ENCRYPT, |
|
1850 |
- "Data Channel Encrypt"); |
|
1851 |
- |
|
1852 |
- init_key_ctx(&key->decrypt, |
|
1853 |
- &key2.keys[1-(int)server], |
|
1854 |
- key_type, |
|
1855 |
- OPENVPN_OP_DECRYPT, |
|
1856 |
- "Data Channel Decrypt"); |
|
1843 |
+ int key_direction = server ? KEY_DIRECTION_INVERSE : KEY_DIRECTION_NORMAL; |
|
1844 |
+ init_key_ctx_bi(key, &key2, key_direction, key_type, "Data Channel"); |
|
1857 | 1845 |
|
1858 | 1846 |
/* Initialize implicit IVs */ |
1859 | 1847 |
key_ctx_update_implicit_iv(&key->encrypt, key2.keys[(int)server].hmac, |
... | ... |
@@ -1861,7 +1849,6 @@ generate_key_expansion(struct key_ctx_bi *key, |
1861 | 1861 |
key_ctx_update_implicit_iv(&key->decrypt, key2.keys[1-(int)server].hmac, |
1862 | 1862 |
MAX_HMAC_KEY_LENGTH); |
1863 | 1863 |
|
1864 |
- key->initialized = true; |
|
1865 | 1864 |
ret = true; |
1866 | 1865 |
|
1867 | 1866 |
exit: |