static void wrap_nettle_cipher_close(void *_ctx) { struct nettle_cipher_ctx *ctx = _ctx; zeroize_temp_key(ctx, sizeof(*ctx)); gnutls_free(ctx); }
static void aes_ccm_deinit(void *_ctx) { struct ccm_x86_aes_ctx *ctx = _ctx; zeroize_temp_key(ctx, sizeof(*ctx)); gnutls_free(ctx); }
static void aes_deinit(void *_ctx) { struct padlock_ctx *ctx = _ctx; zeroize_temp_key(ctx, sizeof(*ctx)); gnutls_free(ctx); }
static int wrap_x86_hmac_fast(gnutls_mac_algorithm_t algo, const void *nonce, size_t nonce_size, const void *key, size_t key_size, const void *text, size_t text_size, void *digest) { struct x86_hmac_ctx ctx; int ret; ret = _hmac_ctx_init(algo, &ctx); if (ret < 0) return gnutls_assert_val(ret); ctx.setkey(&ctx, key_size, key); ctx.update(&ctx, text_size, text); ctx.digest(&ctx, ctx.length, digest); zeroize_temp_key(&ctx, sizeof(ctx)); return 0; }
static int wrap_padlock_hmac_fast(gnutls_mac_algorithm_t algo, const void *nonce, size_t nonce_size, const void *key, size_t key_size, const void *text, size_t text_size, void *digest) { if (algo == GNUTLS_MAC_SHA1 || algo == GNUTLS_MAC_SHA256) { unsigned char *pad; unsigned char pad2[SHA1_DATA_SIZE + MAX_SHA_DIGEST_SIZE]; unsigned char hkey[MAX_SHA_DIGEST_SIZE]; unsigned int digest_size = _gnutls_mac_get_algo_len(mac_to_entry(algo)); if (key_size > SHA1_DATA_SIZE) { wrap_padlock_hash_fast((gnutls_digest_algorithm_t) algo, key, key_size, hkey); key = hkey; key_size = digest_size; } pad = gnutls_malloc(text_size + SHA1_DATA_SIZE); if (pad == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); memset(pad, IPAD, SHA1_DATA_SIZE); memxor(pad, key, key_size); memcpy(&pad[SHA1_DATA_SIZE], text, text_size); wrap_padlock_hash_fast((gnutls_digest_algorithm_t) algo, pad, text_size + SHA1_DATA_SIZE, &pad2[SHA1_DATA_SIZE]); gnutls_free(pad); memset(pad2, OPAD, SHA1_DATA_SIZE); memxor(pad2, key, key_size); wrap_padlock_hash_fast((gnutls_digest_algorithm_t) algo, pad2, digest_size + SHA1_DATA_SIZE, digest); } else { struct padlock_hmac_ctx ctx; int ret; ret = _hmac_ctx_init(algo, &ctx); if (ret < 0) return gnutls_assert_val(ret); ctx.algo = algo; wrap_padlock_hmac_setkey(&ctx, key, key_size); wrap_padlock_hmac_update(&ctx, text, text_size); wrap_padlock_hmac_output(&ctx, digest, ctx.length); wrap_padlock_hmac_deinit(&ctx); zeroize_temp_key(&ctx, sizeof(ctx)); } return 0; }
static int wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize) { struct nettle_cipher_ctx *ctx = _ctx; uint8_t des_key[DES3_KEY_SIZE]; switch (ctx->algo) { case GNUTLS_CIPHER_AES_128_GCM: case GNUTLS_CIPHER_AES_256_GCM: gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key); break; case GNUTLS_CIPHER_AES_128_CBC: case GNUTLS_CIPHER_AES_192_CBC: case GNUTLS_CIPHER_AES_256_CBC: if (ctx->enc) aes_set_encrypt_key(ctx->ctx_ptr, keysize, key); else aes_set_decrypt_key(ctx->ctx_ptr, keysize, key); break; case GNUTLS_CIPHER_CAMELLIA_128_CBC: case GNUTLS_CIPHER_CAMELLIA_192_CBC: case GNUTLS_CIPHER_CAMELLIA_256_CBC: if (ctx->enc) camellia_set_encrypt_key(ctx->ctx_ptr, keysize, key); else camellia_set_decrypt_key(ctx->ctx_ptr, keysize, key); break; case GNUTLS_CIPHER_3DES_CBC: if (keysize != DES3_KEY_SIZE) { gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } des_fix_parity(keysize, des_key, key); if (des3_set_key(ctx->ctx_ptr, des_key) != 1) { gnutls_assert(); } zeroize_temp_key(des_key, sizeof(des_key)); break; case GNUTLS_CIPHER_CAMELLIA_128_GCM: case GNUTLS_CIPHER_CAMELLIA_256_GCM: if (_gnutls_fips_mode_enabled() != 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); _gcm_camellia_set_key(&ctx->ctx.camellia_gcm, keysize, key); break; case GNUTLS_CIPHER_DES_CBC: if (_gnutls_fips_mode_enabled() != 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); if (keysize != DES_KEY_SIZE) { gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } des_fix_parity(keysize, des_key, key); if (des_set_key(ctx->ctx_ptr, des_key) != 1) { gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } zeroize_temp_key(des_key, sizeof(des_key)); break; case GNUTLS_CIPHER_ARCFOUR_128: case GNUTLS_CIPHER_ARCFOUR_40: if (_gnutls_fips_mode_enabled() != 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); arcfour_set_key(ctx->ctx_ptr, keysize, key); break; case GNUTLS_CIPHER_SALSA20_256: case GNUTLS_CIPHER_ESTREAM_SALSA20_256: if (_gnutls_fips_mode_enabled() != 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); salsa20_set_key(ctx->ctx_ptr, keysize, key); break; case GNUTLS_CIPHER_RC2_40_CBC: if (_gnutls_fips_mode_enabled() != 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); arctwo_set_key(ctx->ctx_ptr, keysize, key); break; default: gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } return 0; }