Commit 23ef6e35 authored by Niels Möller's avatar Niels Möller

Update RSA examples to use aes256_ctx, not the deprecated aes_ctx.

parent 24c73370
2018-02-20 Niels Möller <nisse@lysator.liu.se>
* examples/rsa-session.h (struct rsa_session): Use struct
aes256_ctx, instead of the deprecated struct aes_ctx.
* examples/rsa-encrypt.c (rsa_session_set_encrypt_key)
(process_file): Use aes256_* functions.
* examples/rsa-decrypt.c (rsa_session_set_decrypt_key)
(process_file): Likewise.
2018-02-19 Niels Möller <nisse@lysator.liu.se>
* nettle-internal.h: Include sha3.h, needed for the definition of
......
......@@ -64,7 +64,7 @@ rsa_session_set_decrypt_key(struct rsa_session *ctx,
const uint8_t *iv = SESSION_IV(key);
const uint8_t *hmac_key = SESSION_HMAC_KEY(key);
aes_set_decrypt_key(&ctx->aes.ctx, AES_KEY_SIZE, aes_key);
aes256_set_decrypt_key(&ctx->aes.ctx, aes_key);
CBC_SET_IV(&ctx->aes, iv);
hmac_sha1_set_key(&ctx->hmac, SHA1_DIGEST_SIZE, hmac_key);
}
......@@ -151,7 +151,7 @@ process_file(struct rsa_session *ctx,
if (size)
{
CBC_DECRYPT(&ctx->aes, aes_decrypt, size, buffer, buffer);
CBC_DECRYPT(&ctx->aes, aes256_decrypt, size, buffer, buffer);
hmac_sha1_update(&ctx->hmac, size, buffer);
if (!write_data(out, size, buffer))
{
......@@ -164,7 +164,7 @@ process_file(struct rsa_session *ctx,
while (size == BUF_SIZE);
/* Decrypt final block */
CBC_DECRYPT(&ctx->aes, aes_decrypt, AES_BLOCK_SIZE, buffer, buffer);
CBC_DECRYPT(&ctx->aes, aes256_decrypt, AES_BLOCK_SIZE, buffer, buffer);
padding = buffer[AES_BLOCK_SIZE - 1];
if (padding > AES_BLOCK_SIZE)
{
......
......@@ -63,7 +63,7 @@ rsa_session_set_encrypt_key(struct rsa_session *ctx,
const uint8_t *iv = SESSION_IV(key);
const uint8_t *hmac_key = SESSION_HMAC_KEY(key);
aes_set_encrypt_key(&ctx->aes.ctx, AES_KEY_SIZE, aes_key);
aes256_set_encrypt_key(&ctx->aes.ctx, aes_key);
CBC_SET_IV(&ctx->aes, iv);
hmac_sha1_set_key(&ctx->hmac, SHA1_DIGEST_SIZE, hmac_key);
}
......@@ -136,7 +136,7 @@ process_file(struct rsa_session *ctx,
size += padding;
buffer[size - 1] = padding;
CBC_ENCRYPT(&ctx->aes, aes_encrypt, size, buffer, buffer);
CBC_ENCRYPT(&ctx->aes, aes256_encrypt, size, buffer, buffer);
assert (size + SHA1_DIGEST_SIZE <= sizeof(buffer));
......@@ -151,7 +151,7 @@ process_file(struct rsa_session *ctx,
return 1;
}
CBC_ENCRYPT(&ctx->aes, aes_encrypt, size, buffer, buffer);
CBC_ENCRYPT(&ctx->aes, aes256_encrypt, size, buffer, buffer);
if (!write_data(out, size, buffer))
{
werror("Writing output failed: %s\n", strerror(errno));
......
......@@ -25,10 +25,10 @@
uint8_t iv[AES_BLOCK_SIZE];
uint8_t hmac_key[SHA1_DIGEST_SIZE];
of size (4 + AES_KEY_SIZE + AES_BLOCK_SIZE + SHA1_DIGEST_SIZE) = 72
of size (4 + AES256_KEY_SIZE + AES_BLOCK_SIZE + SHA1_DIGEST_SIZE) = 72
bytes, encrypted using rsa-pkcs1.
The cleartext input is encrypted using aes-cbc. The final block is
The cleartext input is encrypted using aes256-cbc. The final block is
padded as
| data | random octets | padding length |
......@@ -39,7 +39,7 @@
struct rsa_session
{
struct CBC_CTX(struct aes_ctx, AES_BLOCK_SIZE) aes;
struct CBC_CTX(struct aes256_ctx, AES_BLOCK_SIZE) aes;
struct hmac_sha1_ctx hmac;
struct yarrow256_ctx yarrow;
};
......@@ -47,13 +47,13 @@ struct rsa_session
struct rsa_session_info
{
/* Version followed by aes key, iv and mac key */
uint8_t key[4 + AES_KEY_SIZE + AES_BLOCK_SIZE + SHA1_DIGEST_SIZE];
uint8_t key[4 + AES256_KEY_SIZE + AES_BLOCK_SIZE + SHA1_DIGEST_SIZE];
};
#define SESSION_VERSION(s) ((s)->key)
#define SESSION_AES_KEY(s) ((s)->key + 4)
#define SESSION_IV(s) ((s)->key + 4 + AES_KEY_SIZE)
#define SESSION_HMAC_KEY(s) ((s)->key + 4 + AES_KEY_SIZE + AES_BLOCK_SIZE)
#define SESSION_IV(s) ((s)->key + 4 + AES256_KEY_SIZE)
#define SESSION_HMAC_KEY(s) ((s)->key + 4 + AES256_KEY_SIZE + AES_BLOCK_SIZE)
void
rsa_session_set_encrypt_key(struct rsa_session *ctx,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment