merge

[plan9front.git] / sys / src / 9 / port / devtls.c

diff --git a/sys/src/9/port/devtls.c b/sys/src/9/port/devtls.c
old mode 100755 (executable)
new mode 100644 (file)
index 7a5e1da..d0550a7
--- a/sys/src/9/port/devtls.c
+++ b/sys/src/9/port/devtls.c
@@ -234,6 +234,8 @@ static void rcvError(TlsRec *tr, int err, char *msg, ...);
 static int     rc4enc(Secret *sec, uchar *buf, int n);
 static int     des3enc(Secret *sec, uchar *buf, int n);
 static int     des3dec(Secret *sec, uchar *buf, int n);
+static int     aesenc(Secret *sec, uchar *buf, int n);
+static int     aesdec(Secret *sec, uchar *buf, int n);
 static int     noenc(Secret *sec, uchar *buf, int n);
 static int     sslunpad(uchar *buf, int n, int block);
 static int     tlsunpad(uchar *buf, int n, int block);
@@ -730,7 +732,7 @@ tlsrecread(TlsRec *tr)
 {
        OneWay *volatile in;
        Block *volatile b;
-       uchar *p, seq[8], header[RecHdrLen], hmac[MD5dlen];
+       uchar *p, seq[8], header[RecHdrLen], hmac[MaxMacLen];
        int volatile nconsumed;
        int len, type, ver, unpad_len;
 
@@ -846,7 +848,7 @@ if(tr->debug) pdump(unpad_len, p, "decrypted:");
                        rcvError(tr, EIllegalParameter, "invalid alert fatal code");
 
                /*
-                * propate non-fatal alerts to handshaker
+                * propagate non-fatal alerts to handshaker
                 */
                if(p[1] == ECloseNotify) {
                        tlsclosed(tr, SRClose);
@@ -1321,7 +1323,7 @@ tlsbwrite(Chan *c, Block *b, ulong offset)
 
        tr = tlsdevs[CONV(c->qid)];
        if(tr == nil)
-               panic("tlsbread");
+               panic("tlsbwrite");
 
        ty = TYPE(c->qid);
        switch(ty) {
@@ -1427,6 +1429,16 @@ initDES3key(Encalg *, Secret *s, uchar *p, uchar *iv)
        setupDES3state(s->enckey, (uchar(*)[8])p, iv);
 }
 
+static void
+initAESkey(Encalg *ea, Secret *s, uchar *p, uchar *iv)
+{
+       s->enckey = smalloc(sizeof(AESstate));
+       s->enc = aesenc;
+       s->dec = aesdec;
+       s->block = 16;
+       setupAESstate(s->enckey, p, ea->keylen, iv);
+}
+
 static void
 initclearenc(Encalg *, Secret *s, uchar *, uchar *)
 {
@@ -1440,6 +1452,8 @@ static Encalg encrypttab[] =
        { "clear", 0, 0, initclearenc },
        { "rc4_128", 128/8, 0, initRC4key },
        { "3des_ede_cbc", 3 * 8, 8, initDES3key },
+       { "aes_128_cbc", 128/8, 16, initAESkey },
+       { "aes_256_cbc", 256/8, 16, initAESkey },
        { 0 }
 };
 
@@ -1810,7 +1824,7 @@ tlsError(TlsRec *tr, char *msg)
 {
        int s;
 
-if(tr->debug)pprint("tleError %s\n", msg);
+if(tr->debug)pprint("tlsError %s\n", msg);
        lock(&tr->statelk);
        s = tr->state;
        tr->state = SError;
@@ -2015,6 +2029,22 @@ des3dec(Secret *sec, uchar *buf, int n)
        des3CBCdecrypt(buf, n, sec->enckey);
        return (*sec->unpad)(buf, n, 8);
 }
+
+static int
+aesenc(Secret *sec, uchar *buf, int n)
+{
+       n = blockpad(buf, n, 16);
+       aesCBCencrypt(buf, n, sec->enckey);
+       return n;
+}
+
+static int
+aesdec(Secret *sec, uchar *buf, int n)
+{
+       aesCBCdecrypt(buf, n, sec->enckey);
+       return (*sec->unpad)(buf, n, 16);
+}
+
 static DigestState*
 nomac(uchar *, ulong, uchar *, ulong, uchar *, DigestState *)
 {