accelerated: padlock: use the new nettle APIs

Also remove any ifdefs for nettle (it is not conditionally compiled in),
and do not register accelerators for AES-192-CBC. That cipher is widely
ignored to bother.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/lib/accelerated/x86/aes-padlock.c b/lib/accelerated/x86/aes-padlock.c
index 4c90888add7361491168b702b72e27ceaebd984f..dc2432ad8833848b43eace0eb5128cde1975946e 100644 (file)
--- a/lib/accelerated/x86/aes-padlock.c
+++ b/lib/accelerated/x86/aes-padlock.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2011-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2011-2018 Free Software Foundation, Inc.
+ * Copyright (C) 2018 Red Hat, Inc.
  *
  * Author: Nikos Mavrogiannopoulos
  *
@@ -31,10 +32,8 @@
 #include "errors.h"
 #include <aes-x86.h>
 #include <x86-common.h>
-#ifdef HAVE_LIBNETTLE
-# include <nettle/aes.h>               /* for key generation in 192 and 256 bits */
-# include <sha-padlock.h>
-#endif
+#include <nettle/aes.h>                /* for key generation in 192 and 256 bits */
+#include <sha-padlock.h>
 #include <aes-padlock.h>
 
 static int
@@ -42,7 +41,6 @@ aes_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
 {
        /* we use key size to distinguish */
        if (algorithm != GNUTLS_CIPHER_AES_128_CBC
-           && algorithm != GNUTLS_CIPHER_AES_192_CBC
            && algorithm != GNUTLS_CIPHER_AES_256_CBC)
                return GNUTLS_E_INVALID_REQUEST;
 
@@ -61,9 +59,7 @@ padlock_aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
 {
        struct padlock_ctx *ctx = _ctx;
        struct padlock_cipher_data *pce;
-#ifdef HAVE_LIBNETTLE
-       struct aes_ctx nc;
-#endif
+       struct aes256_ctx nc;
 
        memset(_ctx, 0, sizeof(struct padlock_cipher_data));
 
@@ -78,27 +74,21 @@ padlock_aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
                memcpy(pce->ks.rd_key, userkey, 16);
                pce->cword.b.keygen = 0;
                break;
-#ifdef HAVE_LIBNETTLE
-       case 24:
-               pce->cword.b.ksize = 1;
-               pce->cword.b.rounds = 12;
-               goto common_24_32;
        case 32:
                pce->cword.b.ksize = 2;
                pce->cword.b.rounds = 14;
-             common_24_32:
+
                /* expand key using nettle */
                if (ctx->enc)
-                       aes_set_encrypt_key(&nc, keysize, userkey);
+                       aes256_set_encrypt_key(&nc, userkey);
                else
-                       aes_set_decrypt_key(&nc, keysize, userkey);
+                       aes256_set_decrypt_key(&nc, userkey);
 
                memcpy(pce->ks.rd_key, nc.keys, sizeof(nc.keys));
-               pce->ks.rounds = nc.rounds;
+               pce->ks.rounds = _AES256_ROUNDS;
 
                pce->cword.b.keygen = 1;
                break;
-#endif
        default:
                return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
        }

diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c
index 152b0355c3205e4ca2097a41ac10aebd6da3f263..75b2a6b166a8a6b21d65df9a2038ce9a78772c8a 100644 (file)
--- a/lib/accelerated/x86/x86-common.c
+++ b/lib/accelerated/x86/x86-common.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2011-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2011-2018 Free Software Foundation, Inc.
+ * Copyright (C) 2018 Red Hat, Inc.
  *
  * Author: Nikos Mavrogiannopoulos
  *
@@ -306,13 +307,6 @@ void register_x86_padlock_crypto(unsigned capabilities)
                if (ret < 0) {
                        gnutls_assert();
                }
-#ifdef HAVE_LIBNETTLE
-               ret =
-                   gnutls_crypto_single_cipher_register
-                   (GNUTLS_CIPHER_AES_192_CBC, 80, &_gnutls_aes_padlock, 0);
-               if (ret < 0) {
-                       gnutls_assert();
-               }
 
                ret =
                    gnutls_crypto_single_cipher_register
@@ -328,7 +322,6 @@ void register_x86_padlock_crypto(unsigned capabilities)
                if (ret < 0) {
                        gnutls_assert();
                }
-#endif
        } else {
                _gnutls_priority_update_non_aesni();
        }