lib » isc

aes.c

Go to the documentation of this file.
00001 /*
00002  * Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
00003  *
00004  * Permission to use, copy, modify, and/or distribute this software for any
00005  * purpose with or without fee is hereby granted, provided that the above
00006  * copyright notice and this permission notice appear in all copies.
00007  *
00008  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
00009  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
00010  * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
00011  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
00012  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
00013  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
00014  * PERFORMANCE OF THIS SOFTWARE.
00015  */
00016 
00017 /* $Id$ */
00018 
00019 /*! \file isc/aes.c */
00020 
00021 #include "config.h"
00022 
00023 #include <isc/assertions.h>
00024 #include <isc/aes.h>
00025 #include <isc/platform.h>
00026 #include <isc/string.h>
00027 #include <isc/types.h>
00028 #include <isc/util.h>
00029 
00030 #ifdef ISC_PLATFORM_WANTAES
00031 #if HAVE_OPENSSL_EVP_AES
00032 
00033 #include <openssl/evp.h>
00034 
00035 void
00036 isc_aes128_crypt(const unsigned char *key, const unsigned char *in,
00037                  unsigned char *out)
00038 {
00039         EVP_CIPHER_CTX c;
00040         int len;
00041 
00042         EVP_CIPHER_CTX_init(&c);
00043         RUNTIME_CHECK(EVP_EncryptInit(&c, EVP_aes_128_ecb(), key, NULL) == 1);
00044         EVP_CIPHER_CTX_set_padding(&c, 0);
00045         RUNTIME_CHECK(EVP_EncryptUpdate(&c, out, &len, in,
00046                                         ISC_AES_BLOCK_LENGTH) == 1);
00047         RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH);
00048         RUNTIME_CHECK(EVP_CIPHER_CTX_cleanup(&c) == 1);
00049 }
00050 
00051 void
00052 isc_aes192_crypt(const unsigned char *key, const unsigned char *in,
00053                  unsigned char *out)
00054 {
00055         EVP_CIPHER_CTX c;
00056         int len;
00057 
00058         EVP_CIPHER_CTX_init(&c);
00059         RUNTIME_CHECK(EVP_EncryptInit(&c, EVP_aes_192_ecb(), key, NULL) == 1);
00060         EVP_CIPHER_CTX_set_padding(&c, 0);
00061         RUNTIME_CHECK(EVP_EncryptUpdate(&c, out, &len, in,
00062                                         ISC_AES_BLOCK_LENGTH) == 1);
00063         RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH);
00064         RUNTIME_CHECK(EVP_CIPHER_CTX_cleanup(&c) == 1);
00065 }
00066 
00067 void
00068 isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
00069                  unsigned char *out)
00070 {
00071         EVP_CIPHER_CTX c;
00072         int len;
00073 
00074         EVP_CIPHER_CTX_init(&c);
00075         RUNTIME_CHECK(EVP_EncryptInit(&c, EVP_aes_256_ecb(), key, NULL) == 1);
00076         EVP_CIPHER_CTX_set_padding(&c, 0);
00077         RUNTIME_CHECK(EVP_EncryptUpdate(&c, out, &len, in,
00078                                         ISC_AES_BLOCK_LENGTH) == 1);
00079         RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH);
00080         RUNTIME_CHECK(EVP_CIPHER_CTX_cleanup(&c) == 1);
00081 }
00082 
00083 #elif HAVE_OPENSSL_AES
00084 
00085 #include <openssl/aes.h>
00086 
00087 void
00088 isc_aes128_crypt(const unsigned char *key, const unsigned char *in,
00089                  unsigned char *out)
00090 {
00091         AES_KEY k;
00092 
00093         RUNTIME_CHECK(AES_set_encrypt_key(key, 128, &k) == 0);
00094         AES_encrypt(in, out, &k);
00095 }
00096 
00097 void
00098 isc_aes192_crypt(const unsigned char *key, const unsigned char *in,
00099                  unsigned char *out)
00100 {
00101         AES_KEY k;
00102 
00103         RUNTIME_CHECK(AES_set_encrypt_key(key, 192, &k) == 0);
00104         AES_encrypt(in, out, &k);
00105 }
00106 
00107 void
00108 isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
00109                  unsigned char *out)
00110 {
00111         AES_KEY k;
00112 
00113         RUNTIME_CHECK(AES_set_encrypt_key(key, 256, &k) == 0);
00114         AES_encrypt(in, out, &k);
00115 }
00116 
00117 #elif PKCS11CRYPTO
00118 
00119 #include <pk11/pk11.h>
00120 #include <pk11/internal.h>
00121 
00122 static CK_BBOOL truevalue = TRUE;
00123 static CK_BBOOL falsevalue = FALSE;
00124 
00125 static void isc_aes_crypt(const unsigned char *key, CK_ULONG keylen,
00126                           const unsigned char *in, unsigned char *out);
00127 
00128 void
00129 isc_aes128_crypt(const unsigned char *key, const unsigned char *in,
00130                  unsigned char *out)
00131 {
00132         isc_aes_crypt(key, ISC_AES128_KEYLENGTH, in, out);
00133 }
00134 
00135 void
00136 isc_aes192_crypt(const unsigned char *key, const unsigned char *in,
00137                  unsigned char *out)
00138 {
00139         isc_aes_crypt(key, ISC_AES192_KEYLENGTH, in, out);
00140 }
00141 
00142 void
00143 isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
00144                  unsigned char *out)
00145 {
00146         isc_aes_crypt(key, ISC_AES256_KEYLENGTH, in, out);
00147 }
00148 
00149 static void
00150 isc_aes_crypt(const unsigned char *key, CK_ULONG keylen,
00151               const unsigned char *in, unsigned char *out)
00152 {
00153         CK_RV rv;
00154         CK_MECHANISM mech = { CKM_AES_ECB, NULL, 0 };
00155         CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
00156         CK_KEY_TYPE keyType = CKK_AES;
00157         CK_ATTRIBUTE keyTemplate[] =
00158         {
00159                 { CKA_CLASS, &keyClass, (CK_ULONG) sizeof(keyClass) },
00160                 { CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) },
00161                 { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
00162                 { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
00163                 { CKA_ENCRYPT, &truevalue, (CK_ULONG) sizeof(truevalue) },
00164                 { CKA_VALUE, NULL, keylen }
00165         };
00166         CK_ULONG blocklen;
00167         CK_BYTE_PTR pData;
00168         pk11_context_t ctx;
00169 
00170         DE_CONST(key, keyTemplate[5].pValue);
00171         RUNTIME_CHECK(pk11_get_session(&ctx, OP_AES, ISC_TRUE, ISC_FALSE,
00172                                        ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
00173         ctx.object = CK_INVALID_HANDLE;
00174         PK11_FATALCHECK(pkcs_C_CreateObject,
00175                         (ctx.session, keyTemplate,
00176                          (CK_ULONG) 6, &ctx.object));
00177         INSIST(ctx.object != CK_INVALID_HANDLE);
00178         PK11_FATALCHECK(pkcs_C_EncryptInit,
00179                         (ctx.session, &mech, ctx.object));
00180 
00181         DE_CONST(in, pData);
00182         blocklen = (CK_ULONG) ISC_AES_BLOCK_LENGTH;
00183         PK11_FATALCHECK(pkcs_C_Encrypt,
00184                         (ctx.session,
00185                          pData, (CK_ULONG) ISC_AES_BLOCK_LENGTH,
00186                          out, &blocklen));
00187         RUNTIME_CHECK(blocklen == (CK_ULONG) ISC_AES_BLOCK_LENGTH);
00188 
00189         (void) pkcs_C_DestroyObject(ctx.session, ctx.object);
00190         ctx.object = CK_INVALID_HANDLE;
00191         pk11_return_session(&ctx);
00192 
00193 }
00194 
00195 #endif
00196 #endif /* ISC_PLATFORM_WANTAES */
Generated on Tue Apr 28 17:41:03 2015 by Doxygen 1.5.4 for BIND9 Internals 9.11.0pre-alpha