diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-22 11:29:08 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-26 13:45:26 +0100 |
commit | c813b4b6d343e3111c16ed4890222c4cb7255dbd (patch) | |
tree | 89adb88128fd503456ec92087c6d7897a0eb6490 /lib | |
parent | 95e0bafbdfdb3f09936c624405912a1e7b2fd125 (diff) | |
download | gnutls-c813b4b6d343e3111c16ed4890222c4cb7255dbd.tar.gz |
accelerated: padlock: use the new nettle APIs
Also remove any ifdefs for nettle (it is not conditionally compiled in),
and do not register accelerators for AES-192-CBC. That cipher is widely
ignored to bother.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/accelerated/x86/aes-padlock.c | 28 | ||||
-rw-r--r-- | lib/accelerated/x86/x86-common.c | 11 |
2 files changed, 11 insertions, 28 deletions
diff --git a/lib/accelerated/x86/aes-padlock.c b/lib/accelerated/x86/aes-padlock.c index 4c90888add..dc2432ad88 100644 --- a/lib/accelerated/x86/aes-padlock.c +++ b/lib/accelerated/x86/aes-padlock.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Free Software Foundation, Inc. + * Copyright (C) 2011-2018 Free Software Foundation, Inc. + * Copyright (C) 2018 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -31,10 +32,8 @@ #include "errors.h" #include <aes-x86.h> #include <x86-common.h> -#ifdef HAVE_LIBNETTLE -# include <nettle/aes.h> /* for key generation in 192 and 256 bits */ -# include <sha-padlock.h> -#endif +#include <nettle/aes.h> /* for key generation in 192 and 256 bits */ +#include <sha-padlock.h> #include <aes-padlock.h> static int @@ -42,7 +41,6 @@ aes_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc) { /* we use key size to distinguish */ if (algorithm != GNUTLS_CIPHER_AES_128_CBC - && algorithm != GNUTLS_CIPHER_AES_192_CBC && algorithm != GNUTLS_CIPHER_AES_256_CBC) return GNUTLS_E_INVALID_REQUEST; @@ -61,9 +59,7 @@ padlock_aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize) { struct padlock_ctx *ctx = _ctx; struct padlock_cipher_data *pce; -#ifdef HAVE_LIBNETTLE - struct aes_ctx nc; -#endif + struct aes256_ctx nc; memset(_ctx, 0, sizeof(struct padlock_cipher_data)); @@ -78,27 +74,21 @@ padlock_aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize) memcpy(pce->ks.rd_key, userkey, 16); pce->cword.b.keygen = 0; break; -#ifdef HAVE_LIBNETTLE - case 24: - pce->cword.b.ksize = 1; - pce->cword.b.rounds = 12; - goto common_24_32; case 32: pce->cword.b.ksize = 2; pce->cword.b.rounds = 14; - common_24_32: + /* expand key using nettle */ if (ctx->enc) - aes_set_encrypt_key(&nc, keysize, userkey); + aes256_set_encrypt_key(&nc, userkey); else - aes_set_decrypt_key(&nc, keysize, userkey); + aes256_set_decrypt_key(&nc, userkey); memcpy(pce->ks.rd_key, nc.keys, sizeof(nc.keys)); - pce->ks.rounds = nc.rounds; + pce->ks.rounds = _AES256_ROUNDS; pce->cword.b.keygen = 1; break; -#endif default: return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c index 152b0355c3..75b2a6b166 100644 --- a/lib/accelerated/x86/x86-common.c +++ b/lib/accelerated/x86/x86-common.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Free Software Foundation, Inc. + * Copyright (C) 2011-2018 Free Software Foundation, Inc. + * Copyright (C) 2018 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -306,13 +307,6 @@ void register_x86_padlock_crypto(unsigned capabilities) if (ret < 0) { gnutls_assert(); } -#ifdef HAVE_LIBNETTLE - ret = - gnutls_crypto_single_cipher_register - (GNUTLS_CIPHER_AES_192_CBC, 80, &_gnutls_aes_padlock, 0); - if (ret < 0) { - gnutls_assert(); - } ret = gnutls_crypto_single_cipher_register @@ -328,7 +322,6 @@ void register_x86_padlock_crypto(unsigned capabilities) if (ret < 0) { gnutls_assert(); } -#endif } else { _gnutls_priority_update_non_aesni(); } |