int ikev2_encr_decrypt(int alg, const u8 *key, size_t key_len, const u8 *iv,
const u8 *crypt, u8 *plain, size_t len)
{
struct crypto_cipher *cipher;
int encr_alg;
switch (alg) {
case ENCR_3DES:
encr_alg = CRYPTO_CIPHER_ALG_3DES;
break;
case ENCR_AES_CBC:
encr_alg = CRYPTO_CIPHER_ALG_AES;
break;
default:
wpa_printf(MSG_DEBUG, "IKEV2: Unsupported encr alg %d", alg);
return -1;
}
cipher = crypto_cipher_init(encr_alg, iv, key, key_len);
if (cipher == NULL) {
wpa_printf(MSG_INFO, "IKEV2: Failed to initialize cipher");
return -1;
}
if (crypto_cipher_decrypt(cipher, crypt, plain, len) < 0) {
wpa_printf(MSG_INFO, "IKEV2: Decryption failed");
crypto_cipher_deinit(cipher);
return -1;
}
crypto_cipher_deinit(cipher);
return 0;
}
int ikev2_encr_encrypt(int alg, const u8 *key, size_t key_len, const u8 *iv,
const u8 *plain, u8 *crypt, size_t len)
{
struct crypto_cipher *cipher;
int encr_alg;
#ifdef CCNS_PL
if (alg == ENCR_3DES) {
struct des3_key_s des3key;
size_t i, blocks;
u8 *pos;
/* ECB mode is used incorrectly for 3DES!? */
if (key_len != 24) {
wpa_printf(MSG_INFO, "IKEV2: Invalid encr key length");
return -1;
}
des3_key_setup(key, &des3key);
blocks = len / 8;
pos = crypt;
for (i = 0; i < blocks; i++) {
des3_encrypt(pos, &des3key, pos);
pos += 8;
}
} else {
#endif /* CCNS_PL */
switch (alg) {
case ENCR_3DES:
encr_alg = CRYPTO_CIPHER_ALG_3DES;
break;
case ENCR_AES_CBC:
encr_alg = CRYPTO_CIPHER_ALG_AES;
break;
default:
wpa_printf(MSG_DEBUG, "IKEV2: Unsupported encr alg %d", alg);
return -1;
}
cipher = crypto_cipher_init(encr_alg, iv, key, key_len);
if (cipher == NULL) {
wpa_printf(MSG_INFO, "IKEV2: Failed to initialize cipher");
return -1;
}
if (crypto_cipher_encrypt(cipher, plain, crypt, len) < 0) {
wpa_printf(MSG_INFO, "IKEV2: Encryption failed");
crypto_cipher_deinit(cipher);
return -1;
}
crypto_cipher_deinit(cipher);
#ifdef CCNS_PL
}
#endif /* CCNS_PL */
return 0;
}
extern "C" JNIEXPORT void JNICALL Java_com_att_aro_pcap_AROCryptoAdapter_cryptocipherdeinit
(JNIEnv *env, jobject obj, jint objectType)
{
int i_objectType = (int)objectType;
if(i_objectType == CTX_TSI_SERVER)
{
if(tsiserver_ctx_client)
{
crypto_cipher_deinit(tsiserver_ctx_client);
tsiserver_ctx_client = NULL;
}
if(tsiserver_ctx_server)
{
crypto_cipher_deinit(tsiserver_ctx_server);
tsiserver_ctx_server = NULL;
}
}
else if(i_objectType == CTX_TSI_CLIENT)
{
if(tsiclient_ctx_client)
{
crypto_cipher_deinit(tsiclient_ctx_client);
tsiclient_ctx_client = NULL;
}
if(tsiclient_ctx_server)
{
crypto_cipher_deinit(tsiclient_ctx_server);
tsiclient_ctx_server = NULL;
}
}
else if(i_objectType == CTX_TSI_PENDING)
{
if(tsipending_ctx_client)
{
crypto_cipher_deinit(tsipending_ctx_client);
tsipending_ctx_client = NULL;
}
if(tsipending_ctx_server)
{
crypto_cipher_deinit(tsipending_ctx_server);
tsipending_ctx_server = NULL;
}
}
}
/**
* tlsv1_record_change_read_cipher - TLS record layer: Change read cipher
* @rl: Pointer to TLS record layer data
* Returns: 0 on success (cipher changed), -1 on failure
*
* This function changes TLS record layer to use the new cipher suite
* configured with tlsv1_record_set_cipher_suite() for reading.
*/
int tlsv1_record_change_read_cipher(struct tlsv1_record_layer *rl)
{
wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - New read cipher suite "
"0x%04x", rl->cipher_suite);
rl->read_cipher_suite = rl->cipher_suite;
os_memset(rl->read_seq_num, 0, TLS_SEQ_NUM_LEN);
if (rl->read_cbc) {
crypto_cipher_deinit(rl->read_cbc);
rl->read_cbc = NULL;
}
if (rl->cipher_alg != CRYPTO_CIPHER_NULL) {
rl->read_cbc = crypto_cipher_init(rl->cipher_alg,
rl->read_iv, rl->read_key,
rl->key_material_len);
if (rl->read_cbc == NULL) {
wpa_printf(MSG_DEBUG, "TLSv1: Failed to initialize "
"cipher");
return -1;
}
}
return 0;
}
