aes: added aes module

This commit is contained in:
Richard Aas 2014-04-04 12:04:16 +00:00
parent 5cba6b42ec
commit 0ed59e7f53
7 changed files with 271 additions and 1 deletions

View file

@ -29,6 +29,7 @@ MODULES += list mbuf hash
MODULES += fmt tmr main mem dbg sys lock mqueue
MODULES += mod conf
MODULES += bfcp
MODULES += aes
INSTALL := install
ifeq ($(DESTDIR),)

View file

@ -20,6 +20,7 @@ extern "C" {
#include "re_sa.h"
/* Library modules */
#include "re_aes.h"
#include "re_base64.h"
#include "re_bfcp.h"
#include "re_conf.h"

23
include/re_aes.h Normal file
View file

@ -0,0 +1,23 @@
/**
* @file re_aes.h Interface to AES (Advanced Encryption Standard)
*
* Copyright (C) 2010 Creytiv.com
*/
#ifndef AES_BLOCK_SIZE
#define AES_BLOCK_SIZE 16
#endif
enum aes_mode {
AES_MODE_CTR /**< AES Counter mode (CTR) */
};
struct aes;
int aes_alloc(struct aes **stp, enum aes_mode mode,
const uint8_t *key, size_t key_bits,
const uint8_t iv[AES_BLOCK_SIZE]);
void aes_set_iv(struct aes *aes, const uint8_t iv[AES_BLOCK_SIZE]);
int aes_encr(struct aes *aes, uint8_t *out, const uint8_t *in, size_t len);
int aes_decr(struct aes *aes, uint8_t *out, const uint8_t *in, size_t len);

View file

@ -758,7 +758,7 @@ SPLINT_OPTIONS += -DHAVE_INET_NTOP -DHAVE_INET_PTON -DHAVE_INET6
# ignore these files for now
SPLINT_IGNORE := src/tls/openssl/tls.c src/tls/openssl/tls_tcp.c
SPLINT_IGNORE += src/dns/darwin/srv.c
SPLINT_IGNORE += src/dns/darwin/srv.c src/aes/openssl/aes.c
SPLINT_SOURCES += $(filter-out $(SPLINT_IGNORE), $(patsubst %,src/%,$(SRCS)))

11
src/aes/mod.mk Normal file
View file

@ -0,0 +1,11 @@
#
# mod.mk
#
# Copyright (C) 2010 Creytiv.com
#
ifneq ($(USE_OPENSSL),)
SRCS += aes/openssl/aes.c
else
SRCS += aes/stub.c
endif

187
src/aes/openssl/aes.c Normal file
View file

@ -0,0 +1,187 @@
/**
* @file openssl/aes.c AES (Advanced Encryption Standard) using OpenSSL
*
* Copyright (C) 2010 Creytiv.com
*/
#include <string.h>
#include <openssl/aes.h>
#include <openssl/evp.h>
#include <re_types.h>
#include <re_fmt.h>
#include <re_mem.h>
#include <re_aes.h>
#ifdef EVP_CIPH_CTR_MODE
struct aes {
EVP_CIPHER_CTX ctx;
};
static void destructor(void *arg)
{
struct aes *st = arg;
EVP_CIPHER_CTX_cleanup(&st->ctx);
}
int aes_alloc(struct aes **aesp, enum aes_mode mode,
const uint8_t *key, size_t key_bits,
const uint8_t iv[AES_BLOCK_SIZE])
{
const EVP_CIPHER *cipher;
struct aes *st;
int err = 0, r;
if (!aesp || !key)
return EINVAL;
if (mode != AES_MODE_CTR)
return ENOTSUP;
st = mem_zalloc(sizeof(*st), destructor);
if (!st)
return ENOMEM;
EVP_CIPHER_CTX_init(&st->ctx);
switch (key_bits) {
case 128: cipher = EVP_aes_128_ctr(); break;
case 192: cipher = EVP_aes_192_ctr(); break;
case 256: cipher = EVP_aes_256_ctr(); break;
default:
re_fprintf(stderr, "aes: unknown key: %zu bits\n", key_bits);
err = EINVAL;
goto out;
}
r = EVP_EncryptInit_ex(&st->ctx, cipher, NULL, key, iv);
if (!r)
err = EPROTO;
out:
if (err)
mem_deref(st);
else
*aesp = st;
return err;
}
void aes_set_iv(struct aes *aes, const uint8_t iv[AES_BLOCK_SIZE])
{
if (!aes)
return;
if (iv)
(void)EVP_EncryptInit_ex(&aes->ctx, NULL, NULL, NULL, iv);
}
int aes_encr(struct aes *aes, uint8_t *out, const uint8_t *in, size_t len)
{
int c_len = (int)len;
if (!aes || !out || !in || !len)
return EINVAL;
if (!EVP_EncryptUpdate(&aes->ctx, out, &c_len, in, (int)len))
return EPROTO;
return 0;
}
#else /* EVP_CIPH_CTR_MODE */
struct aes {
AES_KEY key;
uint8_t iv[AES_BLOCK_SIZE];
};
static void destructor(void *arg)
{
struct aes *st = arg;
memset(&st->key, 0, sizeof(st->key));
}
int aes_alloc(struct aes **aesp, enum aes_mode mode,
const uint8_t *key, size_t key_bits,
const uint8_t iv[AES_BLOCK_SIZE])
{
struct aes *st;
int err = 0, r;
if (!aesp || !key)
return EINVAL;
if (mode != AES_MODE_CTR)
return ENOTSUP;
st = mem_zalloc(sizeof(*st), destructor);
if (!st)
return ENOMEM;
r = AES_set_encrypt_key(key, (int)key_bits, &st->key);
if (r != 0) {
err = EPROTO;
goto out;
}
if (iv)
memcpy(st->iv, iv, sizeof(st->iv));
out:
if (err)
mem_deref(st);
else
*aesp = st;
return err;
}
void aes_set_iv(struct aes *aes, const uint8_t iv[AES_BLOCK_SIZE])
{
if (!aes)
return;
if (iv)
memcpy(aes->iv, iv, sizeof(aes->iv));
}
int aes_encr(struct aes *aes, uint8_t *out, const uint8_t *in, size_t len)
{
unsigned char ec[AES_BLOCK_SIZE] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
unsigned int num = 0;
if (!aes || !out || !in || !len)
return EINVAL;
AES_ctr128_encrypt(in, out, len, &aes->key, aes->iv, ec, &num);
return 0;
}
#endif /* EVP_CIPH_CTR_MODE */
/*
* Common code:
*/
int aes_decr(struct aes *aes, uint8_t *out, const uint8_t *in, size_t len)
{
return aes_encr(aes, out, in, len);
}

47
src/aes/stub.c Normal file
View file

@ -0,0 +1,47 @@
/**
* @file aes/stub.c AES stub
*
* Copyright (C) 2010 Creytiv.com
*/
#include <re_types.h>
#include <re_aes.h>
int aes_alloc(struct aes **stp, enum aes_mode mode,
const uint8_t *key, size_t key_bits,
const uint8_t iv[AES_BLOCK_SIZE])
{
(void)stp;
(void)mode;
(void)key;
(void)key_bits;
(void)iv;
return ENOSYS;
}
void aes_set_iv(struct aes *st, const uint8_t iv[AES_BLOCK_SIZE])
{
(void)st;
(void)iv;
}
int aes_encr(struct aes *st, uint8_t *out, const uint8_t *in, size_t len)
{
(void)st;
(void)out;
(void)in;
(void)len;
return ENOSYS;
}
int aes_decr(struct aes *st, uint8_t *out, const uint8_t *in, size_t len)
{
(void)st;
(void)out;
(void)in;
(void)len;
return ENOSYS;
}