Commit a7dada79 authored by Niels Möller's avatar Niels Möller

Redefine struct aes_ctx as a union of key-size specific contexts.

parent b87ec212
2019-03-29 Niels Möller <nisse@lysator.liu.se>
* aes.h (struct aes_ctx): Redefine using a union of key-size
specific contexts.
* aes-decrypt.c (aes_decrypt): Use switch on key_size.
* aes-encrypt.c (aes_encrypt): Likewise.
* aes-set-decrypt-key.c (aes_invert_key): Likewise.
* aes-set-encrypt-key.c (aes_set_encrypt_key): Likewise.
2019-03-27 Niels Möller <nisse@lysator.liu.se> 2019-03-27 Niels Möller <nisse@lysator.liu.se>
* xts.c (xts_shift): Arrange with a single write to u64[1]. * xts.c (xts_shift): Arrange with a single write to u64[1].
......
...@@ -36,6 +36,7 @@ ...@@ -36,6 +36,7 @@
#endif #endif
#include <assert.h> #include <assert.h>
#include <stdlib.h>
#include "aes-internal.h" #include "aes-internal.h"
...@@ -349,9 +350,19 @@ aes_decrypt(const struct aes_ctx *ctx, ...@@ -349,9 +350,19 @@ aes_decrypt(const struct aes_ctx *ctx,
size_t length, uint8_t *dst, size_t length, uint8_t *dst,
const uint8_t *src) const uint8_t *src)
{ {
assert(!(length % AES_BLOCK_SIZE) ); switch (ctx->key_size)
_aes_decrypt(ctx->rounds, ctx->keys, &_aes_decrypt_table, {
length, dst, src); default: abort();
case AES128_KEY_SIZE:
aes128_decrypt(&ctx->u.ctx128, length, dst, src);
break;
case AES192_KEY_SIZE:
aes192_decrypt(&ctx->u.ctx192, length, dst, src);
break;
case AES256_KEY_SIZE:
aes256_decrypt(&ctx->u.ctx256, length, dst, src);
break;
}
} }
void void
......
...@@ -36,6 +36,7 @@ ...@@ -36,6 +36,7 @@
#endif #endif
#include <assert.h> #include <assert.h>
#include <stdlib.h>
#include "aes-internal.h" #include "aes-internal.h"
...@@ -47,9 +48,19 @@ aes_encrypt(const struct aes_ctx *ctx, ...@@ -47,9 +48,19 @@ aes_encrypt(const struct aes_ctx *ctx,
size_t length, uint8_t *dst, size_t length, uint8_t *dst,
const uint8_t *src) const uint8_t *src)
{ {
assert(!(length % AES_BLOCK_SIZE) ); switch (ctx->key_size)
_aes_encrypt(ctx->rounds, ctx->keys, &_aes_encrypt_table, {
length, dst, src); default: abort();
case AES128_KEY_SIZE:
aes128_encrypt(&ctx->u.ctx128, length, dst, src);
break;
case AES192_KEY_SIZE:
aes192_encrypt(&ctx->u.ctx192, length, dst, src);
break;
case AES256_KEY_SIZE:
aes256_encrypt(&ctx->u.ctx256, length, dst, src);
break;
}
} }
void void
......
...@@ -36,17 +36,32 @@ ...@@ -36,17 +36,32 @@
# include "config.h" # include "config.h"
#endif #endif
#include <stdlib.h>
/* This file implements and uses deprecated functions */ /* This file implements and uses deprecated functions */
#define _NETTLE_ATTRIBUTE_DEPRECATED #define _NETTLE_ATTRIBUTE_DEPRECATED
#include "aes-internal.h" #include "aes.h"
void void
aes_invert_key(struct aes_ctx *dst, aes_invert_key(struct aes_ctx *dst,
const struct aes_ctx *src) const struct aes_ctx *src)
{ {
_aes_invert (src->rounds, dst->keys, src->keys); switch (src->key_size)
dst->rounds = src->rounds; {
default: abort();
case AES128_KEY_SIZE:
aes128_invert_key(&dst->u.ctx128, &src->u.ctx128);
break;
case AES192_KEY_SIZE:
aes192_invert_key(&dst->u.ctx192, &src->u.ctx192);
break;
case AES256_KEY_SIZE:
aes256_invert_key(&dst->u.ctx256, &src->u.ctx256);
break;
}
dst->key_size = src->key_size;
} }
void void
......
...@@ -36,32 +36,27 @@ ...@@ -36,32 +36,27 @@
# include "config.h" # include "config.h"
#endif #endif
#include <assert.h>
#include <stdlib.h> #include <stdlib.h>
#include "aes-internal.h" #include "aes.h"
void void
aes_set_encrypt_key(struct aes_ctx *ctx, aes_set_encrypt_key(struct aes_ctx *ctx,
size_t keysize, const uint8_t *key) size_t key_size, const uint8_t *key)
{ {
unsigned nk, nr; switch (key_size)
{
assert(keysize >= AES_MIN_KEY_SIZE); default: abort();
assert(keysize <= AES_MAX_KEY_SIZE); case AES128_KEY_SIZE:
aes128_set_encrypt_key(&ctx->u.ctx128, key);
break;
case AES192_KEY_SIZE:
aes192_set_encrypt_key(&ctx->u.ctx192, key);
break;
case AES256_KEY_SIZE:
aes256_set_encrypt_key(&ctx->u.ctx256, key);
break;
}
/* Truncate keysizes to the valid key sizes provided by Rijndael */ ctx->key_size = key_size;
if (keysize == AES256_KEY_SIZE) {
nk = 8;
nr = _AES256_ROUNDS;
} else if (keysize >= AES192_KEY_SIZE) {
nk = 6;
nr = _AES192_ROUNDS;
} else { /* must be 16 or more */
nk = 4;
nr = _AES128_ROUNDS;
}
ctx->rounds = nr;
_aes_set_key (nr, nk, ctx->keys, key);
} }
...@@ -71,46 +71,6 @@ extern "C" { ...@@ -71,46 +71,6 @@ extern "C" {
#define _AES192_ROUNDS 12 #define _AES192_ROUNDS 12
#define _AES256_ROUNDS 14 #define _AES256_ROUNDS 14
/* Variable key size between 128 and 256 bits. But the only valid
* values are 16 (128 bits), 24 (192 bits) and 32 (256 bits). */
#define AES_MIN_KEY_SIZE AES128_KEY_SIZE
#define AES_MAX_KEY_SIZE AES256_KEY_SIZE
/* The older nettle-2.7 AES interface is deprecated, please migrate to
the newer interface where each algorithm has a fixed key size. */
#define AES_KEY_SIZE 32
struct aes_ctx
{
unsigned rounds; /* number of rounds to use for our key size */
uint32_t keys[4*(_AES256_ROUNDS + 1)]; /* maximum size of key schedule */
};
void
aes_set_encrypt_key(struct aes_ctx *ctx,
size_t length, const uint8_t *key)
_NETTLE_ATTRIBUTE_DEPRECATED;
void
aes_set_decrypt_key(struct aes_ctx *ctx,
size_t length, const uint8_t *key)
_NETTLE_ATTRIBUTE_DEPRECATED;
void
aes_invert_key(struct aes_ctx *dst,
const struct aes_ctx *src)
_NETTLE_ATTRIBUTE_DEPRECATED;
void
aes_encrypt(const struct aes_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src) _NETTLE_ATTRIBUTE_DEPRECATED;
void
aes_decrypt(const struct aes_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src) _NETTLE_ATTRIBUTE_DEPRECATED;
struct aes128_ctx struct aes128_ctx
{ {
uint32_t keys[4 * (_AES128_ROUNDS + 1)]; uint32_t keys[4 * (_AES128_ROUNDS + 1)];
...@@ -174,6 +134,50 @@ aes256_decrypt(const struct aes256_ctx *ctx, ...@@ -174,6 +134,50 @@ aes256_decrypt(const struct aes256_ctx *ctx,
size_t length, uint8_t *dst, size_t length, uint8_t *dst,
const uint8_t *src); const uint8_t *src);
/* The older nettle-2.7 AES interface is deprecated, please migrate to
the newer interface where each algorithm has a fixed key size. */
/* Variable key size between 128 and 256 bits. But the only valid
* values are 16 (128 bits), 24 (192 bits) and 32 (256 bits). */
#define AES_MIN_KEY_SIZE AES128_KEY_SIZE
#define AES_MAX_KEY_SIZE AES256_KEY_SIZE
#define AES_KEY_SIZE 32
struct aes_ctx
{
unsigned key_size; /* In octets */
union {
struct aes128_ctx ctx128;
struct aes192_ctx ctx192;
struct aes256_ctx ctx256;
} u;
};
void
aes_set_encrypt_key(struct aes_ctx *ctx,
size_t length, const uint8_t *key)
_NETTLE_ATTRIBUTE_DEPRECATED;
void
aes_set_decrypt_key(struct aes_ctx *ctx,
size_t length, const uint8_t *key)
_NETTLE_ATTRIBUTE_DEPRECATED;
void
aes_invert_key(struct aes_ctx *dst,
const struct aes_ctx *src)
_NETTLE_ATTRIBUTE_DEPRECATED;
void
aes_encrypt(const struct aes_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src) _NETTLE_ATTRIBUTE_DEPRECATED;
void
aes_decrypt(const struct aes_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src) _NETTLE_ATTRIBUTE_DEPRECATED;
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment