|
Packit Service |
ae04f2 |
/*
|
|
Packit Service |
ae04f2 |
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
Packit Service |
ae04f2 |
*
|
|
Packit Service |
ae04f2 |
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
Packit Service |
ae04f2 |
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
Packit Service |
ae04f2 |
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
Packit Service |
ae04f2 |
*
|
|
Packit Service |
ae04f2 |
* See the COPYRIGHT file distributed with this work for additional
|
|
Packit Service |
ae04f2 |
* information regarding copyright ownership.
|
|
Packit Service |
ae04f2 |
*/
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
/*! \file isc/aes.c */
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
#include <config.h>
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
#include <isc/assertions.h>
|
|
Packit Service |
ae04f2 |
#include <isc/aes.h>
|
|
Packit Service |
ae04f2 |
#include <isc/platform.h>
|
|
Packit Service |
ae04f2 |
#include <isc/string.h>
|
|
Packit Service |
ae04f2 |
#include <isc/types.h>
|
|
Packit Service |
ae04f2 |
#include <isc/util.h>
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
#ifdef ISC_PLATFORM_WANTAES
|
|
Packit Service |
ae04f2 |
#if HAVE_OPENSSL_EVP_AES
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
#include <openssl/opensslv.h>
|
|
Packit Service |
ae04f2 |
#include <openssl/evp.h>
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
Packit Service |
ae04f2 |
#define EVP_CIPHER_CTX_new() &(_context), EVP_CIPHER_CTX_init(&_context)
|
|
Packit Service |
ae04f2 |
#define EVP_CIPHER_CTX_free(c) RUNTIME_CHECK(EVP_CIPHER_CTX_cleanup(c) == 1)
|
|
Packit Service |
ae04f2 |
#endif
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
void
|
|
Packit Service |
ae04f2 |
isc_aes128_crypt(const unsigned char *key, const unsigned char *in,
|
|
Packit Service |
ae04f2 |
unsigned char *out)
|
|
Packit Service |
ae04f2 |
{
|
|
Packit Service |
ae04f2 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
Packit Service |
ae04f2 |
EVP_CIPHER_CTX _context;
|
|
Packit Service |
ae04f2 |
#endif
|
|
Packit Service |
ae04f2 |
EVP_CIPHER_CTX *c;
|
|
Packit Service |
ae04f2 |
int len;
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
c = EVP_CIPHER_CTX_new();
|
|
Packit Service |
ae04f2 |
RUNTIME_CHECK(c != NULL);
|
|
Packit Service |
ae04f2 |
RUNTIME_CHECK(EVP_EncryptInit(c, EVP_aes_128_ecb(), key, NULL) == 1);
|
|
Packit Service |
ae04f2 |
EVP_CIPHER_CTX_set_padding(c, 0);
|
|
Packit Service |
ae04f2 |
RUNTIME_CHECK(EVP_EncryptUpdate(c, out, &len, in,
|
|
Packit Service |
ae04f2 |
ISC_AES_BLOCK_LENGTH) == 1);
|
|
Packit Service |
ae04f2 |
RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH);
|
|
Packit Service |
ae04f2 |
EVP_CIPHER_CTX_free(c);
|
|
Packit Service |
ae04f2 |
}
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
void
|
|
Packit Service |
ae04f2 |
isc_aes192_crypt(const unsigned char *key, const unsigned char *in,
|
|
Packit Service |
ae04f2 |
unsigned char *out)
|
|
Packit Service |
ae04f2 |
{
|
|
Packit Service |
ae04f2 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
Packit Service |
ae04f2 |
EVP_CIPHER_CTX _context;
|
|
Packit Service |
ae04f2 |
#endif
|
|
Packit Service |
ae04f2 |
EVP_CIPHER_CTX *c;
|
|
Packit Service |
ae04f2 |
int len;
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
c = EVP_CIPHER_CTX_new();
|
|
Packit Service |
ae04f2 |
RUNTIME_CHECK(c != NULL);
|
|
Packit Service |
ae04f2 |
RUNTIME_CHECK(EVP_EncryptInit(c, EVP_aes_192_ecb(), key, NULL) == 1);
|
|
Packit Service |
ae04f2 |
EVP_CIPHER_CTX_set_padding(c, 0);
|
|
Packit Service |
ae04f2 |
RUNTIME_CHECK(EVP_EncryptUpdate(c, out, &len, in,
|
|
Packit Service |
ae04f2 |
ISC_AES_BLOCK_LENGTH) == 1);
|
|
Packit Service |
ae04f2 |
RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH);
|
|
Packit Service |
ae04f2 |
EVP_CIPHER_CTX_free(c);
|
|
Packit Service |
ae04f2 |
}
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
void
|
|
Packit Service |
ae04f2 |
isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
|
|
Packit Service |
ae04f2 |
unsigned char *out)
|
|
Packit Service |
ae04f2 |
{
|
|
Packit Service |
ae04f2 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
|
Packit Service |
ae04f2 |
EVP_CIPHER_CTX _context;
|
|
Packit Service |
ae04f2 |
#endif
|
|
Packit Service |
ae04f2 |
EVP_CIPHER_CTX *c;
|
|
Packit Service |
ae04f2 |
int len;
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
c = EVP_CIPHER_CTX_new();
|
|
Packit Service |
ae04f2 |
RUNTIME_CHECK(c != NULL);
|
|
Packit Service |
ae04f2 |
RUNTIME_CHECK(EVP_EncryptInit(c, EVP_aes_256_ecb(), key, NULL) == 1);
|
|
Packit Service |
ae04f2 |
EVP_CIPHER_CTX_set_padding(c, 0);
|
|
Packit Service |
ae04f2 |
RUNTIME_CHECK(EVP_EncryptUpdate(c, out, &len, in,
|
|
Packit Service |
ae04f2 |
ISC_AES_BLOCK_LENGTH) == 1);
|
|
Packit Service |
ae04f2 |
RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH);
|
|
Packit Service |
ae04f2 |
EVP_CIPHER_CTX_free(c);
|
|
Packit Service |
ae04f2 |
}
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
#elif HAVE_OPENSSL_AES
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
#include <openssl/aes.h>
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
void
|
|
Packit Service |
ae04f2 |
isc_aes128_crypt(const unsigned char *key, const unsigned char *in,
|
|
Packit Service |
ae04f2 |
unsigned char *out)
|
|
Packit Service |
ae04f2 |
{
|
|
Packit Service |
ae04f2 |
AES_KEY k;
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
RUNTIME_CHECK(AES_set_encrypt_key(key, 128, &k) == 0);
|
|
Packit Service |
ae04f2 |
AES_encrypt(in, out, &k);
|
|
Packit Service |
ae04f2 |
}
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
void
|
|
Packit Service |
ae04f2 |
isc_aes192_crypt(const unsigned char *key, const unsigned char *in,
|
|
Packit Service |
ae04f2 |
unsigned char *out)
|
|
Packit Service |
ae04f2 |
{
|
|
Packit Service |
ae04f2 |
AES_KEY k;
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
RUNTIME_CHECK(AES_set_encrypt_key(key, 192, &k) == 0);
|
|
Packit Service |
ae04f2 |
AES_encrypt(in, out, &k);
|
|
Packit Service |
ae04f2 |
}
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
void
|
|
Packit Service |
ae04f2 |
isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
|
|
Packit Service |
ae04f2 |
unsigned char *out)
|
|
Packit Service |
ae04f2 |
{
|
|
Packit Service |
ae04f2 |
AES_KEY k;
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
RUNTIME_CHECK(AES_set_encrypt_key(key, 256, &k) == 0);
|
|
Packit Service |
ae04f2 |
AES_encrypt(in, out, &k);
|
|
Packit Service |
ae04f2 |
}
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
#elif PKCS11CRYPTO
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
#include <pk11/pk11.h>
|
|
Packit Service |
ae04f2 |
#include <pk11/internal.h>
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
static CK_BBOOL truevalue = TRUE;
|
|
Packit Service |
ae04f2 |
static CK_BBOOL falsevalue = FALSE;
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
static void isc_aes_crypt(const unsigned char *key, CK_ULONG keylen,
|
|
Packit Service |
ae04f2 |
const unsigned char *in, unsigned char *out);
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
void
|
|
Packit Service |
ae04f2 |
isc_aes128_crypt(const unsigned char *key, const unsigned char *in,
|
|
Packit Service |
ae04f2 |
unsigned char *out)
|
|
Packit Service |
ae04f2 |
{
|
|
Packit Service |
ae04f2 |
isc_aes_crypt(key, ISC_AES128_KEYLENGTH, in, out);
|
|
Packit Service |
ae04f2 |
}
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
void
|
|
Packit Service |
ae04f2 |
isc_aes192_crypt(const unsigned char *key, const unsigned char *in,
|
|
Packit Service |
ae04f2 |
unsigned char *out)
|
|
Packit Service |
ae04f2 |
{
|
|
Packit Service |
ae04f2 |
isc_aes_crypt(key, ISC_AES192_KEYLENGTH, in, out);
|
|
Packit Service |
ae04f2 |
}
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
void
|
|
Packit Service |
ae04f2 |
isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
|
|
Packit Service |
ae04f2 |
unsigned char *out)
|
|
Packit Service |
ae04f2 |
{
|
|
Packit Service |
ae04f2 |
isc_aes_crypt(key, ISC_AES256_KEYLENGTH, in, out);
|
|
Packit Service |
ae04f2 |
}
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
static void
|
|
Packit Service |
ae04f2 |
isc_aes_crypt(const unsigned char *key, CK_ULONG keylen,
|
|
Packit Service |
ae04f2 |
const unsigned char *in, unsigned char *out)
|
|
Packit Service |
ae04f2 |
{
|
|
Packit Service |
ae04f2 |
CK_RV rv;
|
|
Packit Service |
ae04f2 |
CK_MECHANISM mech = { CKM_AES_ECB, NULL, 0 };
|
|
Packit Service |
ae04f2 |
CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
|
|
Packit Service |
ae04f2 |
CK_KEY_TYPE keyType = CKK_AES;
|
|
Packit Service |
ae04f2 |
CK_ATTRIBUTE keyTemplate[] =
|
|
Packit Service |
ae04f2 |
{
|
|
Packit Service |
ae04f2 |
{ CKA_CLASS, &keyClass, (CK_ULONG) sizeof(keyClass) },
|
|
Packit Service |
ae04f2 |
{ CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) },
|
|
Packit Service |
ae04f2 |
{ CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
|
|
Packit Service |
ae04f2 |
{ CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
|
|
Packit Service |
ae04f2 |
{ CKA_ENCRYPT, &truevalue, (CK_ULONG) sizeof(truevalue) },
|
|
Packit Service |
ae04f2 |
{ CKA_VALUE, NULL, keylen }
|
|
Packit Service |
ae04f2 |
};
|
|
Packit Service |
ae04f2 |
CK_ULONG blocklen;
|
|
Packit Service |
ae04f2 |
CK_BYTE_PTR pData;
|
|
Packit Service |
ae04f2 |
pk11_context_t ctx;
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
DE_CONST(key, keyTemplate[5].pValue);
|
|
Packit Service |
ae04f2 |
RUNTIME_CHECK(pk11_get_session(&ctx, OP_AES, true, false,
|
|
Packit Service |
ae04f2 |
false, NULL, 0) == ISC_R_SUCCESS);
|
|
Packit Service |
ae04f2 |
ctx.object = CK_INVALID_HANDLE;
|
|
Packit Service |
ae04f2 |
PK11_FATALCHECK(pkcs_C_CreateObject,
|
|
Packit Service |
ae04f2 |
(ctx.session, keyTemplate,
|
|
Packit Service |
ae04f2 |
(CK_ULONG) 6, &ctx.object));
|
|
Packit Service |
ae04f2 |
INSIST(ctx.object != CK_INVALID_HANDLE);
|
|
Packit Service |
ae04f2 |
PK11_FATALCHECK(pkcs_C_EncryptInit,
|
|
Packit Service |
ae04f2 |
(ctx.session, &mech, ctx.object));
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
DE_CONST(in, pData);
|
|
Packit Service |
ae04f2 |
blocklen = (CK_ULONG) ISC_AES_BLOCK_LENGTH;
|
|
Packit Service |
ae04f2 |
PK11_FATALCHECK(pkcs_C_Encrypt,
|
|
Packit Service |
ae04f2 |
(ctx.session,
|
|
Packit Service |
ae04f2 |
pData, (CK_ULONG) ISC_AES_BLOCK_LENGTH,
|
|
Packit Service |
ae04f2 |
out, &blocklen));
|
|
Packit Service |
ae04f2 |
RUNTIME_CHECK(blocklen == (CK_ULONG) ISC_AES_BLOCK_LENGTH);
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
(void) pkcs_C_DestroyObject(ctx.session, ctx.object);
|
|
Packit Service |
ae04f2 |
ctx.object = CK_INVALID_HANDLE;
|
|
Packit Service |
ae04f2 |
pk11_return_session(&ctx;;
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
}
|
|
Packit Service |
ae04f2 |
|
|
Packit Service |
ae04f2 |
#endif
|
|
Packit Service |
ae04f2 |
#endif /* ISC_PLATFORM_WANTAES */
|