X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fevp%2Fe_aes.c;h=6c5bc294691cec48e02401a3e5b5748caccdcdff;hp=c0fd0312b0df67d6d7fc5b85ff5897a68b4fa120;hb=612f4e2384e4cfecef42734b8b7d988cf849e74e;hpb=9575d1a91ad9dd6eb5c964365dfbb72dbd3d1333 diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index c0fd0312b0..6c5bc29469 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1260,7 +1260,10 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, gctx->ctr = NULL; break; } + else #endif + (void)0; /* terminate potentially open 'else' */ + AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt); #ifdef AES_CTR_ASM @@ -1632,13 +1635,11 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, xctx->stream = NULL; #endif /* key_len is two AES keys */ -#if !(defined(__arm__) || defined(__arm)) /* not yet? */ #ifdef BSAES_CAPABLE if (BSAES_CAPABLE) xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt; else #endif -#endif #ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { @@ -1653,14 +1654,17 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, xctx->xts.block1 = (block128_f)vpaes_decrypt; } - vpaes_set_encrypt_key(key + ctx->key_len/2, + vpaes_set_encrypt_key(key + ctx->key_len/2, ctx->key_len * 4, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f)vpaes_encrypt; + xctx->xts.block2 = (block128_f)vpaes_encrypt; - xctx->xts.key1 = &xctx->ks1; - break; - } + xctx->xts.key1 = &xctx->ks1; + break; + } + else #endif + (void)0; /* terminate potentially open 'else' */ + if (enc) { AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); @@ -1880,4 +1884,102 @@ BLOCK_CIPHER_custom(NID_aes,128,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) +typedef struct + { + union { double align; AES_KEY ks; } ks; + /* Indicates if IV has been set */ + unsigned char *iv; + } EVP_AES_WRAP_CTX; + +static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { + EVP_AES_WRAP_CTX *wctx = ctx->cipher_data; + if (!iv && !key) + return 1; + if (key) + { + if (ctx->encrypt) + AES_set_encrypt_key(key, ctx->key_len * 8, &wctx->ks.ks); + else + AES_set_decrypt_key(key, ctx->key_len * 8, &wctx->ks.ks); + if (!iv) + wctx->iv = NULL; + } + if (iv) + { + memcpy(ctx->iv, iv, 8); + wctx->iv = ctx->iv; + } + return 1; + } + +static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inlen) + { + EVP_AES_WRAP_CTX *wctx = ctx->cipher_data; + size_t rv; + if (inlen % 8) + return 0; + if (!out) + { + if (ctx->encrypt) + return inlen + 8; + else + return inlen - 8; + } + if (!in) + return 0; + if (ctx->encrypt) + rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, out, in, inlen, + (block128_f)AES_encrypt); + else + rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv, out, in, inlen, + (block128_f)AES_decrypt); + return rv ? (int)rv : -1; + } + +#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE \ + | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) + +static const EVP_CIPHER aes_128_wrap = { + NID_id_aes128_wrap, + 8, 16, 8, WRAP_FLAGS, + aes_wrap_init_key, aes_wrap_cipher, + NULL, + sizeof(EVP_AES_WRAP_CTX), + NULL,NULL,NULL,NULL }; + +const EVP_CIPHER *EVP_aes_128_wrap(void) + { + return &aes_128_wrap; + } + +static const EVP_CIPHER aes_192_wrap = { + NID_id_aes192_wrap, + 8, 24, 8, WRAP_FLAGS, + aes_wrap_init_key, aes_wrap_cipher, + NULL, + sizeof(EVP_AES_WRAP_CTX), + NULL,NULL,NULL,NULL }; + +const EVP_CIPHER *EVP_aes_192_wrap(void) + { + return &aes_192_wrap; + } + +static const EVP_CIPHER aes_256_wrap = { + NID_id_aes256_wrap, + 8, 32, 8, WRAP_FLAGS, + aes_wrap_init_key, aes_wrap_cipher, + NULL, + sizeof(EVP_AES_WRAP_CTX), + NULL,NULL,NULL,NULL }; + +const EVP_CIPHER *EVP_aes_256_wrap(void) + { + return &aes_256_wrap; + } + #endif