diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2019-08-22 11:42:54 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2019-08-22 11:42:54 +1000 |
| commit | e1178600cc5d40b1e21c4a01d224afd2d8c7498a (patch) | |
| tree | 9601f94492fbab46a72f96e0982025d7ec7ed236 /providers | |
| parent | 85d09e8848012d0dfdacf827d9d56730fa5daf16 (diff) | |
Add basic aria and camellia ciphers modes to default provider
The aes code has been refactored into generic and algorithn specific parts,
so that most of the code can be shared.
The cipher related files have been broken up into smaller parts.
Add chunked variant of mode ciphers - aria uses this (many other ciphers will use this new code instead of the
generic code used by aes).
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9451)
Diffstat (limited to 'providers')
43 files changed, 2462 insertions, 1764 deletions
diff --git a/providers/common/ciphers/aes.c b/providers/common/ciphers/aes.c deleted file mode 100644 index 1b1074af16..0000000000 --- a/providers/common/ciphers/aes.c +++ /dev/null @@ -1,458 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <string.h> -#include <openssl/crypto.h> -#include <openssl/core_numbers.h> -#include <openssl/core_names.h> -#include <openssl/evp.h> -#include <openssl/params.h> -#include <openssl/rand.h> -#include "internal/cryptlib.h" -#include "internal/provider_algs.h" -#include "ciphers_locl.h" -#include "internal/providercommonerr.h" - -static OSSL_OP_cipher_encrypt_init_fn aes_einit; -static OSSL_OP_cipher_decrypt_init_fn aes_dinit; -static OSSL_OP_cipher_update_fn aes_block_update; -static OSSL_OP_cipher_final_fn aes_block_final; -static OSSL_OP_cipher_update_fn aes_stream_update; -static OSSL_OP_cipher_final_fn aes_stream_final; -static OSSL_OP_cipher_cipher_fn aes_cipher; -static OSSL_OP_cipher_freectx_fn aes_freectx; -static OSSL_OP_cipher_dupctx_fn aes_dupctx; -static OSSL_OP_cipher_get_ctx_params_fn aes_get_ctx_params; -static OSSL_OP_cipher_set_ctx_params_fn aes_set_ctx_params; - -static int PROV_AES_KEY_generic_init(PROV_AES_KEY *ctx, - const unsigned char *iv, - size_t ivlen, - int enc) -{ - if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) { - if (ivlen != AES_BLOCK_SIZE) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); - return 0; - } - memcpy(ctx->iv, iv, AES_BLOCK_SIZE); - } - ctx->enc = enc; - - return 1; -} - -static int aes_einit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen) -{ - PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - - if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 1)) { - /* ERR_raise already called */ - return 0; - } - if (key != NULL) { - if (keylen != ctx->keylen) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); - return 0; - } - return ctx->ciph->init(ctx, key, ctx->keylen); - } - - return 1; -} - -static int aes_dinit(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen) -{ - PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - - if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 0)) { - /* ERR_raise already called */ - return 0; - } - if (key != NULL) { - if (keylen != ctx->keylen) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); - return 0; - } - return ctx->ciph->init(ctx, key, ctx->keylen); - } - - return 1; -} - -static int aes_block_update(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, size_t inl) -{ - PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - size_t nextblocks = fillblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in, - &inl); - size_t outlint = 0; - - /* - * If we're decrypting and we end an update on a block boundary we hold - * the last block back in case this is the last update call and the last - * block is padded. - */ - if (ctx->bufsz == AES_BLOCK_SIZE - && (ctx->enc || inl > 0 || !ctx->pad)) { - if (outsize < AES_BLOCK_SIZE) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; - } - if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) { - ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); - return 0; - } - ctx->bufsz = 0; - outlint = AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - if (nextblocks > 0) { - if (!ctx->enc && ctx->pad && nextblocks == inl) { - if (!ossl_assert(inl >= AES_BLOCK_SIZE)) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; - } - nextblocks -= AES_BLOCK_SIZE; - } - outlint += nextblocks; - if (outsize < outlint) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; - } - if (!ctx->ciph->cipher(ctx, out, in, nextblocks)) { - ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); - return 0; - } - in += nextblocks; - inl -= nextblocks; - } - if (!trailingdata(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in, &inl)) { - /* ERR_raise already called */ - return 0; - } - - *outl = outlint; - return inl == 0; -} - -static int aes_block_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsize) -{ - PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - - if (ctx->enc) { - if (ctx->pad) { - padblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE); - } else if (ctx->bufsz == 0) { - *outl = 0; - return 1; - } else if (ctx->bufsz != AES_BLOCK_SIZE) { - ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH); - return 0; - } - - if (outsize < AES_BLOCK_SIZE) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; - } - if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) { - ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); - return 0; - } - ctx->bufsz = 0; - *outl = AES_BLOCK_SIZE; - return 1; - } - - /* Decrypting */ - if (ctx->bufsz != AES_BLOCK_SIZE) { - if (ctx->bufsz == 0 && !ctx->pad) { - *outl = 0; - return 1; - } - ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH); - return 0; - } - - if (!ctx->ciph->cipher(ctx, ctx->buf, ctx->buf, AES_BLOCK_SIZE)) { - ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); - return 0; - } - - if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE)) { - /* ERR_raise already called */ - return 0; - } - - if (outsize < ctx->bufsz) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; - } - memcpy(out, ctx->buf, ctx->bufsz); - *outl = ctx->bufsz; - ctx->bufsz = 0; - return 1; -} - -static int aes_stream_update(void *vctx, unsigned char *out, size_t *outl, - size_t outsize, const unsigned char *in, - size_t inl) -{ - PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - - if (outsize < inl) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; - } - - if (!ctx->ciph->cipher(ctx, out, in, inl)) { - ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); - return 0; - } - - *outl = inl; - return 1; -} -static int aes_stream_final(void *vctx, unsigned char *out, size_t *outl, - size_t outsize) -{ - *outl = 0; - return 1; -} - -static int aes_cipher(void *vctx, - unsigned char *out, size_t *outl, size_t outsize, - const unsigned char *in, size_t inl) -{ - PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - - if (outsize < inl) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - return 0; - } - - if (!ctx->ciph->cipher(ctx, out, in, inl)) { - ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); - return 0; - } - - *outl = inl; - return 1; -} - -static void *aes_new_ctx(void *provctx, size_t mode, size_t kbits, - const PROV_AES_CIPHER *ciph) -{ - PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - ctx->pad = 1; - ctx->keylen = kbits / 8; - ctx->ciph = ciph; - ctx->mode = mode; - return ctx; -} - -static void aes_freectx(void *vctx) -{ - PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - - OPENSSL_clear_free(ctx, sizeof(*ctx)); -} - -static void *aes_dupctx(void *ctx) -{ - PROV_AES_KEY *in = (PROV_AES_KEY *)ctx; - PROV_AES_KEY *ret = OPENSSL_malloc(sizeof(*ret)); - - if (ret == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); - return NULL; - } - *ret = *in; - - return ret; -} - -static int aes_get_ctx_params(void *vctx, OSSL_PARAM params[]) -{ - PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - OSSL_PARAM *p; - - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); - if (p != NULL && !OSSL_PARAM_set_int(p, AES_BLOCK_SIZE)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING); - if (p != NULL && !OSSL_PARAM_set_int(p, ctx->pad)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); - if (p != NULL - && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, AES_BLOCK_SIZE) - && !OSSL_PARAM_set_octet_string(p, &ctx->iv, AES_BLOCK_SIZE)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->num)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL && !OSSL_PARAM_set_int(p, ctx->keylen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - - return 1; -} - -static int aes_set_ctx_params(void *vctx, const OSSL_PARAM params[]) -{ - PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - const OSSL_PARAM *p; - - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING); - if (p != NULL) { - int pad; - - if (!OSSL_PARAM_get_int(p, &pad)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); - return 0; - } - ctx->pad = pad ? 1 : 0; - } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM); - if (p != NULL) { - int num; - - if (!OSSL_PARAM_get_int(p, &num)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); - return 0; - } - ctx->num = num; - } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL) { - int keylen; - - if (!OSSL_PARAM_get_int(p, &keylen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); - return 0; - } - ctx->keylen = keylen; - } - return 1; -} - -#define IMPLEMENT_cipher(lcmode, UCMODE, flags, kbits, blkbits, ivbits) \ - static OSSL_OP_cipher_get_params_fn aes_##kbits##_##lcmode##_get_params; \ - static int aes_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ - { \ - return cipher_default_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ - flags, kbits, blkbits, ivbits); \ - } \ - static OSSL_OP_cipher_newctx_fn aes_##kbits##_##lcmode##_newctx; \ - static void *aes_##kbits##_##lcmode##_newctx(void *provctx) \ - { \ - return aes_new_ctx(provctx, EVP_CIPH_##UCMODE##_MODE, kbits, \ - PROV_AES_CIPHER_##lcmode(kbits / 8)); \ - } - -/* ECB */ -IMPLEMENT_cipher(ecb, ECB, 0, 256, 128, 0) -IMPLEMENT_cipher(ecb, ECB, 0, 192, 128, 0) -IMPLEMENT_cipher(ecb, ECB, 0, 128, 128, 0) - -/* CBC */ -IMPLEMENT_cipher(cbc, CBC, 0, 256, 128, 128) -IMPLEMENT_cipher(cbc, CBC, 0, 192, 128, 128) -IMPLEMENT_cipher(cbc, CBC, 0, 128, 128, 128) - -/* OFB */ -IMPLEMENT_cipher(ofb, OFB, 0, 256, 8, 128) -IMPLEMENT_cipher(ofb, OFB, 0, 192, 8, 128) -IMPLEMENT_cipher(ofb, OFB, 0, 128, 8, 128) - -/* CFB */ -IMPLEMENT_cipher(cfb, CFB, 0, 256, 8, 128) -IMPLEMENT_cipher(cfb, CFB, 0, 192, 8, 128) -IMPLEMENT_cipher(cfb, CFB, 0, 128, 8, 128) -IMPLEMENT_cipher(cfb1, CFB, 0, 256, 8, 128) -IMPLEMENT_cipher(cfb1, CFB, 0, 192, 8, 128) -IMPLEMENT_cipher(cfb1, CFB, 0, 128, 8, 128) -IMPLEMENT_cipher(cfb8, CFB, 0, 256, 8, 128) -IMPLEMENT_cipher(cfb8, CFB, 0, 192, 8, 128) -IMPLEMENT_cipher(cfb8, CFB, 0, 128, 8, 128) - -/* CTR */ -IMPLEMENT_cipher(ctr, CTR, 0, 256, 8, 128) -IMPLEMENT_cipher(ctr, CTR, 0, 192, 8, 128) -IMPLEMENT_cipher(ctr, CTR, 0, 128, 8, 128) - -#define IMPLEMENT_funcs(mode, kbits, type) \ -const OSSL_DISPATCH aes##kbits##mode##_functions[] = { \ - { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##kbits##_##mode##_newctx },\ - { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, \ - { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, \ - { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##type##_update }, \ - { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##type##_final }, \ - { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_cipher }, \ - { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, \ - { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, \ - { OSSL_FUNC_CIPHER_GET_PARAMS, \ - (void (*)(void))aes_##kbits##_##mode##_get_params }, \ - { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ - (void (*)(void))aes_get_ctx_params }, \ - { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ - (void (*)(void))aes_set_ctx_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ - (void (*)(void))cipher_default_gettable_params }, \ - { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ - (void (*)(void))cipher_default_gettable_ctx_params }, \ - { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ - (void (*)(void))cipher_default_settable_ctx_params }, \ - { 0, NULL } \ -}; - -/* ECB */ -IMPLEMENT_funcs(ecb, 256, block) -IMPLEMENT_funcs(ecb, 192, block) -IMPLEMENT_funcs(ecb, 128, block) - -/* CBC */ -IMPLEMENT_funcs(cbc, 256, block) -IMPLEMENT_funcs(cbc, 192, block) -IMPLEMENT_funcs(cbc, 128, block) - -/* OFB */ -IMPLEMENT_funcs(ofb, 256, stream) -IMPLEMENT_funcs(ofb, 192, stream) -IMPLEMENT_funcs(ofb, 128, stream) - -/* CFB */ -IMPLEMENT_funcs(cfb, 256, stream) -IMPLEMENT_funcs(cfb, 192, stream) -IMPLEMENT_funcs(cfb, 128, stream) -IMPLEMENT_funcs(cfb1, 256, stream) -IMPLEMENT_funcs(cfb1, 192, stream) -IMPLEMENT_funcs(cfb1, 128, stream) -IMPLEMENT_funcs(cfb8, 256, stream) -IMPLEMENT_funcs(cfb8, 192, stream) -IMPLEMENT_funcs(cfb8, 128, stream) - -/* CTR */ -IMPLEMENT_funcs(ctr, 256, stream) -IMPLEMENT_funcs(ctr, 192, stream) -IMPLEMENT_funcs(ctr, 128, stream) diff --git a/providers/common/ciphers/aes_basic.c b/providers/common/ciphers/aes_basic.c deleted file mode 100644 index f43b8fc605..0000000000 --- a/providers/common/ciphers/aes_basic.c +++ /dev/null @@ -1,629 +0,0 @@ -/* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ -#include <string.h> -#include <assert.h> -#include <openssl/opensslconf.h> -#include <openssl/crypto.h> -#include <openssl/err.h> -#include <openssl/aes.h> -#include <openssl/rand.h> -#include <openssl/cmac.h> -#include "ciphers_locl.h" -#include "internal/evp_int.h" -#include "internal/providercommonerr.h" -#include "internal/aes_platform.h" - -#define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4)) - -#if defined(AESNI_CAPABLE) - -/* AES-NI section. */ - -static int aesni_init_key(PROV_AES_KEY *dat, const unsigned char *key, - size_t keylen) -{ - int ret; - - if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE) - && !dat->enc) { - ret = aesni_set_decrypt_key(key, keylen * 8, &dat->ks.ks); - dat->block = (block128_f) aesni_decrypt; - dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) aesni_cbc_encrypt : NULL; - } else { - ret = aesni_set_encrypt_key(key, keylen * 8, &dat->ks.ks); - dat->block = (block128_f) aesni_encrypt; - if (dat->mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt; - else if (dat->mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) aesni_ctr32_encrypt_blocks; - else - dat->stream.cbc = NULL; - } - - if (ret < 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_AES_KEY_SETUP_FAILED); - return 0; - } - - return 1; -} - -static int aesni_cbc_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - aesni_cbc_encrypt(in, out, len, &ctx->ks.ks, ctx->iv, ctx->enc); - - return 1; -} - -static int aesni_ecb_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - if (len < AES_BLOCK_SIZE) - return 1; - - aesni_ecb_encrypt(in, out, len, &ctx->ks.ks, ctx->enc); - - return 1; -} - -# define aesni_ofb_cipher aes_ofb_cipher -static int aesni_ofb_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aesni_cfb_cipher aes_cfb_cipher -static int aesni_cfb_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aesni_cfb8_cipher aes_cfb8_cipher -static int aesni_cfb8_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aesni_cfb1_cipher aes_cfb1_cipher -static int aesni_cfb1_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aesni_ctr_cipher aes_ctr_cipher -static int aesni_ctr_cipher(PROV_AES_KEY *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define BLOCK_CIPHER_generic_prov(mode) \ -static const PROV_AES_CIPHER aesni_##mode = { \ - aesni_init_key, \ - aesni_##mode##_cipher}; \ -static const PROV_AES_CIPHER aes_##mode = { \ - aes_init_key, \ - aes_##mode##_cipher}; \ -const PROV_AES_CIPHER *PROV_AES_CIPHER_##mode(size_t keylen) \ -{ return AESNI_CAPABLE?&aesni_##mode:&aes_##mode; } - - -#elif defined(SPARC_AES_CAPABLE) - -static int aes_t4_init_key(PROV_AES_KEY *dat, const unsigned char *key, - size_t keylen) -{ - int ret, bits; - - bits = keylen * 8; - if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE) - && !dat->enc) { - ret = 0; - aes_t4_set_decrypt_key(key, bits, &dat->ks.ks); - dat->block = (block128_f) aes_t4_decrypt; - switch (bits) { - case 128: - dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) aes128_t4_cbc_decrypt : NULL; - break; - case 192: - dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) aes192_t4_cbc_decrypt : NULL; - break; - case 256: - dat->stream.cbc = dat->mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) aes256_t4_cbc_decrypt : NULL; - break; - default: - ret = -1; - } - } else { - ret = 0; - aes_t4_set_encrypt_key(key, bits, &dat->ks.ks); - dat->block = (block128_f)aes_t4_encrypt; - switch (bits) { - case 128: - if (dat->mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f)aes128_t4_cbc_encrypt; - else if (dat->mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f)aes128_t4_ctr32_encrypt; - else - dat->stream.cbc = NULL; - break; - case 192: - if (dat->mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f)aes192_t4_cbc_encrypt; - else if (dat->mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f)aes192_t4_ctr32_encrypt; - else - dat->stream.cbc = NULL; - break; - case 256: - if (dat->mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f)aes256_t4_cbc_encrypt; - else if (dat->mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f)aes256_t4_ctr32_encrypt; - else - dat->stream.cbc = NULL; - break; - default: - ret = -1; - } - |