mirror of https://github.com/postgres/postgres
Use OpenSSL EVP API for symmetric encryption in pgcrypto.
The old "low-level" API is deprecated, and doesn't support hardware acceleration. And this makes the code simpler, too. Discussion: <561274F1.1030000@iki.fi>
This commit is contained in:
parent
d8589946dd
commit
5ff4a67f63
|
@ -34,12 +34,8 @@
|
||||||
#include "px.h"
|
#include "px.h"
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/blowfish.h>
|
|
||||||
#include <openssl/cast.h>
|
|
||||||
#include <openssl/des.h>
|
|
||||||
#include <openssl/aes.h>
|
|
||||||
#include <openssl/rand.h>
|
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
|
#include <openssl/rand.h>
|
||||||
|
|
||||||
#include "utils/memutils.h"
|
#include "utils/memutils.h"
|
||||||
#include "utils/resowner.h"
|
#include "utils/resowner.h"
|
||||||
|
@ -235,47 +231,27 @@ px_find_digest(const char *name, PX_MD **res)
|
||||||
/*
|
/*
|
||||||
* Ciphers
|
* Ciphers
|
||||||
*
|
*
|
||||||
* The problem with OpenSSL is that the EVP* family
|
* We use OpenSSL's EVP* family of functions for these.
|
||||||
* of functions does not allow enough flexibility
|
|
||||||
* and forces some of the parameters (keylen,
|
|
||||||
* padding) to SSL defaults.
|
|
||||||
*
|
|
||||||
* So need to manage ciphers ourselves.
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* prototype for the EVP functions that return an algorithm, e.g.
|
||||||
|
* EVP_aes_128_cbc().
|
||||||
|
*/
|
||||||
|
typedef const EVP_CIPHER *(*ossl_EVP_cipher_func)(void);
|
||||||
|
|
||||||
struct ossl_cipher
|
struct ossl_cipher
|
||||||
{
|
{
|
||||||
int (*init) (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv);
|
int (*init) (PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv);
|
||||||
int (*encrypt) (PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res);
|
ossl_EVP_cipher_func cipher_func;
|
||||||
int (*decrypt) (PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res);
|
|
||||||
|
|
||||||
int block_size;
|
int block_size;
|
||||||
int max_key_size;
|
int max_key_size;
|
||||||
int stream_cipher;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
typedef struct
|
typedef struct
|
||||||
{
|
{
|
||||||
union
|
EVP_CIPHER_CTX evp_ctx;
|
||||||
{
|
const EVP_CIPHER *evp_ciph;
|
||||||
struct
|
|
||||||
{
|
|
||||||
BF_KEY key;
|
|
||||||
int num;
|
|
||||||
} bf;
|
|
||||||
struct
|
|
||||||
{
|
|
||||||
DES_key_schedule key_schedule;
|
|
||||||
} des;
|
|
||||||
struct
|
|
||||||
{
|
|
||||||
DES_key_schedule k1,
|
|
||||||
k2,
|
|
||||||
k3;
|
|
||||||
} des3;
|
|
||||||
CAST_KEY cast_key;
|
|
||||||
AES_KEY aes_key;
|
|
||||||
} u;
|
|
||||||
uint8 key[MAX_KEY];
|
uint8 key[MAX_KEY];
|
||||||
uint8 iv[MAX_IV];
|
uint8 iv[MAX_IV];
|
||||||
unsigned klen;
|
unsigned klen;
|
||||||
|
@ -283,7 +259,7 @@ typedef struct
|
||||||
const struct ossl_cipher *ciph;
|
const struct ossl_cipher *ciph;
|
||||||
} ossldata;
|
} ossldata;
|
||||||
|
|
||||||
/* generic */
|
/* Common routines for all algorithms */
|
||||||
|
|
||||||
static unsigned
|
static unsigned
|
||||||
gen_ossl_block_size(PX_Cipher *c)
|
gen_ossl_block_size(PX_Cipher *c)
|
||||||
|
@ -316,11 +292,62 @@ gen_ossl_free(PX_Cipher *c)
|
||||||
{
|
{
|
||||||
ossldata *od = (ossldata *) c->ptr;
|
ossldata *od = (ossldata *) c->ptr;
|
||||||
|
|
||||||
|
EVP_CIPHER_CTX_cleanup(&od->evp_ctx);
|
||||||
px_memset(od, 0, sizeof(*od));
|
px_memset(od, 0, sizeof(*od));
|
||||||
px_free(od);
|
px_free(od);
|
||||||
px_free(c);
|
px_free(c);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
gen_ossl_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
|
||||||
|
uint8 *res)
|
||||||
|
{
|
||||||
|
ossldata *od = c->ptr;
|
||||||
|
int outlen;
|
||||||
|
|
||||||
|
if (!od->init)
|
||||||
|
{
|
||||||
|
EVP_CIPHER_CTX_init(&od->evp_ctx);
|
||||||
|
if (!EVP_DecryptInit_ex(&od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
|
||||||
|
return PXE_CIPHER_INIT;
|
||||||
|
if (!EVP_CIPHER_CTX_set_key_length(&od->evp_ctx, od->klen))
|
||||||
|
return PXE_CIPHER_INIT;
|
||||||
|
if (!EVP_DecryptInit_ex(&od->evp_ctx, NULL, NULL, od->key, od->iv))
|
||||||
|
return PXE_CIPHER_INIT;
|
||||||
|
od->init = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!EVP_DecryptUpdate(&od->evp_ctx, res, &outlen, data, dlen))
|
||||||
|
return PXE_DECRYPT_FAILED;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
gen_ossl_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
|
||||||
|
uint8 *res)
|
||||||
|
{
|
||||||
|
ossldata *od = c->ptr;
|
||||||
|
int outlen;
|
||||||
|
|
||||||
|
if (!od->init)
|
||||||
|
{
|
||||||
|
EVP_CIPHER_CTX_init(&od->evp_ctx);
|
||||||
|
if (!EVP_EncryptInit_ex(&od->evp_ctx, od->evp_ciph, NULL, NULL, NULL))
|
||||||
|
return PXE_CIPHER_INIT;
|
||||||
|
if (!EVP_CIPHER_CTX_set_key_length(&od->evp_ctx, od->klen))
|
||||||
|
return PXE_CIPHER_INIT;
|
||||||
|
if (!EVP_EncryptInit_ex(&od->evp_ctx, NULL, NULL, od->key, od->iv))
|
||||||
|
return PXE_CIPHER_INIT;
|
||||||
|
od->init = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!EVP_EncryptUpdate(&od->evp_ctx, res, &outlen, data, dlen))
|
||||||
|
return PXE_ERR_GENERIC;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/* Blowfish */
|
/* Blowfish */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -342,13 +369,21 @@ bf_check_supported_key_len(void)
|
||||||
|
|
||||||
static const uint8 data[8] = {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
|
static const uint8 data[8] = {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
|
||||||
static const uint8 res[8] = {0xc0, 0x45, 0x04, 0x01, 0x2e, 0x4e, 0x1f, 0x53};
|
static const uint8 res[8] = {0xc0, 0x45, 0x04, 0x01, 0x2e, 0x4e, 0x1f, 0x53};
|
||||||
static uint8 out[8];
|
uint8 out[8];
|
||||||
|
EVP_CIPHER_CTX evp_ctx;
|
||||||
BF_KEY bf_key;
|
int outlen;
|
||||||
|
|
||||||
/* encrypt with 448bits key and verify output */
|
/* encrypt with 448bits key and verify output */
|
||||||
BF_set_key(&bf_key, 56, key);
|
EVP_CIPHER_CTX_init(&evp_ctx);
|
||||||
BF_ecb_encrypt(data, out, &bf_key, BF_ENCRYPT);
|
if (!EVP_EncryptInit_ex(&evp_ctx, EVP_bf_ecb(), NULL, NULL, NULL))
|
||||||
|
return 0;
|
||||||
|
if (!EVP_CIPHER_CTX_set_key_length(&evp_ctx, 56))
|
||||||
|
return 0;
|
||||||
|
if (!EVP_EncryptInit_ex(&evp_ctx, NULL, NULL, key, NULL))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
if (!EVP_EncryptUpdate(&evp_ctx, out, &outlen, data, 8))
|
||||||
|
return 0;
|
||||||
|
|
||||||
if (memcmp(out, res, 8) != 0)
|
if (memcmp(out, res, 8) != 0)
|
||||||
return 0; /* Output does not match -> strong cipher is
|
return 0; /* Output does not match -> strong cipher is
|
||||||
|
@ -360,6 +395,7 @@ static int
|
||||||
bf_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
|
bf_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
|
||||||
{
|
{
|
||||||
ossldata *od = c->ptr;
|
ossldata *od = c->ptr;
|
||||||
|
unsigned bs = gen_ossl_block_size(c);
|
||||||
static int bf_is_strong = -1;
|
static int bf_is_strong = -1;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -375,74 +411,13 @@ bf_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
|
||||||
return PXE_KEY_TOO_BIG;
|
return PXE_KEY_TOO_BIG;
|
||||||
|
|
||||||
/* Key len is supported. We can use it. */
|
/* Key len is supported. We can use it. */
|
||||||
BF_set_key(&od->u.bf.key, klen, key);
|
od->klen = klen;
|
||||||
|
memcpy(od->key, key, klen);
|
||||||
|
|
||||||
if (iv)
|
if (iv)
|
||||||
memcpy(od->iv, iv, BF_BLOCK);
|
memcpy(od->iv, iv, bs);
|
||||||
else
|
else
|
||||||
memset(od->iv, 0, BF_BLOCK);
|
memset(od->iv, 0, bs);
|
||||||
od->u.bf.num = 0;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
bf_ecb_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
|
|
||||||
{
|
|
||||||
unsigned bs = gen_ossl_block_size(c);
|
|
||||||
unsigned i;
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
|
|
||||||
for (i = 0; i < dlen / bs; i++)
|
|
||||||
BF_ecb_encrypt(data + i * bs, res + i * bs, &od->u.bf.key, BF_ENCRYPT);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
bf_ecb_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
|
|
||||||
{
|
|
||||||
unsigned bs = gen_ossl_block_size(c),
|
|
||||||
i;
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
|
|
||||||
for (i = 0; i < dlen / bs; i++)
|
|
||||||
BF_ecb_encrypt(data + i * bs, res + i * bs, &od->u.bf.key, BF_DECRYPT);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
bf_cbc_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
|
|
||||||
{
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
|
|
||||||
BF_cbc_encrypt(data, res, dlen, &od->u.bf.key, od->iv, BF_ENCRYPT);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
bf_cbc_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
|
|
||||||
{
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
|
|
||||||
BF_cbc_encrypt(data, res, dlen, &od->u.bf.key, od->iv, BF_DECRYPT);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
bf_cfb64_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
|
|
||||||
{
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
|
|
||||||
BF_cfb64_encrypt(data, res, dlen, &od->u.bf.key, od->iv,
|
|
||||||
&od->u.bf.num, BF_ENCRYPT);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
bf_cfb64_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
|
|
||||||
{
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
|
|
||||||
BF_cfb64_encrypt(data, res, dlen, &od->u.bf.key, od->iv,
|
|
||||||
&od->u.bf.num, BF_DECRYPT);
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -452,69 +427,16 @@ static int
|
||||||
ossl_des_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
|
ossl_des_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
|
||||||
{
|
{
|
||||||
ossldata *od = c->ptr;
|
ossldata *od = c->ptr;
|
||||||
DES_cblock xkey;
|
unsigned bs = gen_ossl_block_size(c);
|
||||||
|
|
||||||
memset(&xkey, 0, sizeof(xkey));
|
od->klen = 8;
|
||||||
memcpy(&xkey, key, klen > 8 ? 8 : klen);
|
memset(od->key, 0, 8);
|
||||||
DES_set_key(&xkey, &od->u.des.key_schedule);
|
memcpy(od->key, key, klen > 8 ? 8 : klen);
|
||||||
memset(&xkey, 0, sizeof(xkey));
|
|
||||||
|
|
||||||
if (iv)
|
if (iv)
|
||||||
memcpy(od->iv, iv, 8);
|
memcpy(od->iv, iv, bs);
|
||||||
else
|
else
|
||||||
memset(od->iv, 0, 8);
|
memset(od->iv, 0, bs);
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
ossl_des_ecb_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
|
|
||||||
uint8 *res)
|
|
||||||
{
|
|
||||||
unsigned bs = gen_ossl_block_size(c);
|
|
||||||
unsigned i;
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
|
|
||||||
for (i = 0; i < dlen / bs; i++)
|
|
||||||
DES_ecb_encrypt((DES_cblock *) (data + i * bs),
|
|
||||||
(DES_cblock *) (res + i * bs),
|
|
||||||
&od->u.des.key_schedule, 1);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
ossl_des_ecb_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
|
|
||||||
uint8 *res)
|
|
||||||
{
|
|
||||||
unsigned bs = gen_ossl_block_size(c);
|
|
||||||
unsigned i;
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
|
|
||||||
for (i = 0; i < dlen / bs; i++)
|
|
||||||
DES_ecb_encrypt((DES_cblock *) (data + i * bs),
|
|
||||||
(DES_cblock *) (res + i * bs),
|
|
||||||
&od->u.des.key_schedule, 0);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
ossl_des_cbc_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
|
|
||||||
uint8 *res)
|
|
||||||
{
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
|
|
||||||
DES_ncbc_encrypt(data, res, dlen, &od->u.des.key_schedule,
|
|
||||||
(DES_cblock *) od->iv, 1);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
ossl_des_cbc_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
|
|
||||||
uint8 *res)
|
|
||||||
{
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
|
|
||||||
DES_ncbc_encrypt(data, res, dlen, &od->u.des.key_schedule,
|
|
||||||
(DES_cblock *) od->iv, 0);
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -524,82 +446,16 @@ static int
|
||||||
ossl_des3_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
|
ossl_des3_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
|
||||||
{
|
{
|
||||||
ossldata *od = c->ptr;
|
ossldata *od = c->ptr;
|
||||||
DES_cblock xkey1,
|
unsigned bs = gen_ossl_block_size(c);
|
||||||
xkey2,
|
|
||||||
xkey3;
|
|
||||||
|
|
||||||
memset(&xkey1, 0, sizeof(xkey1));
|
od->klen = 24;
|
||||||
memset(&xkey2, 0, sizeof(xkey2));
|
memset(od->key, 0, 24);
|
||||||
memset(&xkey3, 0, sizeof(xkey3));
|
memcpy(od->key, key, klen > 24 ? 24 : klen);
|
||||||
memcpy(&xkey1, key, klen > 8 ? 8 : klen);
|
|
||||||
if (klen > 8)
|
|
||||||
memcpy(&xkey2, key + 8, (klen - 8) > 8 ? 8 : (klen - 8));
|
|
||||||
if (klen > 16)
|
|
||||||
memcpy(&xkey3, key + 16, (klen - 16) > 8 ? 8 : (klen - 16));
|
|
||||||
|
|
||||||
DES_set_key(&xkey1, &od->u.des3.k1);
|
|
||||||
DES_set_key(&xkey2, &od->u.des3.k2);
|
|
||||||
DES_set_key(&xkey3, &od->u.des3.k3);
|
|
||||||
memset(&xkey1, 0, sizeof(xkey1));
|
|
||||||
memset(&xkey2, 0, sizeof(xkey2));
|
|
||||||
memset(&xkey3, 0, sizeof(xkey3));
|
|
||||||
|
|
||||||
if (iv)
|
if (iv)
|
||||||
memcpy(od->iv, iv, 8);
|
memcpy(od->iv, iv, bs);
|
||||||
else
|
else
|
||||||
memset(od->iv, 0, 8);
|
memset(od->iv, 0, bs);
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
ossl_des3_ecb_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
|
|
||||||
uint8 *res)
|
|
||||||
{
|
|
||||||
unsigned bs = gen_ossl_block_size(c);
|
|
||||||
unsigned i;
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
|
|
||||||
for (i = 0; i < dlen / bs; i++)
|
|
||||||
DES_ecb3_encrypt((void *) (data + i * bs), (void *) (res + i * bs),
|
|
||||||
&od->u.des3.k1, &od->u.des3.k2, &od->u.des3.k3, 1);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
ossl_des3_ecb_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
|
|
||||||
uint8 *res)
|
|
||||||
{
|
|
||||||
unsigned bs = gen_ossl_block_size(c);
|
|
||||||
unsigned i;
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
|
|
||||||
for (i = 0; i < dlen / bs; i++)
|
|
||||||
DES_ecb3_encrypt((void *) (data + i * bs), (void *) (res + i * bs),
|
|
||||||
&od->u.des3.k1, &od->u.des3.k2, &od->u.des3.k3, 0);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
ossl_des3_cbc_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
|
|
||||||
uint8 *res)
|
|
||||||
{
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
|
|
||||||
DES_ede3_cbc_encrypt(data, res, dlen,
|
|
||||||
&od->u.des3.k1, &od->u.des3.k2, &od->u.des3.k3,
|
|
||||||
(DES_cblock *) od->iv, 1);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
ossl_des3_cbc_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
|
|
||||||
uint8 *res)
|
|
||||||
{
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
|
|
||||||
DES_ede3_cbc_encrypt(data, res, dlen,
|
|
||||||
&od->u.des3.k1, &od->u.des3.k2, &od->u.des3.k3,
|
|
||||||
(DES_cblock *) od->iv, 0);
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -611,7 +467,9 @@ ossl_cast_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
|
||||||
ossldata *od = c->ptr;
|
ossldata *od = c->ptr;
|
||||||
unsigned bs = gen_ossl_block_size(c);
|
unsigned bs = gen_ossl_block_size(c);
|
||||||
|
|
||||||
CAST_set_key(&od->u.cast_key, klen, key);
|
od->klen = klen;
|
||||||
|
memcpy(od->key, key, klen);
|
||||||
|
|
||||||
if (iv)
|
if (iv)
|
||||||
memcpy(od->iv, iv, bs);
|
memcpy(od->iv, iv, bs);
|
||||||
else
|
else
|
||||||
|
@ -619,48 +477,6 @@ ossl_cast_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
|
||||||
ossl_cast_ecb_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
|
|
||||||
{
|
|
||||||
unsigned bs = gen_ossl_block_size(c);
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
const uint8 *end = data + dlen - bs;
|
|
||||||
|
|
||||||
for (; data <= end; data += bs, res += bs)
|
|
||||||
CAST_ecb_encrypt(data, res, &od->u.cast_key, CAST_ENCRYPT);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
ossl_cast_ecb_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
|
|
||||||
{
|
|
||||||
unsigned bs = gen_ossl_block_size(c);
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
const uint8 *end = data + dlen - bs;
|
|
||||||
|
|
||||||
for (; data <= end; data += bs, res += bs)
|
|
||||||
CAST_ecb_encrypt(data, res, &od->u.cast_key, CAST_DECRYPT);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
ossl_cast_cbc_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
|
|
||||||
{
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
|
|
||||||
CAST_cbc_encrypt(data, res, dlen, &od->u.cast_key, od->iv, CAST_ENCRYPT);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
ossl_cast_cbc_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen, uint8 *res)
|
|
||||||
{
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
|
|
||||||
CAST_cbc_encrypt(data, res, dlen, &od->u.cast_key, od->iv, CAST_DECRYPT);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* AES */
|
/* AES */
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
@ -684,96 +500,68 @@ ossl_aes_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
|
||||||
memcpy(od->iv, iv, bs);
|
memcpy(od->iv, iv, bs);
|
||||||
else
|
else
|
||||||
memset(od->iv, 0, bs);
|
memset(od->iv, 0, bs);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
ossl_aes_key_init(ossldata *od, int type)
|
ossl_aes_ecb_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
|
||||||
{
|
{
|
||||||
|
ossldata *od = c->ptr;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
/*
|
err = ossl_aes_init(c, key, klen, iv);
|
||||||
* Strong key support could be missing on some openssl installations. We
|
if (err)
|
||||||
* must check return value from set key function.
|
return err;
|
||||||
*/
|
|
||||||
if (type == AES_ENCRYPT)
|
|
||||||
err = AES_set_encrypt_key(od->key, od->klen * 8, &od->u.aes_key);
|
|
||||||
else
|
|
||||||
err = AES_set_decrypt_key(od->key, od->klen * 8, &od->u.aes_key);
|
|
||||||
|
|
||||||
if (err == 0)
|
switch (od->klen)
|
||||||
{
|
{
|
||||||
od->init = 1;
|
case 128 / 8:
|
||||||
return 0;
|
od->evp_ciph = EVP_aes_128_ecb();
|
||||||
|
break;
|
||||||
|
case 192 / 8:
|
||||||
|
od->evp_ciph = EVP_aes_192_ecb();
|
||||||
|
break;
|
||||||
|
case 256 / 8:
|
||||||
|
od->evp_ciph = EVP_aes_256_ecb();
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
/* shouldn't happen */
|
||||||
|
err = PXE_CIPHER_INIT;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
od->init = 0;
|
|
||||||
return PXE_KEY_TOO_BIG;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
ossl_aes_ecb_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
|
ossl_aes_cbc_init(PX_Cipher *c, const uint8 *key, unsigned klen, const uint8 *iv)
|
||||||
uint8 *res)
|
|
||||||
{
|
|
||||||
unsigned bs = gen_ossl_block_size(c);
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
const uint8 *end = data + dlen - bs;
|
|
||||||
int err;
|
|
||||||
|
|
||||||
if (!od->init)
|
|
||||||
if ((err = ossl_aes_key_init(od, AES_ENCRYPT)) != 0)
|
|
||||||
return err;
|
|
||||||
|
|
||||||
for (; data <= end; data += bs, res += bs)
|
|
||||||
AES_ecb_encrypt(data, res, &od->u.aes_key, AES_ENCRYPT);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
ossl_aes_ecb_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
|
|
||||||
uint8 *res)
|
|
||||||
{
|
|
||||||
unsigned bs = gen_ossl_block_size(c);
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
const uint8 *end = data + dlen - bs;
|
|
||||||
int err;
|
|
||||||
|
|
||||||
if (!od->init)
|
|
||||||
if ((err = ossl_aes_key_init(od, AES_DECRYPT)) != 0)
|
|
||||||
return err;
|
|
||||||
|
|
||||||
for (; data <= end; data += bs, res += bs)
|
|
||||||
AES_ecb_encrypt(data, res, &od->u.aes_key, AES_DECRYPT);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
ossl_aes_cbc_encrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
|
|
||||||
uint8 *res)
|
|
||||||
{
|
{
|
||||||
ossldata *od = c->ptr;
|
ossldata *od = c->ptr;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
if (!od->init)
|
err = ossl_aes_init(c, key, klen, iv);
|
||||||
if ((err = ossl_aes_key_init(od, AES_ENCRYPT)) != 0)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
AES_cbc_encrypt(data, res, dlen, &od->u.aes_key, od->iv, AES_ENCRYPT);
|
switch (od->klen)
|
||||||
return 0;
|
{
|
||||||
}
|
case 128 / 8:
|
||||||
|
od->evp_ciph = EVP_aes_128_cbc();
|
||||||
|
break;
|
||||||
|
case 192 / 8:
|
||||||
|
od->evp_ciph = EVP_aes_192_cbc();
|
||||||
|
break;
|
||||||
|
case 256 / 8:
|
||||||
|
od->evp_ciph = EVP_aes_256_cbc();
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
/* shouldn't happen */
|
||||||
|
err = PXE_CIPHER_INIT;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
static int
|
return err;
|
||||||
ossl_aes_cbc_decrypt(PX_Cipher *c, const uint8 *data, unsigned dlen,
|
|
||||||
uint8 *res)
|
|
||||||
{
|
|
||||||
ossldata *od = c->ptr;
|
|
||||||
int err;
|
|
||||||
|
|
||||||
if (!od->init)
|
|
||||||
if ((err = ossl_aes_key_init(od, AES_DECRYPT)) != 0)
|
|
||||||
return err;
|
|
||||||
|
|
||||||
AES_cbc_encrypt(data, res, dlen, &od->u.aes_key, od->iv, AES_DECRYPT);
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -799,58 +587,69 @@ static PX_Alias ossl_aliases[] = {
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ossl_cipher ossl_bf_cbc = {
|
static const struct ossl_cipher ossl_bf_cbc = {
|
||||||
bf_init, bf_cbc_encrypt, bf_cbc_decrypt,
|
bf_init,
|
||||||
64 / 8, 448 / 8, 0
|
EVP_bf_cbc,
|
||||||
|
64 / 8, 448 / 8
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ossl_cipher ossl_bf_ecb = {
|
static const struct ossl_cipher ossl_bf_ecb = {
|
||||||
bf_init, bf_ecb_encrypt, bf_ecb_decrypt,
|
bf_init,
|
||||||
64 / 8, 448 / 8, 0
|
EVP_bf_ecb,
|
||||||
|
64 / 8, 448 / 8
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ossl_cipher ossl_bf_cfb = {
|
static const struct ossl_cipher ossl_bf_cfb = {
|
||||||
bf_init, bf_cfb64_encrypt, bf_cfb64_decrypt,
|
bf_init,
|
||||||
64 / 8, 448 / 8, 1
|
EVP_bf_cfb,
|
||||||
|
64 / 8, 448 / 8
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ossl_cipher ossl_des_ecb = {
|
static const struct ossl_cipher ossl_des_ecb = {
|
||||||
ossl_des_init, ossl_des_ecb_encrypt, ossl_des_ecb_decrypt,
|
ossl_des_init,
|
||||||
64 / 8, 64 / 8, 0
|
EVP_des_ecb,
|
||||||
|
64 / 8, 64 / 8
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ossl_cipher ossl_des_cbc = {
|
static const struct ossl_cipher ossl_des_cbc = {
|
||||||
ossl_des_init, ossl_des_cbc_encrypt, ossl_des_cbc_decrypt,
|
ossl_des_init,
|
||||||
64 / 8, 64 / 8, 0
|
EVP_des_cbc,
|
||||||
|
64 / 8, 64 / 8
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ossl_cipher ossl_des3_ecb = {
|
static const struct ossl_cipher ossl_des3_ecb = {
|
||||||
ossl_des3_init, ossl_des3_ecb_encrypt, ossl_des3_ecb_decrypt,
|
ossl_des3_init,
|
||||||
64 / 8, 192 / 8, 0
|
EVP_des_ede3_ecb,
|
||||||
|
64 / 8, 192 / 8
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ossl_cipher ossl_des3_cbc = {
|
static const struct ossl_cipher ossl_des3_cbc = {
|
||||||
ossl_des3_init, ossl_des3_cbc_encrypt, ossl_des3_cbc_decrypt,
|
ossl_des3_init,
|
||||||
64 / 8, 192 / 8, 0
|
EVP_des_ede3_cbc,
|
||||||
|
64 / 8, 192 / 8
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ossl_cipher ossl_cast_ecb = {
|
static const struct ossl_cipher ossl_cast_ecb = {
|
||||||
ossl_cast_init, ossl_cast_ecb_encrypt, ossl_cast_ecb_decrypt,
|
ossl_cast_init,
|
||||||
64 / 8, 128 / 8, 0
|
EVP_cast5_ecb,
|
||||||
|
64 / 8, 128 / 8
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ossl_cipher ossl_cast_cbc = {
|
static const struct ossl_cipher ossl_cast_cbc = {
|
||||||
ossl_cast_init, ossl_cast_cbc_encrypt, ossl_cast_cbc_decrypt,
|
ossl_cast_init,
|
||||||
64 / 8, 128 / 8, 0
|
EVP_cast5_cbc,
|
||||||
|
64 / 8, 128 / 8
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ossl_cipher ossl_aes_ecb = {
|
static const struct ossl_cipher ossl_aes_ecb = {
|
||||||
ossl_aes_init, ossl_aes_ecb_encrypt, ossl_aes_ecb_decrypt,
|
ossl_aes_ecb_init,
|
||||||
128 / 8, 256 / 8, 0
|
NULL, /* EVP_aes_XXX_ecb(), determined in init function */
|
||||||
|
128 / 8, 256 / 8
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ossl_cipher ossl_aes_cbc = {
|
static const struct ossl_cipher ossl_aes_cbc = {
|
||||||
ossl_aes_init, ossl_aes_cbc_encrypt, ossl_aes_cbc_decrypt,
|
ossl_aes_cbc_init,
|
||||||
128 / 8, 256 / 8, 0
|
NULL, /* EVP_aes_XXX_cbc(), determined in init function */
|
||||||
|
128 / 8, 256 / 8
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -897,14 +696,17 @@ px_find_cipher(const char *name, PX_Cipher **res)
|
||||||
memset(od, 0, sizeof(*od));
|
memset(od, 0, sizeof(*od));
|
||||||
od->ciph = i->ciph;
|
od->ciph = i->ciph;
|
||||||
|
|
||||||
|
if (i->ciph->cipher_func)
|
||||||
|
od->evp_ciph = i->ciph->cipher_func();
|
||||||
|
|
||||||
c = px_alloc(sizeof(*c));
|
c = px_alloc(sizeof(*c));
|
||||||
c->block_size = gen_ossl_block_size;
|
c->block_size = gen_ossl_block_size;
|
||||||
c->key_size = gen_ossl_key_size;
|
c->key_size = gen_ossl_key_size;
|
||||||
c->iv_size = gen_ossl_iv_size;
|
c->iv_size = gen_ossl_iv_size;
|
||||||
c->free = gen_ossl_free;
|
c->free = gen_ossl_free;
|
||||||
c->init = od->ciph->init;
|
c->init = od->ciph->init;
|
||||||
c->encrypt = od->ciph->encrypt;
|
c->encrypt = gen_ossl_encrypt;
|
||||||
c->decrypt = od->ciph->decrypt;
|
c->decrypt = gen_ossl_decrypt;
|
||||||
c->ptr = od;
|
c->ptr = od;
|
||||||
|
|
||||||
*res = c;
|
*res = c;
|
||||||
|
|
Loading…
Reference in New Issue