diff options
author | Michael Brown <mcb30@etherboot.org> | 2009-02-18 21:33:54 +0000 |
---|---|---|
committer | Michael Brown <mcb30@etherboot.org> | 2009-02-18 21:33:54 +0000 |
commit | 5de8305febf0fe4f2b8a89753cefdfedc519cee2 (patch) | |
tree | 38421150425c645ee63b28742797aa50752117d1 /src/crypto | |
parent | 991f907d5bcb90643491184bc2ecd05a5b2f4e17 (diff) | |
download | ipxe-5de8305febf0fe4f2b8a89753cefdfedc519cee2.zip ipxe-5de8305febf0fe4f2b8a89753cefdfedc519cee2.tar.gz ipxe-5de8305febf0fe4f2b8a89753cefdfedc519cee2.tar.bz2 |
[crypto] Move AES_convert_key() hack into axtls_aes.c
Although the nature of the hack is essentially unchanged, this allows
us to remove the hardcoded assumption in tls.c that the RX cipher is
AES.
Diffstat (limited to 'src/crypto')
-rw-r--r-- | src/crypto/axtls_aes.c | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/src/crypto/axtls_aes.c b/src/crypto/axtls_aes.c index f36a230..278f933 100644 --- a/src/crypto/axtls_aes.c +++ b/src/crypto/axtls_aes.c @@ -4,8 +4,13 @@ #include <gpxe/crypto.h> #include <gpxe/aes.h> +struct aes_cbc_context { + AES_CTX ctx; + int decrypting; +}; + static int aes_cbc_setkey ( void *ctx, const void *key, size_t keylen ) { - AES_CTX *aesctx = ctx; + struct aes_cbc_context *aesctx = ctx; AES_MODE mode; switch ( keylen ) { @@ -19,33 +24,44 @@ static int aes_cbc_setkey ( void *ctx, const void *key, size_t keylen ) { return -EINVAL; } - AES_set_key ( aesctx, key, aesctx->iv, mode ); + AES_set_key ( &aesctx->ctx, key, aesctx->ctx.iv, mode ); + + aesctx->decrypting = 0; + return 0; } static void aes_cbc_setiv ( void *ctx, const void *iv ) { - AES_CTX *aesctx = ctx; + struct aes_cbc_context *aesctx = ctx; - memcpy ( aesctx->iv, iv, sizeof ( aesctx->iv ) ); + memcpy ( aesctx->ctx.iv, iv, sizeof ( aesctx->ctx.iv ) ); } static void aes_cbc_encrypt ( void *ctx, const void *data, void *dst, size_t len ) { - AES_CTX *aesctx = ctx; + struct aes_cbc_context *aesctx = ctx; - AES_cbc_encrypt ( aesctx, data, dst, len ); + if ( aesctx->decrypting ) + assert ( 0 ); + + AES_cbc_encrypt ( &aesctx->ctx, data, dst, len ); } static void aes_cbc_decrypt ( void *ctx, const void *data, void *dst, size_t len ) { - AES_CTX *aesctx = ctx; + struct aes_cbc_context *aesctx = ctx; + + if ( ! aesctx->decrypting ) { + AES_convert_key ( &aesctx->ctx ); + aesctx->decrypting = 1; + } - AES_cbc_decrypt ( aesctx, data, dst, len ); + AES_cbc_decrypt ( &aesctx->ctx, data, dst, len ); } struct crypto_algorithm aes_cbc_algorithm = { .name = "aes_cbc", - .ctxsize = sizeof ( AES_CTX ), + .ctxsize = sizeof ( struct aes_cbc_context ), .blocksize = 16, .setkey = aes_cbc_setkey, .setiv = aes_cbc_setiv, |