From 85152d0266a3701179ef26c1af933ee651227541 Mon Sep 17 00:00:00 2001
From: Florian Forster <octo@leeloo.lan.home.verplant.org>
Date: Sat, 11 Apr 2009 02:02:33 +0200
Subject: [PATCH] network plugin: Use CBC rather than ECB.

---
 src/network.c | 27 +++++++++++----------------
 src/network.h |  4 ----
 2 files changed, 11 insertions(+), 20 deletions(-)

diff --git a/src/network.c b/src/network.c
index ef2ba1f6..bbe6b6fd 100644
--- a/src/network.c
+++ b/src/network.c
@@ -189,10 +189,6 @@ typedef struct receive_list_entry_s receive_list_entry_t;
 /*
  * Private variables
  */
-#if HAVE_GCRYPT_H
-static char network_encryption_iv[] = NET_ENCR_IV;
-#endif /* HAVE_GCRYPT_H */
-
 static int network_config_ttl = 0;
 static int network_config_forward = 0;
 
@@ -788,6 +784,7 @@ static int parse_part_encr_aes256 (sockent_t *se, /* {{{ */
   err = gcry_cipher_decrypt (se->cypher,
       buffer + sizeof (pea.head), buffer_len - sizeof (pea.head),
       /* in = */ NULL, /* in len = */ 0);
+  gcry_cipher_reset (se->cypher);
   if (err != 0)
   {
     ERROR ("network plugin: gcry_cipher_decrypt returned: %s",
@@ -1193,8 +1190,16 @@ static int network_set_encryption (sockent_t *se, /* {{{ */
 
   se->shared_secret = sstrdup (shared_secret);
 
+  /*
+   * We use CBC *without* an initialization vector: The cipher is reset after
+   * each packet and we would have to re-set the IV each time. The first
+   * encrypted block will contain the SHA-224 checksum anyway, so this should
+   * be quite unpredictable. Also, there's a 2 byte field in the header that's
+   * being filled with random numbers. So we only use CBC so the blocks
+   * *within* one packet are chained.
+   */
   err = gcry_cipher_open (&se->cypher,
-      GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_ECB, /* flags = */ 0);
+      GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, /* flags = */ 0);
   if (err != 0)
   {
     ERROR ("network plugin: gcry_cipher_open returned: %s",
@@ -1202,17 +1207,6 @@ static int network_set_encryption (sockent_t *se, /* {{{ */
     return (-1);
   }
 
-  err = gcry_cipher_setiv (se->cypher, network_encryption_iv,
-      sizeof (network_encryption_iv));
-  if (err != 0)
-  {
-    ERROR ("network plugin: gcry_cipher_setiv returned: %s",
-        gcry_strerror (err));
-    gcry_cipher_close (se->cypher);
-    se->cypher = NULL;
-    return (-1);
-  }
-
   assert (se->shared_secret != NULL);
   gcry_md_hash_buffer (GCRY_MD_SHA256, hash,
       se->shared_secret, strlen (se->shared_secret));
@@ -1875,6 +1869,7 @@ static void networt_send_buffer_encrypted (const sockent_t *se, /* {{{ */
   err = gcry_cipher_encrypt (se->cypher,
       buffer + sizeof (pea.head), buffer_size - sizeof (pea.head),
       /* in = */ NULL, /* in len = */ 0);
+  gcry_cipher_reset (se->cypher);
   if (err != 0)
   {
     ERROR ("network plugin: gcry_cipher_encrypt returned: %s",
diff --git a/src/network.h b/src/network.h
index baca2d30..777616c4 100644
--- a/src/network.h
+++ b/src/network.h
@@ -70,8 +70,4 @@
 #define TYPE_SIGN_SHA256     0x0200
 #define TYPE_ENCR_AES256     0x0210
 
-#define NET_ENCR_IV { \
-	0xd6, 0x0c, 0x90, 0xc2, 0x23, 0xdd, 0x3e, 0xcc, \
-	0xc9, 0x86, 0xe9, 0xb6, 0xe0, 0x15, 0xb7, 0x39 }
-
 #endif /* NETWORK_H */
-- 
2.11.0