"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.12.3-P1/lib/isc/aes.c" (7 Dec 2018, 5447 Bytes) of package /linux/misc/dns/bind9/9.12.3-P1/bind-9.12.3-P1.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "aes.c": 9.12.2-P2_vs_9.12.3.

    1 /*
    2  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
    3  *
    4  * This Source Code Form is subject to the terms of the Mozilla Public
    5  * License, v. 2.0. If a copy of the MPL was not distributed with this
    6  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
    7  *
    8  * See the COPYRIGHT file distributed with this work for additional
    9  * information regarding copyright ownership.
   10  */
   11 
   12 
   13 /*! \file isc/aes.c */
   14 
   15 #include <config.h>
   16 
   17 #include <isc/assertions.h>
   18 #include <isc/aes.h>
   19 #include <isc/platform.h>
   20 #include <isc/string.h>
   21 #include <isc/types.h>
   22 #include <isc/util.h>
   23 
   24 #ifdef ISC_PLATFORM_WANTAES
   25 #if HAVE_OPENSSL_EVP_AES
   26 
   27 #include <openssl/opensslv.h>
   28 #include <openssl/evp.h>
   29 
   30 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
   31 #define EVP_CIPHER_CTX_new() &(_context), EVP_CIPHER_CTX_init(&_context)
   32 #define EVP_CIPHER_CTX_free(c) RUNTIME_CHECK(EVP_CIPHER_CTX_cleanup(c) == 1)
   33 #endif
   34 
   35 void
   36 isc_aes128_crypt(const unsigned char *key, const unsigned char *in,
   37          unsigned char *out)
   38 {
   39 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
   40     EVP_CIPHER_CTX _context;
   41 #endif
   42     EVP_CIPHER_CTX *c;
   43     int len;
   44 
   45     c = EVP_CIPHER_CTX_new();
   46     RUNTIME_CHECK(c != NULL);
   47     RUNTIME_CHECK(EVP_EncryptInit(c, EVP_aes_128_ecb(), key, NULL) == 1);
   48     EVP_CIPHER_CTX_set_padding(c, 0);
   49     RUNTIME_CHECK(EVP_EncryptUpdate(c, out, &len, in,
   50                     ISC_AES_BLOCK_LENGTH) == 1);
   51     RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH);
   52     EVP_CIPHER_CTX_free(c);
   53 }
   54 
   55 void
   56 isc_aes192_crypt(const unsigned char *key, const unsigned char *in,
   57          unsigned char *out)
   58 {
   59 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
   60     EVP_CIPHER_CTX _context;
   61 #endif
   62     EVP_CIPHER_CTX *c;
   63     int len;
   64 
   65     c = EVP_CIPHER_CTX_new();
   66     RUNTIME_CHECK(c != NULL);
   67     RUNTIME_CHECK(EVP_EncryptInit(c, EVP_aes_192_ecb(), key, NULL) == 1);
   68     EVP_CIPHER_CTX_set_padding(c, 0);
   69     RUNTIME_CHECK(EVP_EncryptUpdate(c, out, &len, in,
   70                     ISC_AES_BLOCK_LENGTH) == 1);
   71     RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH);
   72     EVP_CIPHER_CTX_free(c);
   73 }
   74 
   75 void
   76 isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
   77          unsigned char *out)
   78 {
   79 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
   80     EVP_CIPHER_CTX _context;
   81 #endif
   82     EVP_CIPHER_CTX *c;
   83     int len;
   84 
   85     c = EVP_CIPHER_CTX_new();
   86     RUNTIME_CHECK(c != NULL);
   87     RUNTIME_CHECK(EVP_EncryptInit(c, EVP_aes_256_ecb(), key, NULL) == 1);
   88     EVP_CIPHER_CTX_set_padding(c, 0);
   89     RUNTIME_CHECK(EVP_EncryptUpdate(c, out, &len, in,
   90                     ISC_AES_BLOCK_LENGTH) == 1);
   91     RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH);
   92     EVP_CIPHER_CTX_free(c);
   93 }
   94 
   95 #elif HAVE_OPENSSL_AES
   96 
   97 #include <openssl/aes.h>
   98 
   99 void
  100 isc_aes128_crypt(const unsigned char *key, const unsigned char *in,
  101          unsigned char *out)
  102 {
  103     AES_KEY k;
  104 
  105     RUNTIME_CHECK(AES_set_encrypt_key(key, 128, &k) == 0);
  106     AES_encrypt(in, out, &k);
  107 }
  108 
  109 void
  110 isc_aes192_crypt(const unsigned char *key, const unsigned char *in,
  111          unsigned char *out)
  112 {
  113     AES_KEY k;
  114 
  115     RUNTIME_CHECK(AES_set_encrypt_key(key, 192, &k) == 0);
  116     AES_encrypt(in, out, &k);
  117 }
  118 
  119 void
  120 isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
  121          unsigned char *out)
  122 {
  123     AES_KEY k;
  124 
  125     RUNTIME_CHECK(AES_set_encrypt_key(key, 256, &k) == 0);
  126     AES_encrypt(in, out, &k);
  127 }
  128 
  129 #elif PKCS11CRYPTO
  130 
  131 #include <pk11/pk11.h>
  132 #include <pk11/internal.h>
  133 
  134 static CK_BBOOL truevalue = TRUE;
  135 static CK_BBOOL falsevalue = FALSE;
  136 
  137 static void isc_aes_crypt(const unsigned char *key, CK_ULONG keylen,
  138               const unsigned char *in, unsigned char *out);
  139 
  140 void
  141 isc_aes128_crypt(const unsigned char *key, const unsigned char *in,
  142          unsigned char *out)
  143 {
  144     isc_aes_crypt(key, ISC_AES128_KEYLENGTH, in, out);
  145 }
  146 
  147 void
  148 isc_aes192_crypt(const unsigned char *key, const unsigned char *in,
  149          unsigned char *out)
  150 {
  151     isc_aes_crypt(key, ISC_AES192_KEYLENGTH, in, out);
  152 }
  153 
  154 void
  155 isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
  156          unsigned char *out)
  157 {
  158     isc_aes_crypt(key, ISC_AES256_KEYLENGTH, in, out);
  159 }
  160 
  161 static void
  162 isc_aes_crypt(const unsigned char *key, CK_ULONG keylen,
  163           const unsigned char *in, unsigned char *out)
  164 {
  165     CK_RV rv;
  166     CK_MECHANISM mech = { CKM_AES_ECB, NULL, 0 };
  167     CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
  168     CK_KEY_TYPE keyType = CKK_AES;
  169     CK_ATTRIBUTE keyTemplate[] =
  170     {
  171         { CKA_CLASS, &keyClass, (CK_ULONG) sizeof(keyClass) },
  172         { CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) },
  173         { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
  174         { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
  175         { CKA_ENCRYPT, &truevalue, (CK_ULONG) sizeof(truevalue) },
  176         { CKA_VALUE, NULL, keylen }
  177     };
  178     CK_ULONG blocklen;
  179     CK_BYTE_PTR pData;
  180     pk11_context_t ctx;
  181 
  182     DE_CONST(key, keyTemplate[5].pValue);
  183     RUNTIME_CHECK(pk11_get_session(&ctx, OP_AES, true, false,
  184                        false, NULL, 0) == ISC_R_SUCCESS);
  185     ctx.object = CK_INVALID_HANDLE;
  186     PK11_FATALCHECK(pkcs_C_CreateObject,
  187             (ctx.session, keyTemplate,
  188              (CK_ULONG) 6, &ctx.object));
  189     INSIST(ctx.object != CK_INVALID_HANDLE);
  190     PK11_FATALCHECK(pkcs_C_EncryptInit,
  191             (ctx.session, &mech, ctx.object));
  192 
  193     DE_CONST(in, pData);
  194     blocklen = (CK_ULONG) ISC_AES_BLOCK_LENGTH;
  195     PK11_FATALCHECK(pkcs_C_Encrypt,
  196             (ctx.session,
  197              pData, (CK_ULONG) ISC_AES_BLOCK_LENGTH,
  198              out, &blocklen));
  199     RUNTIME_CHECK(blocklen == (CK_ULONG) ISC_AES_BLOCK_LENGTH);
  200 
  201     (void) pkcs_C_DestroyObject(ctx.session, ctx.object);
  202     ctx.object = CK_INVALID_HANDLE;
  203     pk11_return_session(&ctx);
  204 
  205 }
  206 
  207 #endif
  208 #endif /* ISC_PLATFORM_WANTAES */