[Openvpn-devel] [S] Change in openvpn[master]: Split init_key_ctx_bi into send/recv init

[cron2 (Code Review)]

cron2 has uploaded a new patch set (#9) to the change originally created by 
plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/799?usp=email )

The following approvals got outdated and were removed:
Code-Review+2 by cron2


Change subject: Split init_key_ctx_bi into send/recv init
......................................................................

Split init_key_ctx_bi into send/recv init

This allows for only initialising one of the keys. This is needed
for epoch keys where key rotation of send/recv key can happen at
different time points.

Change-Id: If9e029bdac264dcc05b2d256c4d323315904a92b
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Acked-by: Gert Doering <g...@greenie.muc.de>
Message-Id: <20241221223905.18820-1-g...@greenie.muc.de>
URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg30151.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
---
M src/openvpn/crypto.c
M src/openvpn/crypto.h
2 files changed, 38 insertions(+), 5 deletions(-)


  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/99/799/9

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index faf69fc..982fb01 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -938,8 +938,8 @@
 }

 void
-init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2,
-                int key_direction, const struct key_type *kt, const char *name)
+init_key_bi_ctx_send(struct key_ctx *ctx, const struct key2 *key2,
+                     int key_direction, const struct key_type *kt, const char 
*name)
 {
     char log_prefix[128] = { 0 };
     struct key_direction_state kds;
@@ -947,13 +947,32 @@
     key_direction_state_init(&kds, key_direction);

     snprintf(log_prefix, sizeof(log_prefix), "Outgoing %s", name);
-    init_key_ctx(&ctx->encrypt, &key2->keys[kds.out_key], kt,
+    init_key_ctx(ctx, &key2->keys[kds.out_key], kt,
                  OPENVPN_OP_ENCRYPT, log_prefix);

+}
+
+void
+init_key_bi_ctx_recv(struct key_ctx *ctx, const struct key2 *key2,
+                     int key_direction, const struct key_type *kt, const char 
*name)
+{
+    char log_prefix[128] = { 0 };
+    struct key_direction_state kds;
+
+    key_direction_state_init(&kds, key_direction);
+
     snprintf(log_prefix, sizeof(log_prefix), "Incoming %s", name);
-    init_key_ctx(&ctx->decrypt, &key2->keys[kds.in_key], kt,
+    init_key_ctx(ctx, &key2->keys[kds.in_key], kt,
                  OPENVPN_OP_DECRYPT, log_prefix);

+}
+
+void
+init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2,
+                int key_direction, const struct key_type *kt, const char *name)
+{
+    init_key_bi_ctx_send(&ctx->encrypt, key2, key_direction, kt, name);
+    init_key_bi_ctx_recv(&ctx->decrypt, key2, key_direction, kt, name);
     ctx->initialized = true;
 }

@@ -971,6 +990,8 @@
         hmac_ctx_free(ctx->hmac);
         ctx->hmac = NULL;
     }
+    CLEAR(ctx->implicit_iv);
+    ctx->plaintext_blocks = 0;
 }

 void
diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h
index 4579b65..b3612fb 100644
--- a/src/openvpn/crypto.h
+++ b/src/openvpn/crypto.h
@@ -196,7 +196,9 @@
     int n;                      /**< The number of \c key objects stored
                                  *   in the \c key2.keys array. */
     struct key keys[2];         /**< Two unidirectional sets of %key
-                                 *   material. */
+                                 *   material. The first key is the client
+                                 *   (encrypts) to server (decrypts), the
+                                 *   second the server to client key. */
 };

 /**
@@ -349,6 +351,16 @@
                   const struct key_type *kt, int enc,
                   const char *prefix);

+void
+init_key_bi_ctx_send(struct key_ctx *ctx, const struct key2 *key2,
+                     int key_direction, const struct key_type *kt,
+                     const char *name);
+
+void
+init_key_bi_ctx_recv(struct key_ctx *ctx, const struct key2 *key2,
+                     int key_direction, const struct key_type *kt,
+                     const char *name);
+
 void free_key_ctx(struct key_ctx *ctx);

 void init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2,

--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/799?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: If9e029bdac264dcc05b2d256c4d323315904a92b
Gerrit-Change-Number: 799
Gerrit-PatchSet: 9
Gerrit-Owner: plaisthos <arne-open...@rfc2549.org>
Gerrit-Reviewer: cron2 <g...@greenie.muc.de>
Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-MessageType: newpatchset


_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel