diff options
author | Daiki Ueno <ueno@gnu.org> | 2021-02-25 11:39:34 +0000 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2021-02-25 11:39:34 +0000 |
commit | f8e585115bb45b04deb3ee1ed7ec530b98d5456a (patch) | |
tree | 2a596075bf97a0919a0f44eb8ffc9ea72def439b | |
parent | 40d39fd8652b2cb3d413362e304bc8283de3113d (diff) | |
parent | ac192c27cf6f2adf0eb8cd8ea9ea51cac37889b1 (diff) | |
download | gnutls-f8e585115bb45b04deb3ee1ed7ec530b98d5456a.tar.gz |
Merge branch 'padlock-aes-192' into 'master'
padlock:add support for AES-192-CBC
Closes #1004
See merge request gnutls/gnutls!1393
-rw-r--r-- | lib/accelerated/x86/aes-padlock.c | 23 | ||||
-rw-r--r-- | lib/accelerated/x86/x86-common.c | 7 |
2 files changed, 25 insertions, 5 deletions
diff --git a/lib/accelerated/x86/aes-padlock.c b/lib/accelerated/x86/aes-padlock.c index 018764bc67..1e9b77c215 100644 --- a/lib/accelerated/x86/aes-padlock.c +++ b/lib/accelerated/x86/aes-padlock.c @@ -41,7 +41,8 @@ aes_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc) { /* we use key size to distinguish */ if (algorithm != GNUTLS_CIPHER_AES_128_CBC - && algorithm != GNUTLS_CIPHER_AES_256_CBC) + && algorithm != GNUTLS_CIPHER_AES_256_CBC + && algorithm != GNUTLS_CIPHER_AES_192_CBC) return GNUTLS_E_INVALID_REQUEST; *_ctx = gnutls_calloc(1, sizeof(struct padlock_ctx)); @@ -59,7 +60,8 @@ padlock_aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize) { struct padlock_ctx *ctx = _ctx; struct padlock_cipher_data *pce; - struct aes256_ctx nc; + struct aes192_ctx nc192; + struct aes256_ctx nc256; memset(_ctx, 0, sizeof(struct padlock_cipher_data)); @@ -74,17 +76,28 @@ padlock_aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize) memcpy(pce->ks.rd_key, userkey, 16); pce->cword.b.keygen = 0; break; + case 24: + pce->cword.b.ksize = 1; + pce->cword.b.rounds = 12; + if (ctx->enc) + aes192_set_encrypt_key(&nc192, userkey); + else + aes192_set_decrypt_key(&nc192, userkey); + memcpy(pce->ks.rd_key, nc192.keys, sizeof(nc192.keys)); + pce->ks.rounds = _AES192_ROUNDS; + pce->cword.b.keygen = 1; + break; case 32: pce->cword.b.ksize = 2; pce->cword.b.rounds = 14; /* expand key using nettle */ if (ctx->enc) - aes256_set_encrypt_key(&nc, userkey); + aes256_set_encrypt_key(&nc256, userkey); else - aes256_set_decrypt_key(&nc, userkey); + aes256_set_decrypt_key(&nc256, userkey); - memcpy(pce->ks.rd_key, nc.keys, sizeof(nc.keys)); + memcpy(pce->ks.rd_key, nc256.keys, sizeof(nc256.keys)); pce->ks.rounds = _AES256_ROUNDS; pce->cword.b.keygen = 1; diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c index c6d242c78b..ea4f0238b6 100644 --- a/lib/accelerated/x86/x86-common.c +++ b/lib/accelerated/x86/x86-common.c @@ -674,6 +674,13 @@ void register_x86_padlock_crypto(unsigned capabilities) gnutls_assert(); } + ret = + gnutls_crypto_single_cipher_register + (GNUTLS_CIPHER_AES_192_CBC, 80, &_gnutls_aes_padlock, 0); + if (ret < 0) { + gnutls_assert(); + } + /* register GCM ciphers */ ret = gnutls_crypto_single_cipher_register |