|
Packit |
aea12f |
@node Using GnuTLS as a cryptographic library
|
|
Packit |
aea12f |
@chapter Using GnuTLS as a cryptographic library
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@acronym{GnuTLS} is not a low-level cryptographic library, i.e.,
|
|
Packit |
aea12f |
it does not provide access to basic cryptographic primitives. However
|
|
Packit |
aea12f |
it abstracts the internal cryptographic back-end (see @ref{Cryptographic Backend}),
|
|
Packit |
aea12f |
providing symmetric crypto, hash and HMAC algorithms, as well access
|
|
Packit |
aea12f |
to the random number generation. For a low-level crypto API the usage of nettle
|
|
Packit |
aea12f |
@footnote{See @uref{https://www.lysator.liu.se/~nisse/nettle/}.} library is recommended.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@menu
|
|
Packit |
aea12f |
* Symmetric algorithms::
|
|
Packit |
aea12f |
* Public key algorithms::
|
|
Packit |
aea12f |
* Cryptographic Message Syntax / PKCS7::
|
|
Packit |
aea12f |
* Hash and MAC functions::
|
|
Packit |
aea12f |
* Random number generation::
|
|
Packit |
aea12f |
* Overriding algorithms::
|
|
Packit |
aea12f |
@end menu
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@node Symmetric algorithms
|
|
Packit |
aea12f |
@section Symmetric algorithms
|
|
Packit |
aea12f |
@cindex symmetric algorithms
|
|
Packit |
aea12f |
@cindex symmetric cryptography
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The available functions to access symmetric crypto algorithms operations
|
|
Packit |
aea12f |
are listed in the sections below. The supported algorithms are the algorithms required by the TLS protocol.
|
|
Packit |
aea12f |
They are listed in @ref{gnutls_cipher_algorithm_t}. Note that there two
|
|
Packit |
aea12f |
types of ciphers, the ones providing an authenticated-encryption with
|
|
Packit |
aea12f |
associated data (AEAD), and the legacy ciphers which provide raw access
|
|
Packit Service |
991b93 |
to the ciphers. We recommend the use of the AEAD ciphers under the AEAD APIs
|
|
Packit Service |
991b93 |
for new applications as they are designed to minimize the misuse of
|
|
Packit Service |
991b93 |
cryptographic primitives.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@showenumdesc{gnutls_cipher_algorithm_t,The supported ciphers.}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading Authenticated-encryption API
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The AEAD API provides access to all ciphers supported by GnuTLS which support
|
|
Packit Service |
991b93 |
authenticated encryption with associated data; these ciphers are marked with
|
|
Packit Service |
991b93 |
the AEAD keyword on the table above. The AEAD cipher API is
|
|
Packit Service |
991b93 |
particularly suitable for message or packet-encryption as it provides
|
|
Packit Service |
991b93 |
authentication and encryption on the same API. See @code{RFC5116} for more
|
|
Packit Service |
991b93 |
information on authenticated encryption.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@showfuncD{gnutls_aead_cipher_init,gnutls_aead_cipher_encrypt,gnutls_aead_cipher_decrypt,gnutls_aead_cipher_deinit}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Because the encryption function above may be difficult to use with
|
|
Packit |
aea12f |
scattered data, we provide the following API.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@showfuncdesc{gnutls_aead_cipher_encryptv}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subheading Legacy API
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The legacy API provides low-level access to all legacy ciphers supported by GnuTLS,
|
|
Packit |
aea12f |
and some of the AEAD ciphers (e.g., AES-GCM and CHACHA20). The restrictions
|
|
Packit |
aea12f |
of the nettle library implementation of the ciphers apply verbatim to this
|
|
Packit |
aea12f |
API@footnote{See the nettle manual @url{https://www.lysator.liu.se/~nisse/nettle/nettle.html}}.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@showfuncE{gnutls_cipher_init,gnutls_cipher_encrypt2,gnutls_cipher_decrypt2,gnutls_cipher_set_iv,gnutls_cipher_deinit}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@showfuncB{gnutls_cipher_add_auth,gnutls_cipher_tag}
|
|
Packit |
aea12f |
While the latter two functions allow the same API can be used with authenticated encryption ciphers,
|
|
Packit |
aea12f |
it is recommended to use the following functions which are solely for AEAD ciphers. The latter
|
|
Packit |
aea12f |
API is designed to be simple to use and also hard to misuse, by handling the tag verification
|
|
Packit |
aea12f |
and addition in transparent way.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@node Public key algorithms
|
|
Packit |
aea12f |
@section Public key algorithms
|
|
Packit |
aea12f |
@cindex public key algorithms
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Public key cryptography algorithms such as RSA, DSA and ECDSA, are
|
|
Packit |
aea12f |
accessed using the abstract key API in @ref{Abstract key types}. This
|
|
Packit |
aea12f |
is a high level API with the advantage of transparently handling keys
|
|
Packit |
aea12f |
stored in memory and keys present in smart cards.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@showfuncF{gnutls_privkey_init,gnutls_privkey_import_url,gnutls_privkey_import_x509_raw,gnutls_privkey_sign_data,gnutls_privkey_sign_hash,gnutls_privkey_deinit}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@showfuncF{gnutls_pubkey_init,gnutls_pubkey_import_url,gnutls_pubkey_import_x509,gnutls_pubkey_verify_data2,gnutls_pubkey_verify_hash2,gnutls_pubkey_deinit}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Keys stored in memory can be imported using functions like
|
|
Packit |
aea12f |
@funcref{gnutls_privkey_import_x509_raw}, while keys on smart cards or HSMs
|
|
Packit |
aea12f |
should be imported using their PKCS#11 URL with
|
|
Packit |
aea12f |
@funcref{gnutls_privkey_import_url}.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If any of the smart card operations require PIN, that should be provided
|
|
Packit |
aea12f |
either by setting the global PIN function
|
|
Packit |
aea12f |
(@funcref{gnutls_pkcs11_set_pin_function}), or better with the targeted to
|
|
Packit |
aea12f |
structures functions such as @funcref{gnutls_privkey_set_pin_function}.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@subsection Key generation
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
All supported key types (including RSA, DSA, ECDSA, Ed25519, Ed448) can be generated
|
|
Packit |
aea12f |
with GnuTLS. They can be generated with the simpler @funcref{gnutls_privkey_generate}
|
|
Packit |
aea12f |
or with the more advanced @funcref{gnutls_privkey_generate2}.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@showfuncdesc{gnutls_privkey_generate2}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@node Cryptographic Message Syntax / PKCS7
|
|
Packit |
aea12f |
@section Cryptographic Message Syntax / PKCS7
|
|
Packit |
aea12f |
@cindex public key algorithms
|
|
Packit |
aea12f |
@cindex cryptographic message syntax
|
|
Packit |
aea12f |
@cindex file signing
|
|
Packit |
aea12f |
@cindex CMS
|
|
Packit |
aea12f |
@cindex PKCS #7
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The CMS or PKCS #7 format is a commonly used format for digital signatures.
|
|
Packit |
aea12f |
PKCS #7 is the name of the original standard when published by RSA, though
|
|
Packit |
aea12f |
today the standard is adopted by IETF under the name CMS.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The standards include multiple ways of signing a digital document, e.g.,
|
|
Packit |
aea12f |
by embedding the data into the signature, or creating detached signatures of the data,
|
|
Packit |
aea12f |
including a timestamp, additional certificates etc. In certain cases the
|
|
Packit |
aea12f |
same format is also used to transport lists of certificates and CRLs.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
It is a relatively popular standard to sign structures, and is being used to
|
|
Packit |
aea12f |
sign in PDF files, as well as for signing kernel modules and other
|
|
Packit |
aea12f |
structures.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
In GnuTLS, the basic functions to initialize, deinitialize, import, export or print information
|
|
Packit |
aea12f |
about a PKCS #7 structure are listed below.
|
|
Packit |
aea12f |
@showfuncE{gnutls_pkcs7_init,gnutls_pkcs7_deinit,gnutls_pkcs7_export2,gnutls_pkcs7_import,gnutls_pkcs7_print}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The following functions allow the verification of a structure using either a trust list, or
|
|
Packit |
aea12f |
individual certificates. The @funcref{gnutls_pkcs7_sign} function is the data signing function.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@showfuncB{gnutls_pkcs7_verify_direct,gnutls_pkcs7_verify}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@showfuncdesc{gnutls_pkcs7_sign}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@showenumdesc{gnutls_pkcs7_sign_flags,Flags applicable to gnutls_pkcs7_sign()}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Other helper functions which allow to access the signatures, or certificates attached
|
|
Packit |
aea12f |
in the structure are listed below.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@showfuncF{gnutls_pkcs7_get_signature_count,gnutls_pkcs7_get_signature_info,gnutls_pkcs7_get_crt_count,gnutls_pkcs7_get_crt_raw2,gnutls_pkcs7_get_crl_count,gnutls_pkcs7_get_crl_raw2}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
To append certificates, or CRLs in the structure the following functions are provided.
|
|
Packit |
aea12f |
@showfuncD{gnutls_pkcs7_set_crt_raw,gnutls_pkcs7_set_crt,gnutls_pkcs7_set_crl_raw,gnutls_pkcs7_set_crl}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@node Hash and MAC functions
|
|
Packit |
aea12f |
@section Hash and MAC functions
|
|
Packit |
aea12f |
@cindex hash functions
|
|
Packit |
aea12f |
@cindex HMAC functions
|
|
Packit |
aea12f |
@cindex MAC functions
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The available operations to access hash functions and hash-MAC (HMAC) algorithms
|
|
Packit |
aea12f |
are shown below. HMAC algorithms provided keyed hash functionality. The supported MAC and HMAC
|
|
Packit |
aea12f |
algorithms are listed in @ref{gnutls_mac_algorithm_t}. Note that, despite the @code{hmac} part
|
|
Packit |
aea12f |
in the name of the MAC functions listed below, they can be used either for HMAC or MAC operations.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@showenumdesc{gnutls_mac_algorithm_t,The supported MAC and HMAC algorithms.}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@showfuncF{gnutls_hmac_init,gnutls_hmac,gnutls_hmac_output,gnutls_hmac_deinit,gnutls_hmac_get_len,gnutls_hmac_fast}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The available functions to access hash functions are shown below. The supported hash functions
|
|
Packit |
aea12f |
are shown in @ref{gnutls_digest_algorithm_t}.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@showfuncF{gnutls_hash_init,gnutls_hash,gnutls_hash_output,gnutls_hash_deinit,gnutls_hash_get_len,gnutls_hash_fast}
|
|
Packit |
aea12f |
@showfuncA{gnutls_fingerprint}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@showenumdesc{gnutls_digest_algorithm_t,The supported hash algorithms.}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@node Random number generation
|
|
Packit |
aea12f |
@section Random number generation
|
|
Packit |
aea12f |
@cindex random numbers
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Access to the random number generator is provided using the @funcref{gnutls_rnd}
|
|
Packit |
aea12f |
function. It allows obtaining random data of various levels.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@showenumdesc{gnutls_rnd_level_t,The random number levels.}
|
|
Packit |
aea12f |
@showfuncdesc{gnutls_rnd}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
See @ref{Random Number Generators-internals} for more information
|
|
Packit |
aea12f |
on the random number generator operation.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@node Overriding algorithms
|
|
Packit |
aea12f |
@section Overriding algorithms
|
|
Packit |
aea12f |
@cindex overriding algorithms
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
In systems which provide a hardware accelerated cipher implementation
|
|
Packit |
aea12f |
that is not directly supported by GnuTLS, it is possible to utilize it.
|
|
Packit |
aea12f |
There are functions which allow overriding the default cipher, digest and MAC
|
|
Packit |
aea12f |
implementations. Those are described below.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
To override public key operations see @ref{Abstract private keys}.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@showfuncdesc{gnutls_crypto_register_cipher}
|
|
Packit |
aea12f |
@showfuncdesc{gnutls_crypto_register_aead_cipher}
|
|
Packit |
aea12f |
@showfuncdesc{gnutls_crypto_register_mac}
|
|
Packit |
aea12f |
@showfuncdesc{gnutls_crypto_register_digest}
|