narenas
/
opengnsys_ipxe
mirror of https://github.com/ipxe/ipxe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[crypto] Move AES_convert_key() hack into axtls_aes.c 

Although the nature of the hack is essentially unchanged, this allows
us to remove the hardcoded assumption in tls.c that the RX cipher is
AES.
pull/1/head
Michael Brown 2009-02-18 21:33:54 +00:00
parent 991f907d5b
commit 5de8305feb
2 changed files with 25 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/crypto/axtls_aes.c
View File

@ -4,8 +4,13 @@
#include <gpxe/crypto.h> #include <gpxe/crypto.h>
#include <gpxe/aes.h> #include <gpxe/aes.h>
struct aes_cbc_context {
AES_CTX ctx;
int decrypting;
};
static int aes_cbc_setkey ( void *ctx, const void *key, size_t keylen ) { static int aes_cbc_setkey ( void *ctx, const void *key, size_t keylen ) {
AES_CTX *aesctx = ctx; struct aes_cbc_context *aesctx = ctx;
AES_MODE mode; AES_MODE mode;
switch ( keylen ) { switch ( keylen ) {
@ -19,33 +24,44 @@ static int aes_cbc_setkey ( void *ctx, const void *key, size_t keylen ) {
return -EINVAL; return -EINVAL;
} }
AES_set_key ( aesctx, key, aesctx->iv, mode ); AES_set_key ( &aesctx->ctx, key, aesctx->ctx.iv, mode );
aesctx->decrypting = 0;
return 0; return 0;
} }
static void aes_cbc_setiv ( void *ctx, const void *iv ) { static void aes_cbc_setiv ( void *ctx, const void *iv ) {
AES_CTX *aesctx = ctx; struct aes_cbc_context *aesctx = ctx;
memcpy ( aesctx->iv, iv, sizeof ( aesctx->iv ) ); memcpy ( aesctx->ctx.iv, iv, sizeof ( aesctx->ctx.iv ) );
} }
static void aes_cbc_encrypt ( void *ctx, const void *data, void *dst, static void aes_cbc_encrypt ( void *ctx, const void *data, void *dst,
size_t len ) { size_t len ) {
AES_CTX *aesctx = ctx; struct aes_cbc_context *aesctx = ctx;
AES_cbc_encrypt ( aesctx, data, dst, len ); if ( aesctx->decrypting )
assert ( 0 );
AES_cbc_encrypt ( &aesctx->ctx, data, dst, len );
} }
static void aes_cbc_decrypt ( void *ctx, const void *data, void *dst, static void aes_cbc_decrypt ( void *ctx, const void *data, void *dst,
size_t len ) { size_t len ) {
AES_CTX *aesctx = ctx; struct aes_cbc_context *aesctx = ctx;
AES_cbc_decrypt ( aesctx, data, dst, len ); if ( ! aesctx->decrypting ) {
AES_convert_key ( &aesctx->ctx );
aesctx->decrypting = 1;
}
AES_cbc_decrypt ( &aesctx->ctx, data, dst, len );
} }
struct crypto_algorithm aes_cbc_algorithm = { struct crypto_algorithm aes_cbc_algorithm = {
.name = "aes_cbc", .name = "aes_cbc",
.ctxsize = sizeof ( AES_CTX ), .ctxsize = sizeof ( struct aes_cbc_context ),
.blocksize = 16, .blocksize = 16,
.setkey = aes_cbc_setkey, .setkey = aes_cbc_setkey,
.setiv = aes_cbc_setiv, .setiv = aes_cbc_setiv,

4
src/net/tls.c
View File

@ -372,10 +372,6 @@ static int tls_generate_keys ( struct tls_session *tls ) {
tls, strerror ( rc ) ); tls, strerror ( rc ) );
return rc; return rc;
} }
/* FIXME: AES needs to be fixed to not require this */
AES_convert_key ( rx_cipherspec->cipher_ctx );
DBGC ( tls, "TLS %p RX key:\n", tls ); DBGC ( tls, "TLS %p RX key:\n", tls );
DBGC_HD ( tls, key, key_size ); DBGC_HD ( tls, key, key_size );
key += key_size; key += key_size;