diff options
author | Adam Langley <agl@google.com> | 2015-04-08 11:18:53 -0700 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2015-04-08 11:18:53 -0700 |
commit | 13d393edba74704aaa75af5a82c4e8ecea69d4ae (patch) | |
tree | d08b58f6d5509fb34e1479e9c0a5e7aa0bd321a8 | |
parent | f7e890d94bfb2ecad87621eed301e1897b5a6aef (diff) | |
download | external_boringssl-13d393edba74704aaa75af5a82c4e8ecea69d4ae.zip external_boringssl-13d393edba74704aaa75af5a82c4e8ecea69d4ae.tar.gz external_boringssl-13d393edba74704aaa75af5a82c4e8ecea69d4ae.tar.bz2 |
BoringSSL: support AES-192.
Keystore has added support for it so these functions are needed again.
Change-Id: Id3bf3dd10e182fe7a9b1c51bd3184ecac4cfde8b
-rw-r--r-- | android_compat_hacks.c | 4 | ||||
-rw-r--r-- | src/crypto/cipher/e_aes.c | 61 | ||||
-rw-r--r-- | src/include/openssl/cipher.h | 16 |
3 files changed, 67 insertions, 14 deletions
diff --git a/android_compat_hacks.c b/android_compat_hacks.c index 08377c5..8eac801 100644 --- a/android_compat_hacks.c +++ b/android_compat_hacks.c @@ -28,10 +28,6 @@ #include <openssl/ssl.h> -const EVP_CIPHER *EVP_aes_192_ecb(void) { return NULL; } - -const EVP_CIPHER *EVP_aes_192_cbc(void) { return NULL; } - BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn) { assert(bn == NULL); diff --git a/src/crypto/cipher/e_aes.c b/src/crypto/cipher/e_aes.c index f92bb8e..a86e830 100644 --- a/src/crypto/cipher/e_aes.c +++ b/src/crypto/cipher/e_aes.c @@ -707,6 +707,34 @@ static const EVP_CIPHER aes_128_gcm = { aes_gcm_ctrl}; +static const EVP_CIPHER aes_192_cbc = { + NID_aes_192_cbc, 16 /* block_size */, 24 /* key_size */, + 16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_CBC_MODE, + NULL /* app_data */, aes_init_key, aes_cbc_cipher, + NULL /* cleanup */, NULL /* ctrl */}; + +static const EVP_CIPHER aes_192_ctr = { + NID_aes_192_ctr, 1 /* block_size */, 24 /* key_size */, + 16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_CTR_MODE, + NULL /* app_data */, aes_init_key, aes_ctr_cipher, + NULL /* cleanup */, NULL /* ctrl */}; + +static const EVP_CIPHER aes_192_ecb = { + NID_aes_192_ecb, 16 /* block_size */, 24 /* key_size */, + 0 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_ECB_MODE, + NULL /* app_data */, aes_init_key, aes_ecb_cipher, + NULL /* cleanup */, NULL /* ctrl */}; + +static const EVP_CIPHER aes_192_gcm = { + NID_aes_192_gcm, 1 /* block_size */, 24 /* key_size */, 12 /* iv_len */, + sizeof(EVP_AES_GCM_CTX), + EVP_CIPH_GCM_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER | + EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | + EVP_CIPH_FLAG_AEAD_CIPHER, + NULL /* app_data */, aes_gcm_init_key, aes_gcm_cipher, aes_gcm_cleanup, + aes_gcm_ctrl}; + + static const EVP_CIPHER aes_256_cbc = { NID_aes_128_cbc, 16 /* block_size */, 32 /* key_size */, 16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_CBC_MODE, @@ -855,6 +883,34 @@ static const EVP_CIPHER aesni_128_gcm = { aes_gcm_ctrl}; +static const EVP_CIPHER aesni_192_cbc = { + NID_aes_192_cbc, 16 /* block_size */, 24 /* key_size */, + 16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_CBC_MODE, + NULL /* app_data */, aesni_init_key, aesni_cbc_cipher, + NULL /* cleanup */, NULL /* ctrl */}; + +static const EVP_CIPHER aesni_192_ctr = { + NID_aes_192_ctr, 1 /* block_size */, 24 /* key_size */, + 16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_CTR_MODE, + NULL /* app_data */, aesni_init_key, aes_ctr_cipher, + NULL /* cleanup */, NULL /* ctrl */}; + +static const EVP_CIPHER aesni_192_ecb = { + NID_aes_192_ecb, 16 /* block_size */, 24 /* key_size */, + 0 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_ECB_MODE, + NULL /* app_data */, aesni_init_key, aesni_ecb_cipher, + NULL /* cleanup */, NULL /* ctrl */}; + +static const EVP_CIPHER aesni_192_gcm = { + NID_aes_192_gcm, 1 /* block_size */, 24 /* key_size */, 12 /* iv_len */, + sizeof(EVP_AES_GCM_CTX), + EVP_CIPH_GCM_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER | + EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | + EVP_CIPH_FLAG_AEAD_CIPHER, + NULL /* app_data */, aesni_gcm_init_key, aes_gcm_cipher, aes_gcm_cleanup, + aes_gcm_ctrl}; + + static const EVP_CIPHER aesni_256_cbc = { NID_aes_128_cbc, 16 /* block_size */, 32 /* key_size */, 16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_CBC_MODE, @@ -909,6 +965,11 @@ EVP_CIPHER_FUNCTION(128, ctr) EVP_CIPHER_FUNCTION(128, ecb) EVP_CIPHER_FUNCTION(128, gcm) +EVP_CIPHER_FUNCTION(192, cbc) +EVP_CIPHER_FUNCTION(192, ctr) +EVP_CIPHER_FUNCTION(192, ecb) +EVP_CIPHER_FUNCTION(192, gcm) + EVP_CIPHER_FUNCTION(256, cbc) EVP_CIPHER_FUNCTION(256, ctr) EVP_CIPHER_FUNCTION(256, ecb) diff --git a/src/include/openssl/cipher.h b/src/include/openssl/cipher.h index b614333..adca5a9 100644 --- a/src/include/openssl/cipher.h +++ b/src/include/openssl/cipher.h @@ -90,6 +90,12 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_ctr(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_gcm(void); OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_gcm(void); +/* Deprecated 192-bit version of AES. */ +OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cbc(void); +OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ctr(void); +OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ecb(void); +OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_gcm(void); + /* EVP_enc_null returns a 'cipher' that passes plaintext through as * ciphertext. */ OPENSSL_EXPORT const EVP_CIPHER *EVP_enc_null(void); @@ -521,16 +527,6 @@ struct evp_cipher_st { }; -/* Android compatibility section. - * - * These functions are declared, temporarily, for Android because - * wpa_supplicant will take a little time to sync with upstream. Outside of - * Android they'll have no definition. */ - -OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ecb(void); -OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cbc(void); - - #if defined(__cplusplus) } /* extern C */ #endif |