370 	struct iked_cipher	*encr;
463 	if ((encr = calloc(1, sizeof(*encr))) == NULL) {
468 	encr->encr_id = id;
469 	encr->encr_priv = cipher;
470 	encr->encr_ctx = NULL;
471 	encr->encr_length = length;
472 	encr->encr_fixedkey = fixedkey;
473 	encr->encr_ivlength = ivlength ? ivlength : length;
474 	encr->encr_saltlength = saltlength;
475 	encr->encr_authid = authid;
477 	encr->encr_ctx = EVP_CIPHER_CTX_new();
478 	if (encr->encr_ctx == NULL) {
480 		cipher_free(encr);
484 	return (encr);
488 cipher_setkey(struct iked_cipher *encr, const void *key, size_t keylen)
490 	ibuf_free(encr->encr_key);
491 	if ((encr->encr_key = ibuf_new(key, keylen)) == NULL) {
495 	return (encr->encr_key);
499 cipher_setiv(struct iked_cipher *encr, const void *iv, size_t len)
501 	ibuf_free(encr->encr_iv);
502 	encr->encr_iv = NULL;
504 		if (len < encr->encr_ivlength) {
508 		encr->encr_iv = ibuf_new(iv, encr->encr_ivlength);
510 		switch (encr->encr_id) {
513 			if (encr->encr_ivlength != sizeof(encr->encr_civ)) {
515 				    __func__, encr->encr_ivlength,
516 				    sizeof(encr->encr_civ));
519 			encr->encr_iv = ibuf_new(&encr->encr_civ, sizeof(encr->encr_civ));
520 			encr->encr_civ++;
524 			encr->encr_iv = ibuf_random(encr->encr_ivlength);
527 	if (encr->encr_iv == NULL) {
531 	return (encr->encr_iv);
535 cipher_settag(struct iked_cipher *encr, uint8_t *data, size_t len)
537 	return (EVP_CIPHER_CTX_ctrl(encr->encr_ctx,
542 cipher_gettag(struct iked_cipher *encr, uint8_t *data, size_t len)
544 	return (EVP_CIPHER_CTX_ctrl(encr->encr_ctx,
549 cipher_free(struct iked_cipher *encr)
551 	if (encr == NULL)
553 	EVP_CIPHER_CTX_free(encr->encr_ctx);
554 	ibuf_free(encr->encr_iv);
555 	ibuf_free(encr->encr_key);
556 	free(encr);
560 cipher_init(struct iked_cipher *encr, int enc)
565 	if (EVP_CipherInit_ex(encr->encr_ctx, encr->encr_priv, NULL,
568 	if (encr->encr_saltlength > 0) {
570 		nonce = ibuf_new(ibuf_seek(encr->encr_key,
571 		    ibuf_size(encr->encr_key) - encr->encr_saltlength,
572 		    encr->encr_saltlength), encr->encr_saltlength);
575 		if (ibuf_add_buf(nonce, encr->encr_iv) != 0)
577 		if (EVP_CipherInit_ex(encr->encr_ctx, NULL, NULL,
578 		    ibuf_data(encr->encr_key), ibuf_data(nonce), enc) != 1)
581 		if (EVP_CipherInit_ex(encr->encr_ctx, NULL, NULL,
582 		    ibuf_data(encr->encr_key), ibuf_data(encr->encr_iv), enc) != 1)
584 	EVP_CIPHER_CTX_set_padding(encr->encr_ctx, 0);
592 cipher_init_encrypt(struct iked_cipher *encr)
594 	return (cipher_init(encr, 1));
598 cipher_init_decrypt(struct iked_cipher *encr)
600 	return (cipher_init(encr, 0));
604 cipher_aad(struct iked_cipher *encr, const void *in, size_t inlen,
609 	if (EVP_CipherUpdate(encr->encr_ctx, NULL, &olen, in, inlen) != 1) {
618 cipher_update(struct iked_cipher *encr, const void *in, size_t inlen,
624 	if (EVP_CipherUpdate(encr->encr_ctx, out, &olen, in, inlen) != 1) {
634 cipher_final(struct iked_cipher *encr)
642 	if (EVP_CipherFinal_ex(encr->encr_ctx, NULL, &olen) != 1) {
650 cipher_length(struct iked_cipher *encr)
652 	return (encr->encr_length);
656 cipher_keylength(struct iked_cipher *encr)
658 	if (encr->encr_fixedkey)
659 		return (encr->encr_fixedkey);
662 	return (ibuf_length(encr->encr_key));
666 cipher_ivlength(struct iked_cipher *encr)
668 	return (encr->encr_ivlength);
672 cipher_outlength(struct iked_cipher *encr, size_t inlen)
674 	return (roundup(inlen, encr->encr_length));

Indexes created Mon Jul 01 21:43:02 MDT 2024