robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
Browse Source

[crypto] Move AES_convert_key() hack into axtls_aes.c 

Although the nature of the hack is essentially unchanged, this allows
us to remove the hardcoded assumption in tls.c that the RX cipher is
AES.
tags/v0.9.7
Michael Brown 15 years ago
parent
991f907d5b
commit
5de8305feb
2 changed files with 25 additions and 13 deletions
Unified View Show Diff Stats
  1. 25
    9
      src/crypto/axtls_aes.c
  2. 0
    4
      src/net/tls.c

+ 25
- 9
src/crypto/axtls_aes.c View File

4 
 #include <gpxe/crypto.h>
 4 
 #include <gpxe/crypto.h>
5 
 #include <gpxe/aes.h>
 5 
 #include <gpxe/aes.h>
6
6
7 
+struct aes_cbc_context {
8 
+	AES_CTX ctx;
9 
+	int decrypting;
10 
+};
11 
+
7 
 static int aes_cbc_setkey ( void *ctx, const void *key, size_t keylen ) {
 12 
 static int aes_cbc_setkey ( void *ctx, const void *key, size_t keylen ) {
8 
-	AES_CTX *aesctx = ctx;
13 
+	struct aes_cbc_context *aesctx = ctx;
9 
 	AES_MODE mode;
 14 
 	AES_MODE mode;
10
15
11 
 	switch ( keylen ) {
 16 
 	switch ( keylen ) {
19 
 		return -EINVAL;
 24 
 		return -EINVAL;
20 
 	}
 25 
 	}
21
26
22 
-	AES_set_key ( aesctx, key, aesctx->iv, mode );
27 
+	AES_set_key ( &aesctx->ctx, key, aesctx->ctx.iv, mode );
28 
+
29 
+	aesctx->decrypting = 0;
30 
+
23 
 	return 0;
 31 
 	return 0;
24 
 }
 32 
 }
25
33
26 
 static void aes_cbc_setiv ( void *ctx, const void *iv ) {
 34 
 static void aes_cbc_setiv ( void *ctx, const void *iv ) {
27 
-	AES_CTX *aesctx = ctx;
35 
+	struct aes_cbc_context *aesctx = ctx;
28
36
29 
-	memcpy ( aesctx->iv, iv, sizeof ( aesctx->iv ) );
37 
+	memcpy ( aesctx->ctx.iv, iv, sizeof ( aesctx->ctx.iv ) );
30 
 }
 38 
 }
31
39
32 
 static void aes_cbc_encrypt ( void *ctx, const void *data, void *dst,
 40 
 static void aes_cbc_encrypt ( void *ctx, const void *data, void *dst,
33 
 			      size_t len ) {
 41 
 			      size_t len ) {
34 
-	AES_CTX *aesctx = ctx;
42 
+	struct aes_cbc_context *aesctx = ctx;
35
43
36 
-	AES_cbc_encrypt ( aesctx, data, dst, len );
44 
+	if ( aesctx->decrypting )
45 
+		assert ( 0 );
46 
+
47 
+	AES_cbc_encrypt ( &aesctx->ctx, data, dst, len );
37 
 }
 48 
 }
38
49
39 
 static void aes_cbc_decrypt ( void *ctx, const void *data, void *dst,
 50 
 static void aes_cbc_decrypt ( void *ctx, const void *data, void *dst,
40 
 			      size_t len ) {
 51 
 			      size_t len ) {
41 
-	AES_CTX *aesctx = ctx;
52 
+	struct aes_cbc_context *aesctx = ctx;
53 
+
54 
+	if ( ! aesctx->decrypting ) {
55 
+		AES_convert_key ( &aesctx->ctx );
56 
+		aesctx->decrypting = 1;
57 
+	}
42
58
43 
-	AES_cbc_decrypt ( aesctx, data, dst, len );
59 
+	AES_cbc_decrypt ( &aesctx->ctx, data, dst, len );
44 
 }
 60 
 }
45
61
46 
 struct crypto_algorithm aes_cbc_algorithm = {
 62 
 struct crypto_algorithm aes_cbc_algorithm = {
47 
 	.name		= "aes_cbc",
 63 
 	.name		= "aes_cbc",
48 
-	.ctxsize	= sizeof ( AES_CTX ),
64 
+	.ctxsize	= sizeof ( struct aes_cbc_context ),
49 
 	.blocksize	= 16,
 65 
 	.blocksize	= 16,
50 
 	.setkey		= aes_cbc_setkey,
 66 
 	.setkey		= aes_cbc_setkey,
51 
 	.setiv		= aes_cbc_setiv,
 67 
 	.setiv		= aes_cbc_setiv,

+ 0
- 4
src/net/tls.c View File

372 
 		       tls, strerror ( rc ) );
 372 
 		       tls, strerror ( rc ) );
373 
 		return rc;
 373 
 		return rc;
374 
 	}
 374 
 	}
375 
-
376 
-	/* FIXME: AES needs to be fixed to not require this */
377 
-	AES_convert_key ( rx_cipherspec->cipher_ctx );
378 
-
379 
 	DBGC ( tls, "TLS %p RX key:\n", tls );
 375 
 	DBGC ( tls, "TLS %p RX key:\n", tls );
380 
 	DBGC_HD ( tls, key, key_size );
 376 
 	DBGC_HD ( tls, key, key_size );
381 
 	key += key_size;
 377 
 	key += key_size;

Write Preview
Loading…
Cancel
Save