13#define TOR_AES_PRIVATE
21DISABLE_GCC_WARNING(
"-Wstrict-prototypes")
24ENABLE_GCC_WARNING(
"-Wstrict-prototypes")
36aes_new_cipher_internal(
const uint8_t *key,
const uint8_t *iv,
39 const CK_MECHANISM_TYPE ckm = CKM_AES_CTR;
40 SECItem keyItem = { .type = siBuffer,
41 .data = (
unsigned char *)key,
42 .len = (key_bits / 8) };
43 CK_AES_CTR_PARAMS params;
44 params.ulCounterBits = 128;
45 memcpy(params.cb, iv, 16);
46 SECItem ivItem = { .type = siBuffer,
47 .data = (
unsigned char *)¶ms,
48 .len =
sizeof(params) };
49 PK11SlotInfo *slot = NULL;
50 PK11SymKey *keyObj = NULL;
51 SECItem *ivObj = NULL;
52 PK11Context *result = NULL;
54 slot = PK11_GetBestSlot(ckm, NULL);
58 keyObj = PK11_ImportSymKey(slot, ckm, PK11_OriginUnwrap,
59 CKA_ENCRYPT, &keyItem, NULL);
63 ivObj = PK11_ParamFromIV(ckm, &ivItem);
67 PORT_SetError(SEC_ERROR_IO);
68 result = PK11_CreateContextBySymKey(ckm, CKA_ENCRYPT, keyObj, ivObj);
71 memwipe(¶ms, 0,
sizeof(params));
73 SECITEM_FreeItem(ivObj, PR_TRUE);
75 PK11_FreeSymKey(keyObj);
84aes_new_cipher(
const uint8_t *key,
const uint8_t *iv,
88 cipher->context = aes_new_cipher_internal(key, iv, key_bits);
89 cipher->kbytes = key_bits / 8;
90 memcpy(cipher->key, key, cipher->kbytes);
99 PK11_DestroyContext(cipher->context, PR_TRUE);
100 memwipe(cipher, 0,
sizeof(*cipher));
109 PK11_DestroyContext(cipher->context, PR_TRUE);
110 cipher->context = aes_new_cipher_internal(cipher->key, iv,
111 8*(
int)cipher->kbytes);
116 const uint8_t *key,
int key_bits)
118 const uint8_t iv[16] = {0};
121 PK11_DestroyContext(cipher->context, PR_TRUE);
122 memwipe(cipher->key, 0,
sizeof(cipher->key));
124 cipher->context = aes_new_cipher_internal(key, iv, key_bits);
125 cipher->kbytes = key_bits / 8;
126 memcpy(cipher->key, key, cipher->kbytes);
135 unsigned char *data = (
unsigned char *)data_;
136 int len = (int) len_;
139 s = PK11_CipherOp(cipher->context, data, &result_len, len, data, len);
145aes_raw_new(
const uint8_t *key,
int key_bits,
bool encrypt)
147 const CK_MECHANISM_TYPE ckm = CKM_AES_ECB;
148 SECItem keyItem = { .type = siBuffer,
149 .data = (
unsigned char *)key,
150 .len = (key_bits / 8) };
151 SECItem ivItem = { .type = siBuffer,
154 PK11SlotInfo *slot = NULL;
155 PK11SymKey *keyObj = NULL;
156 SECItem *ivObj = NULL;
157 PK11Context *result = NULL;
159 slot = PK11_GetBestSlot(ckm, NULL);
163 CK_ATTRIBUTE_TYPE mode = encrypt ? CKA_ENCRYPT : CKA_DECRYPT;
165 keyObj = PK11_ImportSymKey(slot, ckm, PK11_OriginUnwrap,
166 mode, &keyItem, NULL);
170 ivObj = PK11_ParamFromIV(ckm, &ivItem);
174 PORT_SetError(SEC_ERROR_IO);
175 result = PK11_CreateContextBySymKey(ckm, mode, keyObj, ivObj);
180 SECITEM_FreeItem(ivObj, PR_TRUE);
182 PK11_FreeSymKey(keyObj);
187 return (aes_raw_t *)result;
190aes_raw_free_(aes_raw_t *cipher_)
194 PK11Context *ctx = (PK11Context*)cipher_;
195 PK11_DestroyContext(ctx, PR_TRUE);
198aes_raw_set_key(aes_raw_t **cipher,
const uint8_t *key,
199 int key_bits,
bool encrypt)
203 aes_raw_free(*cipher);
204 *cipher = aes_raw_new(key, key_bits, encrypt);
207aes_raw_encrypt(
const aes_raw_t *cipher, uint8_t *block)
210 PK11Context *ctx = (PK11Context*)cipher;
212 s = PK11_CipherOp(ctx, block, &result_len, 16, block, 16);
217aes_raw_decrypt(
const aes_raw_t *cipher, uint8_t *block)
220 aes_raw_encrypt(cipher, block);
void aes_cipher_set_key(aes_cnt_cipher_t *cipher_, const uint8_t *key, int key_bits)
void aes_cipher_set_iv_aligned(aes_cnt_cipher_t *cipher_, const uint8_t *iv)
Headers for crypto_nss_mgt.c.
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
Macros to manage assertions, fatal and non-fatal.