From 9d339f288eda10e5334bbf4ccdfd068eaee95c0e Mon Sep 17 00:00:00 2001 From: Miloslav Trmač Date: Mon, 15 Nov 2010 21:19:21 +0100 Subject: Add ncr_symm_cipher_change_iv --- include/ncrypto/ncrypto.h | 2 ++ lib/ncrypto_local.c | 19 ++++++++++++++++ tests/symm_ciphers.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 77 insertions(+) diff --git a/include/ncrypto/ncrypto.h b/include/ncrypto/ncrypto.h index 024d5a7..a09d451 100644 --- a/include/ncrypto/ncrypto.h +++ b/include/ncrypto/ncrypto.h @@ -158,6 +158,8 @@ struct ncr_symm_cipher_session; CK_RV ncr_symm_cipher_alloc (struct ncr_symm_cipher_session **sess, CK_MECHANISM_TYPE mech); CK_RV ncr_symm_cipher_free (struct ncr_symm_cipher_session *sess); +CK_RV ncr_symm_cipher_change_iv (struct ncr_symm_cipher_session *sess, + const void *iv, size_t iv_size); /* Use either ncr_symm_cipher_encrypt_{init,update,final} (), or ncr_symm_cipher_{encrypt_init,encrypt} (). After finishing such a call sequence, a new sequence can be started within the same session. Same for diff --git a/lib/ncrypto_local.c b/lib/ncrypto_local.c index da1ccab..537aaac 100644 --- a/lib/ncrypto_local.c +++ b/lib/ncrypto_local.c @@ -501,6 +501,25 @@ ncr_symm_cipher_free (struct ncr_symm_cipher_session *sess) return CKR_OK; } +CK_RV +ncr_symm_cipher_change_iv (struct ncr_symm_cipher_session *sess, const void *iv, + size_t iv_size) +{ + g_return_val_if_fail (sess != NULL, CKR_SESSION_HANDLE_INVALID); + g_return_val_if_fail (sess->state == NSCS_INITIALIZED + || sess->state == NSCS_UPDATED, + CKR_OPERATION_NOT_INITIALIZED); + g_return_val_if_fail (iv != NULL || iv_size == 0, CKR_ARGUMENTS_BAD); + + g_return_val_if_fail (iv_size + == (unsigned)EVP_CIPHER_CTX_iv_length (&sess->ctx), + CKR_MECHANISM_PARAM_INVALID); + g_assert (iv_size <= sizeof (sess->ctx.iv)); + + memcpy (sess->ctx.iv, iv, iv_size); + return CKR_OK; +} + static CK_RV symm_cipher_init (struct ncr_symm_cipher_session *sess, bool encrypt, struct ncr_symm_key *key, const void *param, diff --git a/tests/symm_ciphers.c b/tests/symm_ciphers.c index a6f3570..2c2cd92 100644 --- a/tests/symm_ciphers.c +++ b/tests/symm_ciphers.c @@ -204,6 +204,62 @@ main (void) assert (res == CKR_OK); } + for (i = 0; i < G_N_ELEMENTS (tvs); i++) + { + res = ncr_symm_cipher_alloc (&sess, tvs[i].mech); + assert (res == CKR_OK); + + res = ncr_symm_key_create (&key, tvs[i].key_type, true, tvs[i].key, + tvs[i].key_size); + assert (res == CKR_OK); + + res = ncr_symm_cipher_encrypt_init (sess, key, tvs[i].iv, tvs[i].iv_size); + assert (res == CKR_OK); + + dest_size = sizeof (dest); + res = ncr_symm_cipher_encrypt_update (sess, dest, &dest_size, + tvs[i].input, tvs[i].input_size); + assert (res == CKR_OK); + assert (dest_size == tvs[i].output_size); + assert (memcmp (dest, tvs[i].output, dest_size) == 0); + + res = ncr_symm_cipher_change_iv (sess, tvs[i].iv, tvs[i].iv_size); + assert (res == CKR_OK); + + dest_size = sizeof (dest); + res = ncr_symm_cipher_encrypt_final (sess, dest, &dest_size, tvs[i].input, + tvs[i].input_size); + assert (res == CKR_OK); + assert (dest_size == tvs[i].output_size); + assert (memcmp (dest, tvs[i].output, dest_size) == 0); + + res = ncr_symm_cipher_decrypt_init (sess, key, tvs[i].iv, tvs[i].iv_size); + assert (res == CKR_OK); + + dest_size = sizeof (dest); + res = ncr_symm_cipher_decrypt_update (sess, dest, &dest_size, + tvs[i].output, tvs[i].output_size); + assert (res == CKR_OK); + assert (dest_size == tvs[i].input_size); + assert (memcmp (dest, tvs[i].input, dest_size) == 0); + + res = ncr_symm_cipher_change_iv (sess, tvs[i].iv, tvs[i].iv_size); + assert (res == CKR_OK); + + dest_size = sizeof (dest); + res = ncr_symm_cipher_decrypt_final (sess, dest, &dest_size, + tvs[i].output, tvs[i].output_size); + assert (res == CKR_OK); + assert (dest_size == tvs[i].input_size); + assert (memcmp (dest, tvs[i].input, dest_size) == 0); + + res = ncr_symm_key_destroy (key); + assert (res == CKR_OK); + + res = ncr_symm_cipher_free (sess); + assert (res == CKR_OK); + } + for (i = 0; i < G_N_ELEMENTS (tvs); i++) { res = ncr_symm_cipher_alloc (&sess, tvs[i].mech); -- cgit