static void
des3_random_to_key(struct krb5_key_state *ks, const void *in)
{
uint8_t *outkey;
const uint8_t *inkey;
int subkey;
for (subkey = 0, outkey = ks->ks_key, inkey = in; subkey < 3;
subkey++, outkey += 8, inkey += 7) {
/*
* Expand 56 bits of random data to 64 bits as follows
* (in the example, bit number 1 is the MSB of the 56
* bits of random data):
*
* expanded =
* 1 2 3 4 5 6 7 p
* 9 10 11 12 13 14 15 p
* 17 18 19 20 21 22 23 p
* 25 26 27 28 29 30 31 p
* 33 34 35 36 37 38 39 p
* 41 42 43 44 45 46 47 p
* 49 50 51 52 53 54 55 p
* 56 48 40 32 24 16 8 p
*/
outkey[0] = inkey[0];
outkey[1] = inkey[1];
outkey[2] = inkey[2];
outkey[3] = inkey[3];
outkey[4] = inkey[4];
outkey[5] = inkey[5];
outkey[6] = inkey[6];
outkey[7] = (((inkey[0] & 1) << 1)
| ((inkey[1] & 1) << 2)
| ((inkey[2] & 1) << 3)
| ((inkey[3] & 1) << 4)
| ((inkey[4] & 1) << 5)
| ((inkey[5] & 1) << 6)
| ((inkey[6] & 1) << 7));
des_set_odd_parity((des_cblock *) outkey);
if (des_is_weak_key((des_cblock *) outkey))
outkey[7] ^= 0xf0;
}
des3_set_key(ks, ks->ks_key);
}
static int
wrap_nettle_cipher_setkey (void *_ctx, const void *key, size_t keysize)
{
struct nettle_cipher_ctx *ctx = _ctx;
uint8_t des_key[DES3_KEY_SIZE];
switch (ctx->algo)
{
case GNUTLS_CIPHER_AES_128_GCM:
case GNUTLS_CIPHER_AES_256_GCM:
gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key);
break;
case GNUTLS_CIPHER_AES_128_CBC:
case GNUTLS_CIPHER_AES_192_CBC:
case GNUTLS_CIPHER_AES_256_CBC:
if (ctx->enc)
aes_set_encrypt_key (ctx->ctx_ptr, keysize, key);
else
aes_set_decrypt_key (ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_CAMELLIA_128_CBC:
case GNUTLS_CIPHER_CAMELLIA_192_CBC:
case GNUTLS_CIPHER_CAMELLIA_256_CBC:
if (ctx->enc)
camellia_set_encrypt_key (ctx->ctx_ptr, keysize, key);
else
camellia_set_decrypt_key (ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_3DES_CBC:
if (keysize != DES3_KEY_SIZE)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
des_fix_parity (keysize, des_key, key);
/* this fails on weak keys */
if (des3_set_key (ctx->ctx_ptr, des_key) != 1)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
break;
case GNUTLS_CIPHER_DES_CBC:
if (keysize != DES_KEY_SIZE)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
des_fix_parity (keysize, des_key, key);
if (des_set_key (ctx->ctx_ptr, des_key) != 1)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
break;
case GNUTLS_CIPHER_ARCFOUR_128:
case GNUTLS_CIPHER_ARCFOUR_40:
arcfour_set_key (ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_RC2_40_CBC:
arctwo_set_key (ctx->ctx_ptr, keysize, key);
break;
default:
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
return 0;
}
static int
wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize)
{
struct nettle_cipher_ctx *ctx = _ctx;
uint8_t des_key[DES3_KEY_SIZE];
switch (ctx->algo) {
case GNUTLS_CIPHER_AES_128_GCM:
case GNUTLS_CIPHER_AES_256_GCM:
gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key);
break;
case GNUTLS_CIPHER_AES_128_CBC:
case GNUTLS_CIPHER_AES_192_CBC:
case GNUTLS_CIPHER_AES_256_CBC:
if (ctx->enc)
aes_set_encrypt_key(ctx->ctx_ptr, keysize, key);
else
aes_set_decrypt_key(ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_CAMELLIA_128_CBC:
case GNUTLS_CIPHER_CAMELLIA_192_CBC:
case GNUTLS_CIPHER_CAMELLIA_256_CBC:
if (ctx->enc)
camellia_set_encrypt_key(ctx->ctx_ptr, keysize,
key);
else
camellia_set_decrypt_key(ctx->ctx_ptr, keysize,
key);
break;
case GNUTLS_CIPHER_3DES_CBC:
if (keysize != DES3_KEY_SIZE) {
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
des_fix_parity(keysize, des_key, key);
if (des3_set_key(ctx->ctx_ptr, des_key) != 1) {
gnutls_assert();
}
zeroize_temp_key(des_key, sizeof(des_key));
break;
case GNUTLS_CIPHER_CAMELLIA_128_GCM:
case GNUTLS_CIPHER_CAMELLIA_256_GCM:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
_gcm_camellia_set_key(&ctx->ctx.camellia_gcm, keysize,
key);
break;
case GNUTLS_CIPHER_DES_CBC:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
if (keysize != DES_KEY_SIZE) {
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
des_fix_parity(keysize, des_key, key);
if (des_set_key(ctx->ctx_ptr, des_key) != 1) {
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
zeroize_temp_key(des_key, sizeof(des_key));
break;
case GNUTLS_CIPHER_ARCFOUR_128:
case GNUTLS_CIPHER_ARCFOUR_40:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
arcfour_set_key(ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_SALSA20_256:
case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
salsa20_set_key(ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_RC2_40_CBC:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
arctwo_set_key(ctx->ctx_ptr, keysize, key);
break;
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
return 0;
}
