static void wrap_nettle_cipher_close(void *_ctx)
{
struct nettle_cipher_ctx *ctx = _ctx;
zeroize_temp_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
static void aes_ccm_deinit(void *_ctx)
{
struct ccm_x86_aes_ctx *ctx = _ctx;
zeroize_temp_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
static void aes_deinit(void *_ctx)
{
struct padlock_ctx *ctx = _ctx;
zeroize_temp_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
static int wrap_x86_hmac_fast(gnutls_mac_algorithm_t algo,
const void *nonce, size_t nonce_size,
const void *key, size_t key_size,
const void *text, size_t text_size,
void *digest)
{
struct x86_hmac_ctx ctx;
int ret;
ret = _hmac_ctx_init(algo, &ctx);
if (ret < 0)
return gnutls_assert_val(ret);
ctx.setkey(&ctx, key_size, key);
ctx.update(&ctx, text_size, text);
ctx.digest(&ctx, ctx.length, digest);
zeroize_temp_key(&ctx, sizeof(ctx));
return 0;
}
static int
wrap_padlock_hmac_fast(gnutls_mac_algorithm_t algo,
const void *nonce, size_t nonce_size,
const void *key, size_t key_size, const void *text,
size_t text_size, void *digest)
{
if (algo == GNUTLS_MAC_SHA1 || algo == GNUTLS_MAC_SHA256) {
unsigned char *pad;
unsigned char pad2[SHA1_DATA_SIZE + MAX_SHA_DIGEST_SIZE];
unsigned char hkey[MAX_SHA_DIGEST_SIZE];
unsigned int digest_size =
_gnutls_mac_get_algo_len(mac_to_entry(algo));
if (key_size > SHA1_DATA_SIZE) {
wrap_padlock_hash_fast((gnutls_digest_algorithm_t)
algo, key, key_size, hkey);
key = hkey;
key_size = digest_size;
}
pad = gnutls_malloc(text_size + SHA1_DATA_SIZE);
if (pad == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
memset(pad, IPAD, SHA1_DATA_SIZE);
memxor(pad, key, key_size);
memcpy(&pad[SHA1_DATA_SIZE], text, text_size);
wrap_padlock_hash_fast((gnutls_digest_algorithm_t) algo,
pad, text_size + SHA1_DATA_SIZE,
&pad2[SHA1_DATA_SIZE]);
gnutls_free(pad);
memset(pad2, OPAD, SHA1_DATA_SIZE);
memxor(pad2, key, key_size);
wrap_padlock_hash_fast((gnutls_digest_algorithm_t) algo,
pad2, digest_size + SHA1_DATA_SIZE,
digest);
} else {
struct padlock_hmac_ctx ctx;
int ret;
ret = _hmac_ctx_init(algo, &ctx);
if (ret < 0)
return gnutls_assert_val(ret);
ctx.algo = algo;
wrap_padlock_hmac_setkey(&ctx, key, key_size);
wrap_padlock_hmac_update(&ctx, text, text_size);
wrap_padlock_hmac_output(&ctx, digest, ctx.length);
wrap_padlock_hmac_deinit(&ctx);
zeroize_temp_key(&ctx, sizeof(ctx));
}
return 0;
}
static int
wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize)
{
struct nettle_cipher_ctx *ctx = _ctx;
uint8_t des_key[DES3_KEY_SIZE];
switch (ctx->algo) {
case GNUTLS_CIPHER_AES_128_GCM:
case GNUTLS_CIPHER_AES_256_GCM:
gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key);
break;
case GNUTLS_CIPHER_AES_128_CBC:
case GNUTLS_CIPHER_AES_192_CBC:
case GNUTLS_CIPHER_AES_256_CBC:
if (ctx->enc)
aes_set_encrypt_key(ctx->ctx_ptr, keysize, key);
else
aes_set_decrypt_key(ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_CAMELLIA_128_CBC:
case GNUTLS_CIPHER_CAMELLIA_192_CBC:
case GNUTLS_CIPHER_CAMELLIA_256_CBC:
if (ctx->enc)
camellia_set_encrypt_key(ctx->ctx_ptr, keysize,
key);
else
camellia_set_decrypt_key(ctx->ctx_ptr, keysize,
key);
break;
case GNUTLS_CIPHER_3DES_CBC:
if (keysize != DES3_KEY_SIZE) {
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
des_fix_parity(keysize, des_key, key);
if (des3_set_key(ctx->ctx_ptr, des_key) != 1) {
gnutls_assert();
}
zeroize_temp_key(des_key, sizeof(des_key));
break;
case GNUTLS_CIPHER_CAMELLIA_128_GCM:
case GNUTLS_CIPHER_CAMELLIA_256_GCM:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
_gcm_camellia_set_key(&ctx->ctx.camellia_gcm, keysize,
key);
break;
case GNUTLS_CIPHER_DES_CBC:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
if (keysize != DES_KEY_SIZE) {
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
des_fix_parity(keysize, des_key, key);
if (des_set_key(ctx->ctx_ptr, des_key) != 1) {
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
zeroize_temp_key(des_key, sizeof(des_key));
break;
case GNUTLS_CIPHER_ARCFOUR_128:
case GNUTLS_CIPHER_ARCFOUR_40:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
arcfour_set_key(ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_SALSA20_256:
case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
salsa20_set_key(ctx->ctx_ptr, keysize, key);
break;
case GNUTLS_CIPHER_RC2_40_CBC:
if (_gnutls_fips_mode_enabled() != 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
arctwo_set_key(ctx->ctx_ptr, keysize, key);
break;
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
return 0;
}