diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2013-04-12 11:22:04 +0200 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2013-04-12 11:22:04 +0200 |
| commit | 815bae1f35c67ff7b8caf7b446a9e4cf1c870aa3 (patch) | |
| tree | ed79ed74aa65072c501fbcab43a7efd2e3c661c0 /runtime/libgcry.c | |
| parent | 2679dd4af107290845711c4e265ed1e8b0c051a8 (diff) | |
| download | rsyslog-815bae1f35c67ff7b8caf7b446a9e4cf1c870aa3.tar.gz rsyslog-815bae1f35c67ff7b8caf7b446a9e4cf1c870aa3.tar.bz2 rsyslog-815bae1f35c67ff7b8caf7b446a9e4cf1c870aa3.zip | |
logenc: add parameters to select cipher algo and mode
Diffstat (limited to 'runtime/libgcry.c')
| -rw-r--r-- | runtime/libgcry.c | 47 |
1 files changed, 37 insertions, 10 deletions
diff --git a/runtime/libgcry.c b/runtime/libgcry.c index 5fd55360..ef94e8ac 100644 --- a/runtime/libgcry.c +++ b/runtime/libgcry.c @@ -49,8 +49,6 @@ #include "rsyslog.h" #include "libgcry.h" -#define GCRY_CIPHER GCRY_CIPHER_3DES // TODO: make configurable - static rsRetVal eiWriteRec(gcryfile gf, char *recHdr, size_t lenRecHdr, char *buf, size_t lenBuf) @@ -206,6 +204,8 @@ gcryCtxNew(void) { gcryctx ctx; ctx = calloc(1, sizeof(struct gcryctx_s)); + ctx->algo = GCRY_CIPHER_AES128; + ctx->mode = GCRY_CIPHER_MODE_CBC; return ctx; } @@ -270,9 +270,10 @@ done: return; int rsgcrySetKey(gcryctx ctx, unsigned char *key, uint16_t keyLen) { - uint16_t reqKeyLen = gcry_cipher_get_algo_keylen(GCRY_CIPHER); + uint16_t reqKeyLen; int r; + reqKeyLen = gcry_cipher_get_algo_keylen(ctx->algo); if(keyLen != reqKeyLen) { r = reqKeyLen; goto done; @@ -284,6 +285,36 @@ rsgcrySetKey(gcryctx ctx, unsigned char *key, uint16_t keyLen) done: return r; } +rsRetVal +rsgcrySetMode(gcryctx ctx, uchar *modename) +{ + int mode; + DEFiRet; + + mode = rsgcryModename2Mode((char *)modename); + if(mode == GCRY_CIPHER_MODE_NONE) { + ABORT_FINALIZE(RS_RET_CRY_INVLD_MODE); + } + ctx->mode = mode; +finalize_it: + RETiRet; +} + +rsRetVal +rsgcrySetAlgo(gcryctx ctx, uchar *algoname) +{ + int algo; + DEFiRet; + + algo = rsgcryAlgoname2Algo((char *)algoname); + if(algo == GCRY_CIPHER_NONE) { + ABORT_FINALIZE(RS_RET_CRY_INVLD_ALGO); + } + ctx->algo = algo; +finalize_it: + RETiRet; +} + /* As of some Linux and security expert I spoke to, /dev/urandom * provides very strong random numbers, even if it runs out of * entropy. As far as he knew, this is save for all applications @@ -310,7 +341,7 @@ seedIV(gcryfile gf, uchar **iv) } rsRetVal -rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, int gcry_mode, uchar *fname) +rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, uchar *fname) { gcry_error_t gcryError; gcryfile gf = NULL; @@ -319,13 +350,9 @@ rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, int gcry_mode, uchar *fname) CHKiRet(gcryfileConstruct(ctx, &gf, fname)); - gf->blkLength = gcry_cipher_get_algo_blklen(GCRY_CIPHER); + gf->blkLength = gcry_cipher_get_algo_blklen(ctx->algo); - gcryError = gcry_cipher_open( - &gf->chd, // gcry_cipher_hd_t * - GCRY_CIPHER, // int - gcry_mode, // int - 0); // unsigned int + gcryError = gcry_cipher_open(&gf->chd, ctx->algo, ctx->mode, 0); if (gcryError) { dbgprintf("gcry_cipher_open failed: %s/%s\n", gcry_strsource(gcryError), |