99 |
100 |
100 /* |
101 /* |
101 * Cipher Table for all supported symmetric ciphers. |
102 * Cipher Table for all supported symmetric ciphers. |
102 */ |
103 */ |
103 static devcrypto_cipher_t cipher_table[] = { |
104 static devcrypto_cipher_t cipher_table[] = { |
|
105 /* id, nid, iv_len, min_, max_key_len, */ |
|
106 /* key_type, mech_type, flags, pn_internal_number */ |
104 { DEV_DES_CBC, NID_des_cbc, 8, 8, 8, |
107 { DEV_DES_CBC, NID_des_cbc, 8, 8, 8, |
105 CKK_DES, CKM_DES_CBC, CRYPTO_MECH_INVALID}, |
108 CKK_DES, CKM_DES_CBC, 0, CRYPTO_MECH_INVALID}, |
106 { DEV_DES3_CBC, NID_des_ede3_cbc, 8, 24, 24, |
109 { DEV_DES3_CBC, NID_des_ede3_cbc, 8, 24, 24, |
107 CKK_DES3, CKM_DES3_CBC, CRYPTO_MECH_INVALID}, |
110 CKK_DES3, CKM_DES3_CBC, 0, CRYPTO_MECH_INVALID}, |
108 { DEV_DES_ECB, NID_des_ecb, 0, 8, 8, |
111 { DEV_DES_ECB, NID_des_ecb, 0, 8, 8, |
109 CKK_DES, CKM_DES_ECB, CRYPTO_MECH_INVALID}, |
112 CKK_DES, CKM_DES_ECB, 0, CRYPTO_MECH_INVALID}, |
110 { DEV_DES3_ECB, NID_des_ede3_ecb, 0, 24, 24, |
113 { DEV_DES3_ECB, NID_des_ede3_ecb, 0, 24, 24, |
111 CKK_DES3, CKM_DES3_ECB, CRYPTO_MECH_INVALID}, |
114 CKK_DES3, CKM_DES3_ECB, 0, CRYPTO_MECH_INVALID}, |
112 { DEV_RC4, NID_rc4, 0, 16, 256, |
115 { DEV_RC4, NID_rc4, 0, 16, 256, |
113 CKK_RC4, CKM_RC4, CRYPTO_MECH_INVALID}, |
116 CKK_RC4, CKM_RC4, 0, CRYPTO_MECH_INVALID}, |
114 { DEV_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16, |
117 { DEV_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16, |
115 CKK_AES, CKM_AES_CBC, CRYPTO_MECH_INVALID}, |
118 CKK_AES, CKM_AES_CBC, 0, CRYPTO_MECH_INVALID}, |
116 { DEV_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24, |
119 { DEV_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24, |
117 CKK_AES, CKM_AES_CBC, CRYPTO_MECH_INVALID}, |
120 CKK_AES, CKM_AES_CBC, 0, CRYPTO_MECH_INVALID}, |
118 { DEV_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32, |
121 { DEV_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32, |
119 CKK_AES, CKM_AES_CBC, CRYPTO_MECH_INVALID}, |
122 CKK_AES, CKM_AES_CBC, 0, CRYPTO_MECH_INVALID}, |
120 { DEV_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16, |
123 { DEV_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16, |
121 CKK_AES, CKM_AES_ECB, CRYPTO_MECH_INVALID}, |
124 CKK_AES, CKM_AES_ECB, 0, CRYPTO_MECH_INVALID}, |
122 { DEV_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24, |
125 { DEV_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24, |
123 CKK_AES, CKM_AES_ECB, CRYPTO_MECH_INVALID}, |
126 CKK_AES, CKM_AES_ECB, 0, CRYPTO_MECH_INVALID}, |
124 { DEV_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32, |
127 { DEV_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32, |
125 CKK_AES, CKM_AES_ECB, CRYPTO_MECH_INVALID}, |
128 CKK_AES, CKM_AES_ECB, 0, CRYPTO_MECH_INVALID}, |
126 { DEV_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16, |
129 { DEV_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16, |
127 CKK_BLOWFISH, CKM_BLOWFISH_CBC, CRYPTO_MECH_INVALID}, |
130 CKK_BLOWFISH, CKM_BLOWFISH_CBC, 0, CRYPTO_MECH_INVALID}, |
128 /* |
131 /* |
129 * For the following 3 AES counter mode entries, we don't know the |
132 * For the following 3 AES counter mode entries, we don't know the |
130 * NIDs until the engine is initialized |
133 * NIDs until the engine is initialized |
131 */ |
134 */ |
132 { DEV_AES_128_CTR, NID_undef, 16, 16, 16, |
135 { DEV_AES_128_CTR, NID_undef, 16, 16, 16, |
133 CKK_AES, CKM_AES_CTR, CRYPTO_MECH_INVALID}, |
136 CKK_AES, CKM_AES_CTR, EVP_CIPH_NO_PADDING, |
|
137 CRYPTO_MECH_INVALID}, |
134 { DEV_AES_192_CTR, NID_undef, 16, 24, 24, |
138 { DEV_AES_192_CTR, NID_undef, 16, 24, 24, |
135 CKK_AES, CKM_AES_CTR, CRYPTO_MECH_INVALID}, |
139 CKK_AES, CKM_AES_CTR, EVP_CIPH_NO_PADDING, |
|
140 CRYPTO_MECH_INVALID}, |
136 { DEV_AES_256_CTR, NID_undef, 16, 32, 32, |
141 { DEV_AES_256_CTR, NID_undef, 16, 32, 32, |
137 CKK_AES, CKM_AES_CTR, CRYPTO_MECH_INVALID}, |
142 CKK_AES, CKM_AES_CTR, EVP_CIPH_NO_PADDING, |
|
143 CRYPTO_MECH_INVALID}, |
138 }; |
144 }; |
139 |
145 |
140 |
146 |
141 /* Formal declaration for functions in EVP_CIPHER structure */ |
147 /* Formal declaration for functions in EVP_CIPHER structure */ |
142 static int devcrypto_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
148 static int devcrypto_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
143 const unsigned char *iv, int enc); |
149 const unsigned char *iv, int enc); |
144 static int devcrypto_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
150 static int devcrypto_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
145 const unsigned char *in, size_t inl); |
151 const unsigned char *in, size_t inl); |
146 static int devcrypto_cipher_cleanup(EVP_CIPHER_CTX *ctx); |
152 static int devcrypto_cipher_cleanup(EVP_CIPHER_CTX *ctx); |
147 |
153 |
148 /* OpenSSL's libcrypto EVP stuff. This is how this engine gets wired to EVP. */ |
154 /* |
|
155 * Cipher Algorithms |
|
156 * |
|
157 * OpenSSL's libcrypto EVP stuff. This is how this engine gets wired to EVP. |
|
158 * EVP_CIPHER is defined in evp.h. To maintain binary compatibility the |
|
159 * definition cannot be modified. |
|
160 * Stuff specific to the devcrypto engine is kept in devcrypto_ctx_t, which is |
|
161 * pointed to by cipher_data or md_data. |
|
162 * |
|
163 * Fields: nid, block_size, key_len, iv_len, flags, |
|
164 * init(), do_cipher(), cleanup(), |
|
165 * ctx_size, |
|
166 * set_asn1_parameters(), get_asn1_parameters(), ctrl(), app_data |
|
167 */ |
149 static const EVP_CIPHER dev_des_cbc = { |
168 static const EVP_CIPHER dev_des_cbc = { |
150 NID_des_cbc, |
169 NID_des_cbc, |
151 8, 8, 8, |
170 8, 8, 8, |
152 EVP_CIPH_CBC_MODE, |
171 EVP_CIPH_CBC_MODE, |
153 devcrypto_cipher_init, |
172 devcrypto_cipher_init, |