|
Packit Service |
4684c1 |
/*
|
|
Packit Service |
4684c1 |
* Copyright (C) 2000-2012 Free Software Foundation, Inc.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Author: Nikos Mavrogiannopoulos
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This file is part of GnuTLS.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The GnuTLS is free software; you can redistribute it and/or
|
|
Packit Service |
4684c1 |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit Service |
4684c1 |
* the License, or (at your option) any later version.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This library is distributed in the hope that it will be useful, but
|
|
Packit Service |
4684c1 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
4684c1 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit Service |
4684c1 |
* Lesser General Public License for more details.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* along with this program. If not, see <https://www.gnu.org/licenses/>
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#ifndef GNUTLS_LIB_CIPHER_INT_H
|
|
Packit Service |
4684c1 |
#define GNUTLS_LIB_CIPHER_INT_H
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#include <gnutls/crypto.h>
|
|
Packit Service |
4684c1 |
#include "errors.h"
|
|
Packit Service |
4684c1 |
#include <crypto-backend.h>
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
extern int crypto_cipher_prio;
|
|
Packit Service |
4684c1 |
extern gnutls_crypto_cipher_st _gnutls_cipher_ops;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
typedef int (*cipher_encrypt_func) (void *hd, const void *plaintext,
|
|
Packit Service |
4684c1 |
size_t, void *ciphertext, size_t);
|
|
Packit Service |
4684c1 |
typedef int (*cipher_decrypt_func) (void *hd, const void *ciphertext,
|
|
Packit Service |
4684c1 |
size_t, void *plaintext, size_t);
|
|
Packit Service |
4684c1 |
typedef int (*aead_cipher_encrypt_func) (void *hd,
|
|
Packit Service |
4684c1 |
const void *nonce, size_t,
|
|
Packit Service |
4684c1 |
const void *auth, size_t,
|
|
Packit Service |
4684c1 |
size_t tag,
|
|
Packit Service |
4684c1 |
const void *plaintext, size_t,
|
|
Packit Service |
4684c1 |
void *ciphertext, size_t);
|
|
Packit Service |
4684c1 |
typedef int (*aead_cipher_decrypt_func) (void *hd,
|
|
Packit Service |
4684c1 |
const void *nonce, size_t,
|
|
Packit Service |
4684c1 |
const void *auth, size_t,
|
|
Packit Service |
4684c1 |
size_t tag,
|
|
Packit Service |
4684c1 |
const void *ciphertext, size_t,
|
|
Packit Service |
4684c1 |
void *plaintext, size_t);
|
|
Packit Service |
4684c1 |
typedef void (*cipher_deinit_func) (void *hd);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
typedef int (*cipher_auth_func) (void *hd, const void *data, size_t);
|
|
Packit Service |
4684c1 |
typedef int (*cipher_setiv_func) (void *hd, const void *iv, size_t);
|
|
Packit Service |
4684c1 |
typedef int (*cipher_getiv_func) (void *hd, void *iv, size_t);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
typedef void (*cipher_tag_func) (void *hd, void *tag, size_t);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
typedef struct {
|
|
Packit Service |
4684c1 |
void *handle;
|
|
Packit Service |
4684c1 |
const cipher_entry_st *e;
|
|
Packit Service |
4684c1 |
cipher_encrypt_func encrypt;
|
|
Packit Service |
4684c1 |
cipher_decrypt_func decrypt;
|
|
Packit Service |
4684c1 |
aead_cipher_encrypt_func aead_encrypt;
|
|
Packit Service |
4684c1 |
aead_cipher_decrypt_func aead_decrypt;
|
|
Packit Service |
4684c1 |
cipher_auth_func auth;
|
|
Packit Service |
4684c1 |
cipher_tag_func tag;
|
|
Packit Service |
4684c1 |
cipher_setiv_func setiv;
|
|
Packit Service |
4684c1 |
cipher_getiv_func getiv;
|
|
Packit Service |
4684c1 |
cipher_deinit_func deinit;
|
|
Packit Service |
4684c1 |
} cipher_hd_st;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int _gnutls_cipher_init(cipher_hd_st *, const cipher_entry_st * e,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * key,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * iv, int enc);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
inline static int _gnutls_cipher_setiv(const cipher_hd_st * handle,
|
|
Packit Service |
4684c1 |
const void *iv, size_t ivlen)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
return handle->setiv(handle->handle, iv, ivlen);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
inline static int _gnutls_cipher_getiv(const cipher_hd_st * handle,
|
|
Packit Service |
4684c1 |
void *iv, size_t ivlen)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
if (unlikely(handle == NULL || handle->handle == NULL ||
|
|
Packit Service |
4684c1 |
handle->getiv == NULL))
|
|
Packit Service |
4684c1 |
return GNUTLS_E_INVALID_REQUEST;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return handle->getiv(handle->handle, iv, ivlen);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
inline static int
|
|
Packit Service |
4684c1 |
_gnutls_cipher_encrypt2(const cipher_hd_st * handle, const void *text,
|
|
Packit Service |
4684c1 |
size_t textlen, void *ciphertext,
|
|
Packit Service |
4684c1 |
size_t ciphertextlen)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
if (likely(handle != NULL && handle->handle != NULL)) {
|
|
Packit Service |
4684c1 |
if (handle->encrypt == NULL) {
|
|
Packit Service |
4684c1 |
return (GNUTLS_E_INVALID_REQUEST);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
return handle->encrypt(handle->handle, text, textlen,
|
|
Packit Service |
4684c1 |
ciphertext, ciphertextlen);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
inline static int
|
|
Packit Service |
4684c1 |
_gnutls_cipher_decrypt2(const cipher_hd_st * handle,
|
|
Packit Service |
4684c1 |
const void *ciphertext, size_t ciphertextlen,
|
|
Packit Service |
4684c1 |
void *text, size_t textlen)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
if (likely(handle != NULL && handle->handle != NULL)) {
|
|
Packit Service |
4684c1 |
if (handle->decrypt == NULL) {
|
|
Packit Service |
4684c1 |
return (GNUTLS_E_INVALID_REQUEST);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
return handle->decrypt(handle->handle, ciphertext,
|
|
Packit Service |
4684c1 |
ciphertextlen, text, textlen);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
inline static int
|
|
Packit Service |
4684c1 |
_gnutls_aead_cipher_encrypt(const cipher_hd_st * handle,
|
|
Packit Service |
4684c1 |
const void *nonce, size_t nonce_len,
|
|
Packit Service |
4684c1 |
const void *auth, size_t auth_len,
|
|
Packit Service |
4684c1 |
size_t tag,
|
|
Packit Service |
4684c1 |
const void *text, size_t textlen,
|
|
Packit Service |
4684c1 |
void *ciphertext, size_t ciphertextlen)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
if (likely(handle != NULL && handle->handle != NULL && handle->aead_encrypt != NULL)) {
|
|
Packit Service |
4684c1 |
return handle->aead_encrypt(handle->handle,
|
|
Packit Service |
4684c1 |
nonce, nonce_len,
|
|
Packit Service |
4684c1 |
auth, auth_len,
|
|
Packit Service |
4684c1 |
tag,
|
|
Packit Service |
4684c1 |
text, textlen,
|
|
Packit Service |
4684c1 |
ciphertext, ciphertextlen);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return GNUTLS_E_INVALID_REQUEST;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
inline static int
|
|
Packit Service |
4684c1 |
_gnutls_aead_cipher_decrypt(const cipher_hd_st * handle,
|
|
Packit Service |
4684c1 |
const void *nonce, size_t nonce_len,
|
|
Packit Service |
4684c1 |
const void *auth, size_t auth_len,
|
|
Packit Service |
4684c1 |
size_t tag,
|
|
Packit Service |
4684c1 |
const void *ciphertext, size_t ciphertextlen,
|
|
Packit Service |
4684c1 |
void *text, size_t textlen)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
if (likely(handle != NULL && handle->handle != NULL && handle->aead_decrypt != NULL)) {
|
|
Packit Service |
4684c1 |
return handle->aead_decrypt(handle->handle,
|
|
Packit Service |
4684c1 |
nonce, nonce_len,
|
|
Packit Service |
4684c1 |
auth, auth_len,
|
|
Packit Service |
4684c1 |
tag,
|
|
Packit Service |
4684c1 |
ciphertext, ciphertextlen,
|
|
Packit Service |
4684c1 |
text, textlen);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return GNUTLS_E_INVALID_REQUEST;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
inline static void _gnutls_cipher_deinit(cipher_hd_st * handle)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
if (likely(handle != NULL && handle->handle != NULL)) {
|
|
Packit Service |
4684c1 |
handle->deinit(handle->handle);
|
|
Packit Service |
4684c1 |
handle->handle = NULL;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int _gnutls_cipher_exists(gnutls_cipher_algorithm_t cipher);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int _gnutls_cipher_get_iv(gnutls_cipher_hd_t handle, void *iv,
|
|
Packit Service |
4684c1 |
size_t ivlen);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define _gnutls_cipher_is_aead(h) _gnutls_cipher_algo_is_aead((h)->e)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* returns the tag in AUTHENC ciphers */
|
|
Packit Service |
4684c1 |
inline static void _gnutls_cipher_tag(const cipher_hd_st * handle,
|
|
Packit Service |
4684c1 |
void *tag, size_t tag_size)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
if (likely(handle != NULL && handle->handle != NULL)) {
|
|
Packit Service |
4684c1 |
handle->tag(handle->handle, tag, tag_size);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Add auth data for AUTHENC ciphers
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
inline static int _gnutls_cipher_auth(const cipher_hd_st * handle,
|
|
Packit Service |
4684c1 |
const void *text, size_t textlen)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
if (likely(handle != NULL && handle->handle != NULL)) {
|
|
Packit Service |
4684c1 |
return handle->auth(handle->handle, text, textlen);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
return GNUTLS_E_INTERNAL_ERROR;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define _gnutls_cipher_encrypt(x,y,z) _gnutls_cipher_encrypt2(x,y,z,y,z)
|
|
Packit Service |
4684c1 |
#define _gnutls_cipher_decrypt(x,y,z) _gnutls_cipher_decrypt2(x,y,z,y,z)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* auth_cipher API. Allows combining a cipher with a MAC.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
typedef struct {
|
|
Packit Service |
4684c1 |
cipher_hd_st cipher;
|
|
Packit Service |
4684c1 |
union {
|
|
Packit Service |
4684c1 |
digest_hd_st dig;
|
|
Packit Service |
4684c1 |
mac_hd_st mac;
|
|
Packit Service |
4684c1 |
} mac;
|
|
Packit Service |
4684c1 |
unsigned int is_mac:1;
|
|
Packit Service |
4684c1 |
#ifdef ENABLE_SSL3
|
|
Packit Service |
4684c1 |
unsigned int ssl_hmac:1;
|
|
Packit Service |
4684c1 |
#endif
|
|
Packit Service |
4684c1 |
#ifdef ENABLE_GOST
|
|
Packit Service |
4684c1 |
unsigned int continuous_mac:1;
|
|
Packit Service |
4684c1 |
#endif
|
|
Packit Service |
4684c1 |
unsigned int non_null:1;
|
|
Packit Service |
4684c1 |
unsigned int etm:1;
|
|
Packit Service |
4684c1 |
size_t tag_size;
|
|
Packit Service |
4684c1 |
} auth_cipher_hd_st;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int _gnutls_auth_cipher_init(auth_cipher_hd_st * handle,
|
|
Packit Service |
4684c1 |
const cipher_entry_st * e,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * cipher_key,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * iv,
|
|
Packit Service |
4684c1 |
const mac_entry_st * me,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * mac_key,
|
|
Packit Service |
4684c1 |
unsigned etm,
|
|
Packit Service |
4684c1 |
#ifdef ENABLE_SSL3
|
|
Packit Service |
4684c1 |
unsigned ssl_hmac,
|
|
Packit Service |
4684c1 |
#endif
|
|
Packit Service |
4684c1 |
int enc);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int _gnutls_auth_cipher_add_auth(auth_cipher_hd_st * handle,
|
|
Packit Service |
4684c1 |
const void *text, int textlen);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int _gnutls_auth_cipher_encrypt2_tag(auth_cipher_hd_st * handle,
|
|
Packit Service |
4684c1 |
const uint8_t * text, int textlen,
|
|
Packit Service |
4684c1 |
void *ciphertext, int ciphertextlen,
|
|
Packit Service |
4684c1 |
int pad_size);
|
|
Packit Service |
4684c1 |
int _gnutls_auth_cipher_decrypt2(auth_cipher_hd_st * handle,
|
|
Packit Service |
4684c1 |
const void *ciphertext, int ciphertextlen,
|
|
Packit Service |
4684c1 |
void *text, int textlen);
|
|
Packit Service |
4684c1 |
int _gnutls_auth_cipher_tag(auth_cipher_hd_st * handle, void *tag,
|
|
Packit Service |
4684c1 |
int tag_size);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
inline static int _gnutls_auth_cipher_setiv(const auth_cipher_hd_st *
|
|
Packit Service |
4684c1 |
handle, const void *iv,
|
|
Packit Service |
4684c1 |
size_t ivlen)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
return _gnutls_cipher_setiv(&handle->cipher, iv, ivlen);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
inline static size_t _gnutls_auth_cipher_tag_len(auth_cipher_hd_st *
|
|
Packit Service |
4684c1 |
handle)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
return handle->tag_size;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define _gnutls_auth_cipher_is_aead(h) _gnutls_cipher_is_aead(&(h)->cipher)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
void _gnutls_auth_cipher_deinit(auth_cipher_hd_st * handle);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#endif /* GNUTLS_LIB_CIPHER_INT_H */
|