source: trunk/packages/xen-common/xen-common/tools/vtpm_manager/crypto/sym_crypto.c @ 95

Last change on this file since 95 was 34, checked in by hartmans, 18 years ago

Add xen and xen-common

  • Property svn:mime-type set to text/cpp
File size: 6.1 KB
Line 
1// ===================================================================
2//
3// Copyright (c) 2005, Intel Corp.
4// All rights reserved.
5//
6// Redistribution and use in source and binary forms, with or without
7// modification, are permitted provided that the following conditions
8// are met:
9//
10//   * Redistributions of source code must retain the above copyright
11//     notice, this list of conditions and the following disclaimer.
12//   * Redistributions in binary form must reproduce the above
13//     copyright notice, this list of conditions and the following
14//     disclaimer in the documentation and/or other materials provided
15//     with the distribution.
16//   * Neither the name of Intel Corporation nor the names of its
17//     contributors may be used to endorse or promote products derived
18//     from this software without specific prior written permission.
19//
20// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
27// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
29// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
31// OF THE POSSIBILITY OF SUCH DAMAGE.
32// ===================================================================
33//
34// sym_crypto.c
35//
36//     Symmetric crypto portion of crypto
37//
38// ==================================================================
39
40#include <openssl/evp.h>
41#include <openssl/rand.h>
42
43#include "tcg.h"
44#include "sym_crypto.h"
45
46typedef enum crypt_op_type_t {
47  CRYPT_ENCRYPT,
48  CRYPT_DECRYPT
49} crypt_op_type_t;
50
51TPM_RESULT ossl_symcrypto_op (symkey_t* key,
52                              const buffer_t* in,
53                              const buffer_t* iv,
54                              buffer_t * out,
55                              crypt_op_type_t optype);
56
57
58// this is initialized in Crypto_Init()
59const EVP_CIPHER * SYM_CIPHER = NULL;
60
61const BYTE ZERO_IV[EVP_MAX_IV_LENGTH] = {0};
62
63
64TPM_RESULT Crypto_symcrypto_initkey (symkey_t * key, const buffer_t* keybits) {
65  TPM_RESULT status = TPM_SUCCESS;
66 
67  EVP_CIPHER_CTX_init (&key->context);
68 
69  key->cipher = SYM_CIPHER;
70 
71  TPMTRYRETURN( buffer_init_copy (&key->key, keybits));
72   
73  goto egress;
74 
75 abort_egress:
76  EVP_CIPHER_CTX_cleanup (&key->context);
77 
78 egress:
79 
80  return status;
81}
82
83
84
85TPM_RESULT Crypto_symcrypto_genkey (symkey_t * key) {
86  int res;
87  TPM_RESULT status = TPM_SUCCESS;
88 
89  // hmm, EVP_CIPHER_CTX_init does not return a value
90  EVP_CIPHER_CTX_init (&key->context);
91 
92  key->cipher = SYM_CIPHER;
93 
94  TPMTRYRETURN( buffer_init (&key->key, EVP_CIPHER_key_length(key->cipher), NULL)) ;
95 
96  // and generate the key material
97  res = RAND_pseudo_bytes (key->key.bytes, key->key.size);
98  if (res < 0)
99    ERRORDIE (TPM_SHORTRANDOM);
100 
101 
102  goto egress;
103 
104 abort_egress:
105  EVP_CIPHER_CTX_cleanup (&key->context);
106  buffer_free (&key->key);
107 
108 egress:
109  return status; 
110}
111
112
113TPM_RESULT Crypto_symcrypto_encrypt (symkey_t* key,
114                              const buffer_t* clear,
115                              buffer_t* o_cipher) {
116  TPM_RESULT status = TPM_SUCCESS;
117 
118  buffer_t iv, cipher_alias;
119 
120  buffer_init_const (&iv, EVP_MAX_IV_LENGTH, ZERO_IV);
121 
122  buffer_init (o_cipher,
123               clear->size +
124               EVP_CIPHER_iv_length(key->cipher) +
125               EVP_CIPHER_block_size (key->cipher),
126                                 0);
127 
128  // copy the IV into the front
129  buffer_copy (o_cipher, &iv);
130 
131  // make an alias into which we'll put the ciphertext
132  buffer_init_alias (&cipher_alias, o_cipher, EVP_CIPHER_iv_length(key->cipher), 0);
133 
134  TPMTRYRETURN( ossl_symcrypto_op (key, clear, &iv, &cipher_alias, CRYPT_ENCRYPT) );
135
136  // set the output size correctly
137  o_cipher->size += cipher_alias.size;
138 
139  goto egress;
140 
141 abort_egress:
142 
143 egress:
144 
145  return status;
146 
147}
148
149
150
151TPM_RESULT Crypto_symcrypto_decrypt (symkey_t* key,
152                              const buffer_t* cipher,
153                              buffer_t* o_clear) {
154  TPM_RESULT status = TPM_SUCCESS;
155 
156  buffer_t iv, cipher_alias;
157 
158  // alias for the IV
159  buffer_init_alias (&iv, cipher, 0, EVP_CIPHER_iv_length(key->cipher));
160 
161  // make an alias to where the ciphertext is, after the IV
162  buffer_init_alias (&cipher_alias, cipher, EVP_CIPHER_iv_length(key->cipher), 0);
163 
164  // prepare the output buffer
165  TPMTRYRETURN( buffer_init (o_clear,
166                        cipher->size
167                        - EVP_CIPHER_iv_length(key->cipher)
168                        + EVP_CIPHER_block_size(key->cipher),
169                        0) );
170 
171  // and decrypt
172  TPMTRYRETURN ( ossl_symcrypto_op (key, &cipher_alias, &iv, o_clear, CRYPT_DECRYPT) );
173 
174  goto egress;
175 
176 abort_egress:
177  buffer_free (o_clear);
178 
179 egress:
180 
181  return status;
182}
183
184
185
186TPM_RESULT Crypto_symcrypto_freekey (symkey_t * key) {
187  buffer_memset (&key->key, 0);
188  buffer_free (&key->key);
189 
190  EVP_CIPHER_CTX_cleanup (&key->context);
191 
192  return TPM_SUCCESS;
193}
194
195
196TPM_RESULT ossl_symcrypto_op (symkey_t* key,
197                              const buffer_t* in,
198                              const buffer_t* iv,
199                              buffer_t * out,
200                              crypt_op_type_t optype) {
201  TPM_RESULT status = TPM_SUCCESS;
202 
203  int inlen, outlen;
204  tpm_size_t running;
205 
206  if ( ! EVP_CipherInit_ex (&key->context,
207                            key->cipher, NULL, key->key.bytes, iv->bytes,
208                            optype == CRYPT_ENCRYPT ? 1 : 0) )
209    ERRORDIE (TPM_FAIL);
210 
211 
212 
213  inlen = in->size;
214 
215  outlen  = 0;
216  running = 0;
217 
218 
219  if ( ! EVP_CipherUpdate (&key->context, out->bytes, &outlen, in->bytes, inlen) )
220    ERRORDIE (TPM_FAIL);
221
222  running += outlen;
223 
224  if ( ! EVP_CipherFinal_ex (&key->context, out->bytes + running, &outlen) )
225    ERRORDIE (TPM_FAIL);
226 
227  running += outlen;
228 
229  out->size = running;
230 
231  goto egress;
232 
233 abort_egress:
234 egress:
235 
236  return status;
237}
Note: See TracBrowser for help on using the repository browser.