static int
wrap_nettle_cipher_setkey (void *_ctx, const void *key, size_t keysize)
{
struct nettle_cipher_ctx *ctx = _ctx;
uint8_t des_key[DES3_KEY_SIZE];
switch (ctx->algo)
{
case GNUTLS_CIPHER_AES_128_GCM:
case GNUTLS_CIPHER_AES_256_GCM:
gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key);
break;
case GNUTLS_CIPHER_AES_128_CBC:
case GNUTLS_CIPHER_AES_192_CBC:
case GNUTLS_CIPHER_AES_256_CBC:
if (ctx->enc)
aes_set_encrypt_key (ctx->ctx_ptr, keysize, key);
else
aes_set_decrypt_key (ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_CAMELLIA_128_CBC:
case GNUTLS_CIPHER_CAMELLIA_192_CBC:
case GNUTLS_CIPHER_CAMELLIA_256_CBC:
if (ctx->enc)
camellia_set_encrypt_key (ctx->ctx_ptr, keysize, key);
else
camellia_set_decrypt_key (ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_3DES_CBC:
if (keysize != DES3_KEY_SIZE)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
des_fix_parity (keysize, des_key, key);
/* this fails on weak keys */
if (des3_set_key (ctx->ctx_ptr, des_key) != 1)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
break;
case GNUTLS_CIPHER_DES_CBC:
if (keysize != DES_KEY_SIZE)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
des_fix_parity (keysize, des_key, key);
if (des_set_key (ctx->ctx_ptr, des_key) != 1)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
break;
case GNUTLS_CIPHER_ARCFOUR_128:
case GNUTLS_CIPHER_ARCFOUR_40:
arcfour_set_key (ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_RC2_40_CBC:
arctwo_set_key (ctx->ctx_ptr, keysize, key);
break;
default:
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
return 0;
}
static int
wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize)
{
struct nettle_cipher_ctx *ctx = _ctx;
uint8_t des_key[DES3_KEY_SIZE];
switch (ctx->algo) {
case GNUTLS_CIPHER_AES_128_GCM:
case GNUTLS_CIPHER_AES_256_GCM:
gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key);
break;
case GNUTLS_CIPHER_AES_128_CBC:
case GNUTLS_CIPHER_AES_192_CBC:
case GNUTLS_CIPHER_AES_256_CBC:
if (ctx->enc)
aes_set_encrypt_key(ctx->ctx_ptr, keysize, key);
else
aes_set_decrypt_key(ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_CAMELLIA_128_CBC:
case GNUTLS_CIPHER_CAMELLIA_192_CBC:
case GNUTLS_CIPHER_CAMELLIA_256_CBC:
if (ctx->enc)
camellia_set_encrypt_key(ctx->ctx_ptr, keysize,
key);
else
camellia_set_decrypt_key(ctx->ctx_ptr, keysize,
key);
break;
case GNUTLS_CIPHER_3DES_CBC:
if (keysize != DES3_KEY_SIZE) {
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
des_fix_parity(keysize, des_key, key);
if (des3_set_key(ctx->ctx_ptr, des_key) != 1) {
gnutls_assert();
}
zeroize_temp_key(des_key, sizeof(des_key));
break;
case GNUTLS_CIPHER_CAMELLIA_128_GCM:
case GNUTLS_CIPHER_CAMELLIA_256_GCM:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
_gcm_camellia_set_key(&ctx->ctx.camellia_gcm, keysize,
key);
break;
case GNUTLS_CIPHER_DES_CBC:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
if (keysize != DES_KEY_SIZE) {
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
des_fix_parity(keysize, des_key, key);
if (des_set_key(ctx->ctx_ptr, des_key) != 1) {
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
zeroize_temp_key(des_key, sizeof(des_key));
break;
case GNUTLS_CIPHER_ARCFOUR_128:
case GNUTLS_CIPHER_ARCFOUR_40:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
arcfour_set_key(ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_SALSA20_256:
case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
salsa20_set_key(ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_RC2_40_CBC:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
arctwo_set_key(ctx->ctx_ptr, keysize, key);
break;
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
return 0;
}