int ikev2_encr_decrypt(int alg, const u8 *key, size_t key_len, const u8 *iv, const u8 *crypt, u8 *plain, size_t len) { struct crypto_cipher *cipher; int encr_alg; switch (alg) { case ENCR_3DES: encr_alg = CRYPTO_CIPHER_ALG_3DES; break; case ENCR_AES_CBC: encr_alg = CRYPTO_CIPHER_ALG_AES; break; default: wpa_printf(MSG_DEBUG, "IKEV2: Unsupported encr alg %d", alg); return -1; } cipher = crypto_cipher_init(encr_alg, iv, key, key_len); if (cipher == NULL) { wpa_printf(MSG_INFO, "IKEV2: Failed to initialize cipher"); return -1; } if (crypto_cipher_decrypt(cipher, crypt, plain, len) < 0) { wpa_printf(MSG_INFO, "IKEV2: Decryption failed"); crypto_cipher_deinit(cipher); return -1; } crypto_cipher_deinit(cipher); return 0; }
int ikev2_encr_encrypt(int alg, const u8 *key, size_t key_len, const u8 *iv, const u8 *plain, u8 *crypt, size_t len) { struct crypto_cipher *cipher; int encr_alg; #ifdef CCNS_PL if (alg == ENCR_3DES) { struct des3_key_s des3key; size_t i, blocks; u8 *pos; /* ECB mode is used incorrectly for 3DES!? */ if (key_len != 24) { wpa_printf(MSG_INFO, "IKEV2: Invalid encr key length"); return -1; } des3_key_setup(key, &des3key); blocks = len / 8; pos = crypt; for (i = 0; i < blocks; i++) { des3_encrypt(pos, &des3key, pos); pos += 8; } } else { #endif /* CCNS_PL */ switch (alg) { case ENCR_3DES: encr_alg = CRYPTO_CIPHER_ALG_3DES; break; case ENCR_AES_CBC: encr_alg = CRYPTO_CIPHER_ALG_AES; break; default: wpa_printf(MSG_DEBUG, "IKEV2: Unsupported encr alg %d", alg); return -1; } cipher = crypto_cipher_init(encr_alg, iv, key, key_len); if (cipher == NULL) { wpa_printf(MSG_INFO, "IKEV2: Failed to initialize cipher"); return -1; } if (crypto_cipher_encrypt(cipher, plain, crypt, len) < 0) { wpa_printf(MSG_INFO, "IKEV2: Encryption failed"); crypto_cipher_deinit(cipher); return -1; } crypto_cipher_deinit(cipher); #ifdef CCNS_PL } #endif /* CCNS_PL */ return 0; }
extern "C" JNIEXPORT void JNICALL Java_com_att_aro_pcap_AROCryptoAdapter_cryptocipherdeinit (JNIEnv *env, jobject obj, jint objectType) { int i_objectType = (int)objectType; if(i_objectType == CTX_TSI_SERVER) { if(tsiserver_ctx_client) { crypto_cipher_deinit(tsiserver_ctx_client); tsiserver_ctx_client = NULL; } if(tsiserver_ctx_server) { crypto_cipher_deinit(tsiserver_ctx_server); tsiserver_ctx_server = NULL; } } else if(i_objectType == CTX_TSI_CLIENT) { if(tsiclient_ctx_client) { crypto_cipher_deinit(tsiclient_ctx_client); tsiclient_ctx_client = NULL; } if(tsiclient_ctx_server) { crypto_cipher_deinit(tsiclient_ctx_server); tsiclient_ctx_server = NULL; } } else if(i_objectType == CTX_TSI_PENDING) { if(tsipending_ctx_client) { crypto_cipher_deinit(tsipending_ctx_client); tsipending_ctx_client = NULL; } if(tsipending_ctx_server) { crypto_cipher_deinit(tsipending_ctx_server); tsipending_ctx_server = NULL; } } }
/** * tlsv1_record_change_read_cipher - TLS record layer: Change read cipher * @rl: Pointer to TLS record layer data * Returns: 0 on success (cipher changed), -1 on failure * * This function changes TLS record layer to use the new cipher suite * configured with tlsv1_record_set_cipher_suite() for reading. */ int tlsv1_record_change_read_cipher(struct tlsv1_record_layer *rl) { wpa_printf(MSG_DEBUG, "TLSv1: Record Layer - New read cipher suite " "0x%04x", rl->cipher_suite); rl->read_cipher_suite = rl->cipher_suite; os_memset(rl->read_seq_num, 0, TLS_SEQ_NUM_LEN); if (rl->read_cbc) { crypto_cipher_deinit(rl->read_cbc); rl->read_cbc = NULL; } if (rl->cipher_alg != CRYPTO_CIPHER_NULL) { rl->read_cbc = crypto_cipher_init(rl->cipher_alg, rl->read_iv, rl->read_key, rl->key_material_len); if (rl->read_cbc == NULL) { wpa_printf(MSG_DEBUG, "TLSv1: Failed to initialize " "cipher"); return -1; } } return 0; }