|
Packit |
aea12f |
/*
|
|
Packit |
aea12f |
* Copyright (C) 2010-2012 Free Software Foundation, Inc.
|
|
Packit |
aea12f |
* Copyright (C) 2014 Red Hat, Inc.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Author: Nikos Mavrogiannopoulos
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* This file is part of GNUTLS.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* The GNUTLS library is free software; you can redistribute it and/or
|
|
Packit |
aea12f |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit |
aea12f |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit |
aea12f |
* the License, or (at your option) any later version.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* This library is distributed in the hope that it will be useful, but
|
|
Packit |
aea12f |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
aea12f |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
aea12f |
* Lesser General Public License for more details.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit |
aea12f |
* along with this program. If not, see <https://www.gnu.org/licenses/>
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Here lie nettle's wrappers for cipher support.
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#include "gnutls_int.h"
|
|
Packit |
aea12f |
#include "errors.h"
|
|
Packit |
aea12f |
#include <cipher_int.h>
|
|
Packit |
aea12f |
#include <nettle/aes.h>
|
|
Packit |
aea12f |
#include <nettle/camellia.h>
|
|
Packit |
aea12f |
#include <nettle/arcfour.h>
|
|
Packit |
aea12f |
#include <nettle/arctwo.h>
|
|
Packit |
aea12f |
#include <nettle/salsa20.h>
|
|
Packit |
aea12f |
#include <nettle/des.h>
|
|
Packit |
aea12f |
#include <nettle/version.h>
|
|
Packit |
aea12f |
#if ENABLE_GOST
|
|
Packit Service |
991b93 |
#ifndef HAVE_NETTLE_GOST28147_SET_KEY
|
|
Packit |
aea12f |
#include "gost/gost28147.h"
|
|
Packit Service |
991b93 |
#else
|
|
Packit Service |
991b93 |
#include <nettle/gost28147.h>
|
|
Packit Service |
991b93 |
#endif
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
#include <nettle/nettle-meta.h>
|
|
Packit |
aea12f |
#include <nettle/cbc.h>
|
|
Packit |
aea12f |
#include <nettle/gcm.h>
|
|
Packit |
aea12f |
#include <nettle/ccm.h>
|
|
Packit Service |
991b93 |
#ifdef HAVE_NETTLE_CHACHA_SET_COUNTER
|
|
Packit Service |
991b93 |
#include <nettle/chacha.h>
|
|
Packit |
aea12f |
#include <nettle/chacha-poly1305.h>
|
|
Packit Service |
991b93 |
#else
|
|
Packit Service |
991b93 |
#include "chacha.h"
|
|
Packit Service |
991b93 |
#include "chacha-poly1305.h"
|
|
Packit Service |
991b93 |
#endif
|
|
Packit |
aea12f |
#ifdef HAVE_NETTLE_CFB8_ENCRYPT
|
|
Packit |
aea12f |
#include <nettle/cfb.h>
|
|
Packit |
aea12f |
#else
|
|
Packit Service |
991b93 |
#include "cfb.h"
|
|
Packit |
aea12f |
#endif /* HAVE_NETTLE_CFB8_ENCRYPT */
|
|
Packit Service |
991b93 |
#ifdef HAVE_NETTLE_XTS_ENCRYPT_MESSAGE
|
|
Packit Service |
991b93 |
#include <nettle/xts.h>
|
|
Packit Service |
991b93 |
#else
|
|
Packit |
aea12f |
#include "xts.h"
|
|
Packit Service |
991b93 |
#endif
|
|
Packit Service |
991b93 |
#ifdef HAVE_NETTLE_SIV_CMAC_AES128_SET_KEY
|
|
Packit Service |
991b93 |
#include <nettle/siv-cmac.h>
|
|
Packit Service |
991b93 |
#else
|
|
Packit Service |
991b93 |
#include "siv-cmac.h"
|
|
Packit Service |
991b93 |
#endif
|
|
Packit |
aea12f |
#include <fips.h>
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
struct nettle_cipher_ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Functions that refer to the nettle library.
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
typedef void (*encrypt_func) (struct nettle_cipher_ctx*,
|
|
Packit |
aea12f |
size_t length,
|
|
Packit |
aea12f |
uint8_t * dst,
|
|
Packit |
aea12f |
const uint8_t * src);
|
|
Packit |
aea12f |
typedef void (*decrypt_func) (struct nettle_cipher_ctx*,
|
|
Packit |
aea12f |
size_t length, uint8_t *dst,
|
|
Packit |
aea12f |
const uint8_t *src);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
typedef void (*aead_encrypt_func) (struct nettle_cipher_ctx*,
|
|
Packit |
aea12f |
size_t nonce_size, const void *nonce,
|
|
Packit |
aea12f |
size_t auth_size, const void *auth,
|
|
Packit |
aea12f |
size_t tag_size,
|
|
Packit |
aea12f |
size_t length, uint8_t * dst,
|
|
Packit |
aea12f |
const uint8_t * src);
|
|
Packit |
aea12f |
typedef int (*aead_decrypt_func) (struct nettle_cipher_ctx*,
|
|
Packit |
aea12f |
size_t nonce_size, const void *nonce,
|
|
Packit |
aea12f |
size_t auth_size, const void *auth,
|
|
Packit |
aea12f |
size_t tag_size,
|
|
Packit |
aea12f |
size_t length, uint8_t * dst,
|
|
Packit |
aea12f |
const uint8_t * src);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
typedef void (*setiv_func) (void *ctx, size_t length, const uint8_t *);
|
|
Packit |
aea12f |
typedef void (*gen_setkey_func) (void *ctx, size_t length, const uint8_t *);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
struct nettle_cipher_st {
|
|
Packit |
aea12f |
gnutls_cipher_algorithm_t algo;
|
|
Packit |
aea12f |
unsigned ctx_size;
|
|
Packit |
aea12f |
nettle_cipher_func *encrypt_block;
|
|
Packit |
aea12f |
nettle_cipher_func *decrypt_block;
|
|
Packit |
aea12f |
unsigned block_size;
|
|
Packit |
aea12f |
unsigned key_size;
|
|
Packit |
aea12f |
unsigned max_iv_size;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
encrypt_func encrypt;
|
|
Packit |
aea12f |
decrypt_func decrypt;
|
|
Packit |
aea12f |
aead_encrypt_func aead_encrypt;
|
|
Packit |
aea12f |
aead_decrypt_func aead_decrypt;
|
|
Packit |
aea12f |
nettle_hash_update_func* auth;
|
|
Packit |
aea12f |
nettle_hash_digest_func* tag;
|
|
Packit |
aea12f |
nettle_set_key_func* set_encrypt_key;
|
|
Packit |
aea12f |
nettle_set_key_func* set_decrypt_key;
|
|
Packit |
aea12f |
gen_setkey_func gen_set_key; /* for arcfour which has variable key size */
|
|
Packit |
aea12f |
setiv_func set_iv;
|
|
Packit |
aea12f |
};
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
struct nettle_cipher_ctx {
|
|
Packit |
aea12f |
const struct nettle_cipher_st *cipher;
|
|
Packit |
aea12f |
void *ctx_ptr; /* always 16-aligned */
|
|
Packit |
aea12f |
uint8_t iv[MAX_CIPHER_BLOCK_SIZE];
|
|
Packit |
aea12f |
unsigned iv_size;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
bool enc;
|
|
Packit |
aea12f |
};
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_stream_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
|
|
Packit |
aea12f |
const uint8_t * src)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
ctx->cipher->encrypt_block(ctx->ctx_ptr, length, dst, src);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_stream_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
|
|
Packit |
aea12f |
const uint8_t * src)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
ctx->cipher->decrypt_block(ctx->ctx_ptr, length, dst, src);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_cbc_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
|
|
Packit |
aea12f |
const uint8_t * src)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
cbc_encrypt(ctx->ctx_ptr, ctx->cipher->encrypt_block,
|
|
Packit |
aea12f |
ctx->iv_size, ctx->iv,
|
|
Packit |
aea12f |
length, dst, src);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_cbc_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
|
|
Packit |
aea12f |
const uint8_t * src)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
cbc_decrypt(ctx->ctx_ptr, ctx->cipher->decrypt_block,
|
|
Packit |
aea12f |
ctx->iv_size, ctx->iv,
|
|
Packit |
aea12f |
length, dst, src);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#if ENABLE_GOST
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_cfb_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
|
|
Packit |
aea12f |
const uint8_t * src)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
cfb_encrypt(ctx->ctx_ptr, ctx->cipher->encrypt_block,
|
|
Packit |
aea12f |
ctx->iv_size, ctx->iv,
|
|
Packit |
aea12f |
length, dst, src);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_cfb_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
|
|
Packit |
aea12f |
const uint8_t * src)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
cfb_decrypt(ctx->ctx_ptr, ctx->cipher->encrypt_block,
|
|
Packit |
aea12f |
ctx->iv_size, ctx->iv,
|
|
Packit |
aea12f |
length, dst, src);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_gost28147_set_key_tc26z(void *ctx, const uint8_t *key)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
gost28147_set_param(ctx, &gost28147_param_TC26_Z);
|
|
Packit Service |
991b93 |
gost28147_set_key(ctx, key);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_gost28147_set_key_cpa(void *ctx, const uint8_t *key)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
gost28147_set_param(ctx, &gost28147_param_CryptoPro_A);
|
|
Packit Service |
991b93 |
gost28147_set_key(ctx, key);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_gost28147_set_key_cpb(void *ctx, const uint8_t *key)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
gost28147_set_param(ctx, &gost28147_param_CryptoPro_B);
|
|
Packit Service |
991b93 |
gost28147_set_key(ctx, key);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_gost28147_set_key_cpc(void *ctx, const uint8_t *key)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
gost28147_set_param(ctx, &gost28147_param_CryptoPro_C);
|
|
Packit Service |
991b93 |
gost28147_set_key(ctx, key);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_gost28147_set_key_cpd(void *ctx, const uint8_t *key)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
gost28147_set_param(ctx, &gost28147_param_CryptoPro_D);
|
|
Packit Service |
991b93 |
gost28147_set_key(ctx, key);
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static void
|
|
Packit Service |
991b93 |
_gost28147_cnt_set_key_tc26z(void *ctx, const uint8_t *key)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
gost28147_cnt_init(ctx, key, &gost28147_param_TC26_Z);
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static void
|
|
Packit Service |
991b93 |
_gost28147_cnt_set_nonce (void *ctx, size_t length, const uint8_t *nonce)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
gost28147_cnt_set_iv (ctx, nonce);
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static void
|
|
Packit Service |
991b93 |
_gost28147_cnt_crypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
|
|
Packit Service |
991b93 |
const uint8_t * src)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
gost28147_cnt_crypt((void *)ctx->ctx_ptr, length, dst, src);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_ccm_encrypt(struct nettle_cipher_ctx *ctx,
|
|
Packit |
aea12f |
size_t nonce_size, const void *nonce,
|
|
Packit |
aea12f |
size_t auth_size, const void *auth,
|
|
Packit |
aea12f |
size_t tag_size,
|
|
Packit |
aea12f |
size_t length, uint8_t * dst,
|
|
Packit |
aea12f |
const uint8_t * src)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
ccm_encrypt_message((void*)ctx->ctx_ptr, ctx->cipher->encrypt_block,
|
|
Packit |
aea12f |
nonce_size, nonce,
|
|
Packit |
aea12f |
auth_size, auth,
|
|
Packit |
aea12f |
tag_size, length, dst, src);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
_ccm_decrypt(struct nettle_cipher_ctx *ctx,
|
|
Packit |
aea12f |
size_t nonce_size, const void *nonce,
|
|
Packit |
aea12f |
size_t auth_size, const void *auth,
|
|
Packit |
aea12f |
size_t tag_size,
|
|
Packit |
aea12f |
size_t length, uint8_t * dst,
|
|
Packit |
aea12f |
const uint8_t * src)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
return ccm_decrypt_message((void*)ctx->ctx_ptr, ctx->cipher->encrypt_block,
|
|
Packit |
aea12f |
nonce_size, nonce,
|
|
Packit |
aea12f |
auth_size, auth,
|
|
Packit |
aea12f |
tag_size, length, dst, src);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit Service |
991b93 |
_siv_cmac_aes128_encrypt_message(struct nettle_cipher_ctx *ctx,
|
|
Packit Service |
991b93 |
size_t nonce_size, const void *nonce,
|
|
Packit Service |
991b93 |
size_t auth_size, const void *auth,
|
|
Packit Service |
991b93 |
size_t tag_size,
|
|
Packit Service |
991b93 |
size_t length, uint8_t * dst,
|
|
Packit Service |
991b93 |
const uint8_t * src)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
siv_cmac_aes128_encrypt_message((void*)ctx->ctx_ptr,
|
|
Packit Service |
991b93 |
nonce_size, nonce,
|
|
Packit Service |
991b93 |
auth_size, auth,
|
|
Packit Service |
991b93 |
length, dst, src);
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static int
|
|
Packit Service |
991b93 |
_siv_cmac_aes128_decrypt_message(struct nettle_cipher_ctx *ctx,
|
|
Packit Service |
991b93 |
size_t nonce_size, const void *nonce,
|
|
Packit Service |
991b93 |
size_t auth_size, const void *auth,
|
|
Packit Service |
991b93 |
size_t tag_size,
|
|
Packit Service |
991b93 |
size_t length, uint8_t * dst,
|
|
Packit Service |
991b93 |
const uint8_t * src)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
return siv_cmac_aes128_decrypt_message((void*)ctx->ctx_ptr,
|
|
Packit Service |
991b93 |
nonce_size, nonce,
|
|
Packit Service |
991b93 |
auth_size, auth,
|
|
Packit Service |
991b93 |
length, dst, src);
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static void
|
|
Packit Service |
991b93 |
_siv_cmac_aes256_encrypt_message(struct nettle_cipher_ctx *ctx,
|
|
Packit Service |
991b93 |
size_t nonce_size, const void *nonce,
|
|
Packit Service |
991b93 |
size_t auth_size, const void *auth,
|
|
Packit Service |
991b93 |
size_t tag_size,
|
|
Packit Service |
991b93 |
size_t length, uint8_t * dst,
|
|
Packit Service |
991b93 |
const uint8_t * src)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
siv_cmac_aes256_encrypt_message((void*)ctx->ctx_ptr,
|
|
Packit Service |
991b93 |
nonce_size, nonce,
|
|
Packit Service |
991b93 |
auth_size, auth,
|
|
Packit Service |
991b93 |
length, dst, src);
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static int
|
|
Packit Service |
991b93 |
_siv_cmac_aes256_decrypt_message(struct nettle_cipher_ctx *ctx,
|
|
Packit Service |
991b93 |
size_t nonce_size, const void *nonce,
|
|
Packit Service |
991b93 |
size_t auth_size, const void *auth,
|
|
Packit Service |
991b93 |
size_t tag_size,
|
|
Packit Service |
991b93 |
size_t length, uint8_t * dst,
|
|
Packit Service |
991b93 |
const uint8_t * src)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
return siv_cmac_aes256_decrypt_message((void*)ctx->ctx_ptr,
|
|
Packit Service |
991b93 |
nonce_size, nonce,
|
|
Packit Service |
991b93 |
auth_size, auth,
|
|
Packit Service |
991b93 |
length, dst, src);
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static void
|
|
Packit Service |
991b93 |
_chacha_set_nonce(struct chacha_ctx *ctx,
|
|
Packit Service |
991b93 |
size_t length, const uint8_t *nonce)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
chacha_set_nonce(ctx, nonce + CHACHA_COUNTER_SIZE);
|
|
Packit Service |
991b93 |
chacha_set_counter(ctx, nonce);
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static void
|
|
Packit Service |
991b93 |
_chacha_set_nonce96(struct chacha_ctx *ctx,
|
|
Packit Service |
991b93 |
size_t length, const uint8_t *nonce)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
chacha_set_nonce96(ctx, nonce + CHACHA_COUNTER32_SIZE);
|
|
Packit Service |
991b93 |
chacha_set_counter32(ctx, nonce);
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static void
|
|
Packit |
aea12f |
_chacha_poly1305_set_nonce (struct chacha_poly1305_ctx *ctx,
|
|
Packit |
aea12f |
size_t length, const uint8_t *nonce)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
chacha_poly1305_set_nonce(ctx, nonce);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
struct gcm_cast_st { struct gcm_key key; struct gcm_ctx gcm; unsigned long xx[1]; };
|
|
Packit |
aea12f |
#define GCM_CTX_GET_KEY(ptr) (&((struct gcm_cast_st*)ptr)->key)
|
|
Packit |
aea12f |
#define GCM_CTX_GET_CTX(ptr) (&((struct gcm_cast_st*)ptr)->gcm)
|
|
Packit |
aea12f |
#define GCM_CTX_GET_CIPHER(ptr) ((void*)&((struct gcm_cast_st*)ptr)->xx)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_gcm_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
|
|
Packit |
aea12f |
const uint8_t * src)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
gcm_encrypt(GCM_CTX_GET_CTX(ctx->ctx_ptr), GCM_CTX_GET_KEY(ctx->ctx_ptr),
|
|
Packit |
aea12f |
GCM_CTX_GET_CIPHER(ctx->ctx_ptr), ctx->cipher->encrypt_block,
|
|
Packit |
aea12f |
length, dst, src);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_gcm_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
|
|
Packit |
aea12f |
const uint8_t * src)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
gcm_decrypt(GCM_CTX_GET_CTX(ctx->ctx_ptr), GCM_CTX_GET_KEY(ctx->ctx_ptr),
|
|
Packit |
aea12f |
GCM_CTX_GET_CIPHER(ctx->ctx_ptr), ctx->cipher->encrypt_block,
|
|
Packit |
aea12f |
length, dst, src);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void _des_set_key(struct des_ctx *ctx, const uint8_t *key)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
des_set_key(ctx, key);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void _des3_set_key(struct des3_ctx *ctx, const uint8_t *key)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
des3_set_key(ctx, key);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_cfb8_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
|
|
Packit |
aea12f |
const uint8_t * src)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
cfb8_encrypt(ctx->ctx_ptr, ctx->cipher->encrypt_block,
|
|
Packit |
aea12f |
ctx->iv_size, ctx->iv,
|
|
Packit |
aea12f |
length, dst, src);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_cfb8_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
|
|
Packit |
aea12f |
const uint8_t * src)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
cfb8_decrypt(ctx->ctx_ptr, ctx->cipher->encrypt_block,
|
|
Packit |
aea12f |
ctx->iv_size, ctx->iv,
|
|
Packit |
aea12f |
length, dst, src);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit Service |
991b93 |
_xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key,
|
|
Packit Service |
991b93 |
const uint8_t *key)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
if (_gnutls_fips_mode_enabled() &&
|
|
Packit Service |
991b93 |
safe_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
|
|
Packit Service |
991b93 |
_gnutls_switch_lib_state(LIB_STATE_ERROR);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
xts_aes128_set_encrypt_key(xts_key, key);
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static void
|
|
Packit Service |
991b93 |
_xts_aes128_set_decrypt_key(struct xts_aes128_key *xts_key,
|
|
Packit Service |
991b93 |
const uint8_t *key)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
if (_gnutls_fips_mode_enabled() &&
|
|
Packit Service |
991b93 |
safe_memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) == 0)
|
|
Packit Service |
991b93 |
_gnutls_switch_lib_state(LIB_STATE_ERROR);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
xts_aes128_set_decrypt_key(xts_key, key);
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static void
|
|
Packit Service |
991b93 |
_xts_aes256_set_encrypt_key(struct xts_aes256_key *xts_key,
|
|
Packit Service |
991b93 |
const uint8_t *key)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
if (_gnutls_fips_mode_enabled() &&
|
|
Packit Service |
991b93 |
safe_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
|
|
Packit Service |
991b93 |
_gnutls_switch_lib_state(LIB_STATE_ERROR);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
xts_aes256_set_encrypt_key(xts_key, key);
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static void
|
|
Packit Service |
991b93 |
_xts_aes256_set_decrypt_key(struct xts_aes256_key *xts_key,
|
|
Packit Service |
991b93 |
const uint8_t *key)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
if (_gnutls_fips_mode_enabled() &&
|
|
Packit Service |
991b93 |
safe_memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) == 0)
|
|
Packit Service |
991b93 |
_gnutls_switch_lib_state(LIB_STATE_ERROR);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
xts_aes256_set_decrypt_key(xts_key, key);
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static void
|
|
Packit |
aea12f |
_xts_aes128_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
|
|
Packit |
aea12f |
const uint8_t * src)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
xts_aes128_encrypt_message(ctx->ctx_ptr, ctx->iv, length, dst, src);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_xts_aes128_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
|
|
Packit |
aea12f |
const uint8_t * src)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
xts_aes128_decrypt_message(ctx->ctx_ptr, ctx->iv, length, dst, src);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_xts_aes256_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
|
|
Packit |
aea12f |
const uint8_t * src)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
xts_aes256_encrypt_message(ctx->ctx_ptr, ctx->iv, length, dst, src);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_xts_aes256_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
|
|
Packit |
aea12f |
const uint8_t * src)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
xts_aes256_decrypt_message(ctx->ctx_ptr, ctx->iv, length, dst, src);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static const struct nettle_cipher_st builtin_ciphers[] = {
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_AES_128_GCM,
|
|
Packit |
aea12f |
.block_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = AES128_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)aes128_encrypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)aes128_decrypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct gcm_aes128_ctx),
|
|
Packit |
aea12f |
.encrypt = _gcm_encrypt,
|
|
Packit |
aea12f |
.decrypt = _gcm_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)gcm_aes128_set_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)gcm_aes128_set_key,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.tag = (nettle_hash_digest_func*)gcm_aes128_digest,
|
|
Packit |
aea12f |
.auth = (nettle_hash_update_func*)gcm_aes128_update,
|
|
Packit |
aea12f |
.set_iv = (setiv_func)gcm_aes128_set_iv,
|
|
Packit |
aea12f |
.max_iv_size = GCM_IV_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit Service |
991b93 |
{ .algo = GNUTLS_CIPHER_AES_192_GCM,
|
|
Packit Service |
991b93 |
.block_size = AES_BLOCK_SIZE,
|
|
Packit Service |
991b93 |
.key_size = AES192_KEY_SIZE,
|
|
Packit Service |
991b93 |
.encrypt_block = (nettle_cipher_func*)aes192_encrypt,
|
|
Packit Service |
991b93 |
.decrypt_block = (nettle_cipher_func*)aes192_decrypt,
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
.ctx_size = sizeof(struct gcm_aes192_ctx),
|
|
Packit Service |
991b93 |
.encrypt = _gcm_encrypt,
|
|
Packit Service |
991b93 |
.decrypt = _gcm_decrypt,
|
|
Packit Service |
991b93 |
.set_encrypt_key = (nettle_set_key_func*)gcm_aes192_set_key,
|
|
Packit Service |
991b93 |
.set_decrypt_key = (nettle_set_key_func*)gcm_aes192_set_key,
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
.tag = (nettle_hash_digest_func*)gcm_aes192_digest,
|
|
Packit Service |
991b93 |
.auth = (nettle_hash_update_func*)gcm_aes192_update,
|
|
Packit Service |
991b93 |
.set_iv = (setiv_func)gcm_aes192_set_iv,
|
|
Packit Service |
991b93 |
.max_iv_size = GCM_IV_SIZE,
|
|
Packit Service |
991b93 |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_AES_256_GCM,
|
|
Packit |
aea12f |
.block_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = AES256_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)aes256_encrypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)aes256_decrypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct gcm_aes256_ctx),
|
|
Packit |
aea12f |
.encrypt = _gcm_encrypt,
|
|
Packit |
aea12f |
.decrypt = _gcm_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)gcm_aes256_set_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)gcm_aes256_set_key,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.tag = (nettle_hash_digest_func*)gcm_aes256_digest,
|
|
Packit |
aea12f |
.auth = (nettle_hash_update_func*)gcm_aes256_update,
|
|
Packit |
aea12f |
.set_iv = (setiv_func)gcm_aes256_set_iv,
|
|
Packit |
aea12f |
.max_iv_size = GCM_IV_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_AES_128_CCM,
|
|
Packit |
aea12f |
.block_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = AES128_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)aes128_encrypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)aes128_decrypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct aes128_ctx),
|
|
Packit |
aea12f |
.aead_encrypt = _ccm_encrypt,
|
|
Packit |
aea12f |
.aead_decrypt = _ccm_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)aes128_set_encrypt_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)aes128_set_encrypt_key,
|
|
Packit |
aea12f |
.max_iv_size = CCM_MAX_NONCE_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_AES_128_CCM_8,
|
|
Packit |
aea12f |
.block_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = AES128_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)aes128_encrypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)aes128_decrypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct aes128_ctx),
|
|
Packit |
aea12f |
.aead_encrypt = _ccm_encrypt,
|
|
Packit |
aea12f |
.aead_decrypt = _ccm_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)aes128_set_encrypt_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)aes128_set_encrypt_key,
|
|
Packit |
aea12f |
.max_iv_size = CCM_MAX_NONCE_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_AES_256_CCM,
|
|
Packit |
aea12f |
.block_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = AES256_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)aes256_encrypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)aes256_decrypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct aes256_ctx),
|
|
Packit |
aea12f |
.aead_encrypt = _ccm_encrypt,
|
|
Packit |
aea12f |
.aead_decrypt = _ccm_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)aes256_set_encrypt_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)aes256_set_encrypt_key,
|
|
Packit |
aea12f |
.max_iv_size = CCM_MAX_NONCE_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_AES_256_CCM_8,
|
|
Packit |
aea12f |
.block_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = AES256_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)aes256_encrypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)aes256_decrypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct aes256_ctx),
|
|
Packit |
aea12f |
.aead_encrypt = _ccm_encrypt,
|
|
Packit |
aea12f |
.aead_decrypt = _ccm_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)aes256_set_encrypt_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)aes256_set_encrypt_key,
|
|
Packit |
aea12f |
.max_iv_size = CCM_MAX_NONCE_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_CAMELLIA_128_GCM,
|
|
Packit |
aea12f |
.block_size = CAMELLIA_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = CAMELLIA128_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)camellia128_crypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)camellia128_crypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct gcm_camellia128_ctx),
|
|
Packit |
aea12f |
.encrypt = _gcm_encrypt,
|
|
Packit |
aea12f |
.decrypt = _gcm_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)gcm_camellia128_set_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)gcm_camellia128_set_key,
|
|
Packit |
aea12f |
.tag = (nettle_hash_digest_func*)gcm_camellia128_digest,
|
|
Packit |
aea12f |
.auth = (nettle_hash_update_func*)gcm_camellia128_update,
|
|
Packit |
aea12f |
.max_iv_size = GCM_IV_SIZE,
|
|
Packit |
aea12f |
.set_iv = (setiv_func)gcm_camellia128_set_iv
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_CAMELLIA_256_GCM,
|
|
Packit |
aea12f |
.block_size = CAMELLIA_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = CAMELLIA256_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)camellia256_crypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)camellia256_crypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct gcm_camellia256_ctx),
|
|
Packit |
aea12f |
.encrypt = _gcm_encrypt,
|
|
Packit |
aea12f |
.decrypt = _gcm_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)gcm_camellia256_set_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)gcm_camellia256_set_key,
|
|
Packit |
aea12f |
.tag = (nettle_hash_digest_func*)gcm_camellia256_digest,
|
|
Packit |
aea12f |
.auth = (nettle_hash_update_func*)gcm_camellia256_update,
|
|
Packit |
aea12f |
.max_iv_size = GCM_IV_SIZE,
|
|
Packit |
aea12f |
.set_iv = (setiv_func)gcm_camellia256_set_iv
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_AES_128_CBC,
|
|
Packit |
aea12f |
.block_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = AES128_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)aes128_encrypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)aes128_decrypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct CBC_CTX(struct aes128_ctx, AES_BLOCK_SIZE)),
|
|
Packit |
aea12f |
.encrypt = _cbc_encrypt,
|
|
Packit |
aea12f |
.decrypt = _cbc_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)aes128_set_encrypt_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)aes128_set_decrypt_key,
|
|
Packit |
aea12f |
.max_iv_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_AES_192_CBC,
|
|
Packit |
aea12f |
.block_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = AES192_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)aes192_encrypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)aes192_decrypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct CBC_CTX(struct aes192_ctx, AES_BLOCK_SIZE)),
|
|
Packit |
aea12f |
.encrypt = _cbc_encrypt,
|
|
Packit |
aea12f |
.decrypt = _cbc_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)aes192_set_encrypt_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)aes192_set_decrypt_key,
|
|
Packit |
aea12f |
.max_iv_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_AES_256_CBC,
|
|
Packit |
aea12f |
.block_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = AES256_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)aes256_encrypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)aes256_decrypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct CBC_CTX(struct aes256_ctx, AES_BLOCK_SIZE)),
|
|
Packit |
aea12f |
.encrypt = _cbc_encrypt,
|
|
Packit |
aea12f |
.decrypt = _cbc_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)aes256_set_encrypt_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)aes256_set_decrypt_key,
|
|
Packit |
aea12f |
.max_iv_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_CAMELLIA_128_CBC,
|
|
Packit |
aea12f |
.block_size = CAMELLIA_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = CAMELLIA128_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)camellia128_crypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)camellia128_crypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct CBC_CTX(struct camellia128_ctx, CAMELLIA_BLOCK_SIZE)),
|
|
Packit |
aea12f |
.encrypt = _cbc_encrypt,
|
|
Packit |
aea12f |
.decrypt = _cbc_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)camellia128_set_encrypt_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)camellia128_set_decrypt_key,
|
|
Packit |
aea12f |
.max_iv_size = CAMELLIA_BLOCK_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_CAMELLIA_192_CBC,
|
|
Packit |
aea12f |
.block_size = CAMELLIA_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = CAMELLIA192_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)camellia192_crypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)camellia192_crypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct CBC_CTX(struct camellia192_ctx, CAMELLIA_BLOCK_SIZE)),
|
|
Packit |
aea12f |
.encrypt = _cbc_encrypt,
|
|
Packit |
aea12f |
.decrypt = _cbc_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)camellia192_set_encrypt_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)camellia192_set_decrypt_key,
|
|
Packit |
aea12f |
.max_iv_size = CAMELLIA_BLOCK_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_CAMELLIA_256_CBC,
|
|
Packit |
aea12f |
.block_size = CAMELLIA_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = CAMELLIA256_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)camellia256_crypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)camellia256_crypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct CBC_CTX(struct camellia256_ctx, CAMELLIA_BLOCK_SIZE)),
|
|
Packit |
aea12f |
.encrypt = _cbc_encrypt,
|
|
Packit |
aea12f |
.decrypt = _cbc_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)camellia256_set_encrypt_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)camellia256_set_decrypt_key,
|
|
Packit |
aea12f |
.max_iv_size = CAMELLIA_BLOCK_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_RC2_40_CBC,
|
|
Packit |
aea12f |
.block_size = ARCTWO_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = 5,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)arctwo_encrypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)arctwo_decrypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct CBC_CTX(struct arctwo_ctx, ARCTWO_BLOCK_SIZE)),
|
|
Packit |
aea12f |
.encrypt = _cbc_encrypt,
|
|
Packit |
aea12f |
.decrypt = _cbc_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)arctwo40_set_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)arctwo40_set_key,
|
|
Packit |
aea12f |
.max_iv_size = ARCTWO_BLOCK_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_DES_CBC,
|
|
Packit |
aea12f |
.block_size = DES_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = DES_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)des_encrypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)des_decrypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct CBC_CTX(struct des_ctx, DES_BLOCK_SIZE)),
|
|
Packit |
aea12f |
.encrypt = _cbc_encrypt,
|
|
Packit |
aea12f |
.decrypt = _cbc_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)_des_set_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)_des_set_key,
|
|
Packit |
aea12f |
.max_iv_size = DES_BLOCK_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_3DES_CBC,
|
|
Packit |
aea12f |
.block_size = DES3_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = DES3_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)des3_encrypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)des3_decrypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct CBC_CTX(struct des3_ctx, DES3_BLOCK_SIZE)),
|
|
Packit |
aea12f |
.encrypt = _cbc_encrypt,
|
|
Packit |
aea12f |
.decrypt = _cbc_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)_des3_set_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)_des3_set_key,
|
|
Packit |
aea12f |
.max_iv_size = DES_BLOCK_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_ARCFOUR_128,
|
|
Packit |
aea12f |
.block_size = 1,
|
|
Packit |
aea12f |
.key_size = 0,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)arcfour_crypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)arcfour_crypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct arcfour_ctx),
|
|
Packit |
aea12f |
.encrypt = _stream_encrypt,
|
|
Packit |
aea12f |
.decrypt = _stream_encrypt,
|
|
Packit |
aea12f |
.gen_set_key = (gen_setkey_func)arcfour_set_key,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)arcfour128_set_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)arcfour128_set_key,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_SALSA20_256,
|
|
Packit |
aea12f |
.block_size = 1,
|
|
Packit |
aea12f |
.key_size = SALSA20_256_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)salsa20_crypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)salsa20_crypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct salsa20_ctx),
|
|
Packit |
aea12f |
.encrypt = _stream_encrypt,
|
|
Packit |
aea12f |
.decrypt = _stream_encrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)salsa20_256_set_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)salsa20_256_set_key,
|
|
Packit |
aea12f |
.max_iv_size = SALSA20_NONCE_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_ESTREAM_SALSA20_256,
|
|
Packit |
aea12f |
.block_size = 1,
|
|
Packit |
aea12f |
.key_size = SALSA20_256_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)salsa20r12_crypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)salsa20r12_crypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct salsa20_ctx),
|
|
Packit |
aea12f |
.encrypt = _stream_encrypt,
|
|
Packit |
aea12f |
.decrypt = _stream_encrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)salsa20_256_set_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)salsa20_256_set_key,
|
|
Packit |
aea12f |
.max_iv_size = SALSA20_NONCE_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit Service |
991b93 |
{ .algo = GNUTLS_CIPHER_CHACHA20_32,
|
|
Packit Service |
991b93 |
.block_size = 1,
|
|
Packit Service |
991b93 |
.key_size = CHACHA_KEY_SIZE,
|
|
Packit Service |
991b93 |
.encrypt_block = (nettle_cipher_func*)chacha_crypt32,
|
|
Packit Service |
991b93 |
.decrypt_block = (nettle_cipher_func*)chacha_crypt32,
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
.ctx_size = sizeof(struct chacha_ctx),
|
|
Packit Service |
991b93 |
.encrypt = _stream_encrypt,
|
|
Packit Service |
991b93 |
.decrypt = _stream_encrypt,
|
|
Packit Service |
991b93 |
.set_encrypt_key = (nettle_set_key_func*)chacha_set_key,
|
|
Packit Service |
991b93 |
.set_decrypt_key = (nettle_set_key_func*)chacha_set_key,
|
|
Packit Service |
991b93 |
.set_iv = (setiv_func)_chacha_set_nonce96,
|
|
Packit Service |
991b93 |
/* we allow setting the initial block counter as part of nonce */
|
|
Packit Service |
991b93 |
.max_iv_size = CHACHA_NONCE96_SIZE + CHACHA_COUNTER32_SIZE,
|
|
Packit Service |
991b93 |
},
|
|
Packit Service |
991b93 |
{ .algo = GNUTLS_CIPHER_CHACHA20_64,
|
|
Packit Service |
991b93 |
.block_size = 1,
|
|
Packit Service |
991b93 |
.key_size = CHACHA_KEY_SIZE,
|
|
Packit Service |
991b93 |
.encrypt_block = (nettle_cipher_func*)chacha_crypt,
|
|
Packit Service |
991b93 |
.decrypt_block = (nettle_cipher_func*)chacha_crypt,
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
.ctx_size = sizeof(struct chacha_ctx),
|
|
Packit Service |
991b93 |
.encrypt = _stream_encrypt,
|
|
Packit Service |
991b93 |
.decrypt = _stream_encrypt,
|
|
Packit Service |
991b93 |
.set_encrypt_key = (nettle_set_key_func*)chacha_set_key,
|
|
Packit Service |
991b93 |
.set_decrypt_key = (nettle_set_key_func*)chacha_set_key,
|
|
Packit Service |
991b93 |
.set_iv = (setiv_func)_chacha_set_nonce,
|
|
Packit Service |
991b93 |
/* we allow setting the initial block counter as part of nonce */
|
|
Packit Service |
991b93 |
.max_iv_size = CHACHA_NONCE_SIZE + CHACHA_COUNTER_SIZE,
|
|
Packit Service |
991b93 |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_CHACHA20_POLY1305,
|
|
Packit |
aea12f |
.block_size = CHACHA_POLY1305_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = CHACHA_POLY1305_KEY_SIZE,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct chacha_poly1305_ctx),
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)chacha_poly1305_encrypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)chacha_poly1305_decrypt,
|
|
Packit |
aea12f |
.encrypt = _stream_encrypt,
|
|
Packit |
aea12f |
.decrypt = _stream_decrypt,
|
|
Packit |
aea12f |
.auth = (nettle_hash_update_func*)chacha_poly1305_update,
|
|
Packit |
aea12f |
.tag = (nettle_hash_digest_func*)chacha_poly1305_digest,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)chacha_poly1305_set_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)chacha_poly1305_set_key,
|
|
Packit |
aea12f |
.set_iv = (setiv_func)_chacha_poly1305_set_nonce,
|
|
Packit |
aea12f |
.max_iv_size = CHACHA_POLY1305_NONCE_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
#if ENABLE_GOST
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
.algo = GNUTLS_CIPHER_GOST28147_TC26Z_CFB,
|
|
Packit |
aea12f |
.block_size = GOST28147_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = GOST28147_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)gost28147_encrypt_for_cfb,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)gost28147_encrypt_for_cfb,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct CFB_CTX(struct gost28147_ctx, GOST28147_BLOCK_SIZE)),
|
|
Packit |
aea12f |
.encrypt = _cfb_encrypt,
|
|
Packit |
aea12f |
.decrypt = _cfb_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = _gost28147_set_key_tc26z,
|
|
Packit |
aea12f |
.set_decrypt_key = _gost28147_set_key_tc26z,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
.algo = GNUTLS_CIPHER_GOST28147_CPA_CFB,
|
|
Packit |
aea12f |
.block_size = GOST28147_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = GOST28147_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)gost28147_encrypt_for_cfb,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)gost28147_encrypt_for_cfb,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct CFB_CTX(struct gost28147_ctx, GOST28147_BLOCK_SIZE)),
|
|
Packit |
aea12f |
.encrypt = _cfb_encrypt,
|
|
Packit |
aea12f |
.decrypt = _cfb_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = _gost28147_set_key_cpa,
|
|
Packit |
aea12f |
.set_decrypt_key = _gost28147_set_key_cpa,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
.algo = GNUTLS_CIPHER_GOST28147_CPB_CFB,
|
|
Packit |
aea12f |
.block_size = GOST28147_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = GOST28147_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)gost28147_encrypt_for_cfb,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)gost28147_encrypt_for_cfb,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct CFB_CTX(struct gost28147_ctx, GOST28147_BLOCK_SIZE)),
|
|
Packit |
aea12f |
.encrypt = _cfb_encrypt,
|
|
Packit |
aea12f |
.decrypt = _cfb_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = _gost28147_set_key_cpb,
|
|
Packit |
aea12f |
.set_decrypt_key = _gost28147_set_key_cpb,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
.algo = GNUTLS_CIPHER_GOST28147_CPC_CFB,
|
|
Packit |
aea12f |
.block_size = GOST28147_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = GOST28147_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)gost28147_encrypt_for_cfb,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)gost28147_encrypt_for_cfb,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct CFB_CTX(struct gost28147_ctx, GOST28147_BLOCK_SIZE)),
|
|
Packit |
aea12f |
.encrypt = _cfb_encrypt,
|
|
Packit |
aea12f |
.decrypt = _cfb_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = _gost28147_set_key_cpc,
|
|
Packit |
aea12f |
.set_decrypt_key = _gost28147_set_key_cpc,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
.algo = GNUTLS_CIPHER_GOST28147_CPD_CFB,
|
|
Packit |
aea12f |
.block_size = GOST28147_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = GOST28147_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)gost28147_encrypt_for_cfb,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)gost28147_encrypt_for_cfb,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct CFB_CTX(struct gost28147_ctx, GOST28147_BLOCK_SIZE)),
|
|
Packit |
aea12f |
.encrypt = _cfb_encrypt,
|
|
Packit |
aea12f |
.decrypt = _cfb_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = _gost28147_set_key_cpd,
|
|
Packit |
aea12f |
.set_decrypt_key = _gost28147_set_key_cpd,
|
|
Packit |
aea12f |
},
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
.algo = GNUTLS_CIPHER_GOST28147_TC26Z_CNT,
|
|
Packit Service |
991b93 |
.block_size = GOST28147_BLOCK_SIZE,
|
|
Packit Service |
991b93 |
.key_size = GOST28147_KEY_SIZE,
|
|
Packit Service |
991b93 |
.encrypt_block = (nettle_cipher_func*)gost28147_encrypt, /* unused */
|
|
Packit Service |
991b93 |
.decrypt_block = (nettle_cipher_func*)gost28147_decrypt, /* unused */
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
.ctx_size = sizeof(struct gost28147_cnt_ctx),
|
|
Packit Service |
991b93 |
.encrypt = _gost28147_cnt_crypt,
|
|
Packit Service |
991b93 |
.decrypt = _gost28147_cnt_crypt,
|
|
Packit Service |
991b93 |
.set_encrypt_key = _gost28147_cnt_set_key_tc26z,
|
|
Packit Service |
991b93 |
.set_decrypt_key = _gost28147_cnt_set_key_tc26z,
|
|
Packit Service |
991b93 |
.set_iv = (setiv_func)_gost28147_cnt_set_nonce,
|
|
Packit Service |
991b93 |
},
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_AES_128_CFB8,
|
|
Packit |
aea12f |
.block_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = AES128_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)aes128_encrypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)aes128_encrypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct CFB8_CTX(struct aes128_ctx, AES_BLOCK_SIZE)),
|
|
Packit |
aea12f |
.encrypt = _cfb8_encrypt,
|
|
Packit |
aea12f |
.decrypt = _cfb8_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)aes128_set_encrypt_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)aes128_set_encrypt_key,
|
|
Packit |
aea12f |
.max_iv_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_AES_192_CFB8,
|
|
Packit |
aea12f |
.block_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = AES192_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)aes192_encrypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)aes192_encrypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct CFB8_CTX(struct aes192_ctx, AES_BLOCK_SIZE)),
|
|
Packit |
aea12f |
.encrypt = _cfb8_encrypt,
|
|
Packit |
aea12f |
.decrypt = _cfb8_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)aes192_set_encrypt_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)aes192_set_encrypt_key,
|
|
Packit |
aea12f |
.max_iv_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_AES_256_CFB8,
|
|
Packit |
aea12f |
.block_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = AES256_KEY_SIZE,
|
|
Packit |
aea12f |
.encrypt_block = (nettle_cipher_func*)aes256_encrypt,
|
|
Packit |
aea12f |
.decrypt_block = (nettle_cipher_func*)aes256_encrypt,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct CFB8_CTX(struct aes256_ctx, AES_BLOCK_SIZE)),
|
|
Packit |
aea12f |
.encrypt = _cfb8_encrypt,
|
|
Packit |
aea12f |
.decrypt = _cfb8_decrypt,
|
|
Packit |
aea12f |
.set_encrypt_key = (nettle_set_key_func*)aes256_set_encrypt_key,
|
|
Packit |
aea12f |
.set_decrypt_key = (nettle_set_key_func*)aes256_set_encrypt_key,
|
|
Packit |
aea12f |
.max_iv_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_AES_128_XTS,
|
|
Packit |
aea12f |
.block_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = AES128_KEY_SIZE * 2,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct xts_aes128_key),
|
|
Packit |
aea12f |
.encrypt = _xts_aes128_encrypt,
|
|
Packit |
aea12f |
.decrypt = _xts_aes128_decrypt,
|
|
Packit Service |
991b93 |
.set_encrypt_key = (nettle_set_key_func*)_xts_aes128_set_encrypt_key,
|
|
Packit Service |
991b93 |
.set_decrypt_key = (nettle_set_key_func*)_xts_aes128_set_decrypt_key,
|
|
Packit |
aea12f |
.max_iv_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{ .algo = GNUTLS_CIPHER_AES_256_XTS,
|
|
Packit |
aea12f |
.block_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
.key_size = AES256_KEY_SIZE * 2,
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.ctx_size = sizeof(struct xts_aes256_key),
|
|
Packit |
aea12f |
.encrypt = _xts_aes256_encrypt,
|
|
Packit |
aea12f |
.decrypt = _xts_aes256_decrypt,
|
|
Packit Service |
991b93 |
.set_encrypt_key = (nettle_set_key_func*)_xts_aes256_set_encrypt_key,
|
|
Packit Service |
991b93 |
.set_decrypt_key = (nettle_set_key_func*)_xts_aes256_set_decrypt_key,
|
|
Packit |
aea12f |
.max_iv_size = AES_BLOCK_SIZE,
|
|
Packit |
aea12f |
},
|
|
Packit Service |
991b93 |
{ .algo = GNUTLS_CIPHER_AES_128_SIV,
|
|
Packit Service |
991b93 |
.block_size = SIV_BLOCK_SIZE,
|
|
Packit Service |
991b93 |
.key_size = SIV_CMAC_AES128_KEY_SIZE,
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
.ctx_size = sizeof(struct siv_cmac_aes128_ctx),
|
|
Packit Service |
991b93 |
.aead_encrypt = (aead_encrypt_func)_siv_cmac_aes128_encrypt_message,
|
|
Packit Service |
991b93 |
.aead_decrypt = (aead_decrypt_func)_siv_cmac_aes128_decrypt_message,
|
|
Packit Service |
991b93 |
.set_encrypt_key = (nettle_set_key_func*)siv_cmac_aes128_set_key,
|
|
Packit Service |
991b93 |
.set_decrypt_key = (nettle_set_key_func*)siv_cmac_aes128_set_key,
|
|
Packit Service |
991b93 |
.max_iv_size = SIV_DIGEST_SIZE,
|
|
Packit Service |
991b93 |
},
|
|
Packit Service |
991b93 |
{ .algo = GNUTLS_CIPHER_AES_256_SIV,
|
|
Packit Service |
991b93 |
.block_size = SIV_BLOCK_SIZE,
|
|
Packit Service |
991b93 |
.key_size = SIV_CMAC_AES256_KEY_SIZE,
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
.ctx_size = sizeof(struct siv_cmac_aes256_ctx),
|
|
Packit Service |
991b93 |
.aead_encrypt = (aead_encrypt_func)_siv_cmac_aes256_encrypt_message,
|
|
Packit Service |
991b93 |
.aead_decrypt = (aead_decrypt_func)_siv_cmac_aes256_decrypt_message,
|
|
Packit Service |
991b93 |
.set_encrypt_key = (nettle_set_key_func*)siv_cmac_aes256_set_key,
|
|
Packit Service |
991b93 |
.set_decrypt_key = (nettle_set_key_func*)siv_cmac_aes256_set_key,
|
|
Packit Service |
991b93 |
.max_iv_size = SIV_DIGEST_SIZE,
|
|
Packit Service |
991b93 |
},
|
|
Packit |
aea12f |
};
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int wrap_nettle_cipher_exists(gnutls_cipher_algorithm_t algo)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
unsigned i;
|
|
Packit |
aea12f |
for (i=0;i
|
|
Packit |
aea12f |
if (algo == builtin_ciphers[i].algo) {
|
|
Packit |
aea12f |
return 1;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
wrap_nettle_cipher_init(gnutls_cipher_algorithm_t algo, void **_ctx,
|
|
Packit |
aea12f |
int enc)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_cipher_ctx *ctx;
|
|
Packit |
aea12f |
ptrdiff_t cur_alignment;
|
|
Packit |
aea12f |
int idx = -1;
|
|
Packit |
aea12f |
unsigned i;
|
|
Packit |
aea12f |
uint8_t *ctx_ptr;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
for (i=0;i
|
|
Packit |
aea12f |
if (algo == builtin_ciphers[i].algo) {
|
|
Packit |
aea12f |
idx = i;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (idx == -1)
|
|
Packit |
aea12f |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx = gnutls_calloc(1, sizeof(*ctx)+builtin_ciphers[idx].ctx_size+16);
|
|
Packit |
aea12f |
if (ctx == NULL) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
return GNUTLS_E_MEMORY_ERROR;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->enc = enc;
|
|
Packit |
aea12f |
ctx_ptr = ((uint8_t*)ctx) + sizeof(*ctx);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
cur_alignment = ((ptrdiff_t)ctx_ptr) % 16;
|
|
Packit |
aea12f |
if (cur_alignment > 0)
|
|
Packit |
aea12f |
ctx_ptr += 16 - cur_alignment;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->ctx_ptr = ctx_ptr;
|
|
Packit |
aea12f |
ctx->cipher = &builtin_ciphers[idx];
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*_ctx = ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_cipher_ctx *ctx = _ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (ctx->cipher->key_size > 0 && unlikely(keysize != ctx->cipher->key_size)) {
|
|
Packit |
aea12f |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
Packit |
aea12f |
} else if (ctx->cipher->key_size == 0) {
|
|
Packit |
aea12f |
ctx->cipher->gen_set_key(ctx->ctx_ptr, keysize, key);
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (ctx->enc)
|
|
Packit |
aea12f |
ctx->cipher->set_encrypt_key(ctx->ctx_ptr, key);
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
ctx->cipher->set_decrypt_key(ctx->ctx_ptr, key);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
wrap_nettle_cipher_setiv(void *_ctx, const void *iv, size_t iv_size)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_cipher_ctx *ctx = _ctx;
|
|
Packit |
aea12f |
unsigned max_iv;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
switch (ctx->cipher->algo) {
|
|
Packit |
aea12f |
case GNUTLS_CIPHER_AES_128_GCM:
|
|
Packit Service |
991b93 |
case GNUTLS_CIPHER_AES_192_GCM:
|
|
Packit |
aea12f |
case GNUTLS_CIPHER_AES_256_GCM:
|
|
Packit |
aea12f |
FIPS_RULE(iv_size < GCM_IV_SIZE, GNUTLS_E_INVALID_REQUEST, "access to short GCM nonce size\n");
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_CIPHER_SALSA20_256:
|
|
Packit |
aea12f |
case GNUTLS_CIPHER_ESTREAM_SALSA20_256:
|
|
Packit |
aea12f |
if (iv_size != SALSA20_IV_SIZE)
|
|
Packit |
aea12f |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
default:
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
max_iv = ctx->cipher->max_iv_size;
|
|
Packit |
aea12f |
if (max_iv == 0)
|
|
Packit |
aea12f |
max_iv = MAX_CIPHER_BLOCK_SIZE;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (iv_size > max_iv)
|
|
Packit |
aea12f |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (ctx->cipher->set_iv) {
|
|
Packit |
aea12f |
ctx->cipher->set_iv(ctx->ctx_ptr, iv_size, iv);
|
|
Packit |
aea12f |
} else {
|
|
Packit |
aea12f |
if (iv)
|
|
Packit |
aea12f |
memcpy(ctx->iv, iv, iv_size);
|
|
Packit |
aea12f |
ctx->iv_size = iv_size;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
wrap_nettle_cipher_getiv(void *_ctx, void *iv, size_t iv_size)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_cipher_ctx *ctx = _ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (iv_size < ctx->iv_size)
|
|
Packit |
aea12f |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
memcpy(iv, ctx->iv, ctx->iv_size);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return (int) ctx->iv_size;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
wrap_nettle_cipher_decrypt(void *_ctx, const void *encr, size_t encr_size,
|
|
Packit |
aea12f |
void *plain, size_t plain_size)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_cipher_ctx *ctx = _ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (unlikely(ctx->cipher->decrypt == NULL))
|
|
Packit |
aea12f |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->cipher->decrypt(ctx, encr_size, plain, encr);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
wrap_nettle_cipher_encrypt(void *_ctx, const void *plain, size_t plain_size,
|
|
Packit |
aea12f |
void *encr, size_t encr_size)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_cipher_ctx *ctx = _ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (unlikely(ctx->cipher->encrypt == NULL))
|
|
Packit |
aea12f |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->cipher->encrypt(ctx, plain_size, encr, plain);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
wrap_nettle_cipher_aead_encrypt(void *_ctx,
|
|
Packit |
aea12f |
const void *nonce, size_t nonce_size,
|
|
Packit |
aea12f |
const void *auth, size_t auth_size,
|
|
Packit |
aea12f |
size_t tag_size,
|
|
Packit |
aea12f |
const void *plain, size_t plain_size,
|
|
Packit |
aea12f |
void *encr, size_t encr_size)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_cipher_ctx *ctx = _ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (ctx->cipher->aead_encrypt == NULL) {
|
|
Packit |
aea12f |
/* proper AEAD cipher */
|
|
Packit |
aea12f |
if (encr_size < plain_size + tag_size)
|
|
Packit |
aea12f |
return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->cipher->set_iv(ctx->ctx_ptr, nonce_size, nonce);
|
|
Packit |
aea12f |
ctx->cipher->auth(ctx->ctx_ptr, auth_size, auth);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->cipher->encrypt(ctx, plain_size, encr, plain);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->cipher->tag(ctx->ctx_ptr, tag_size, ((uint8_t*)encr) + plain_size);
|
|
Packit |
aea12f |
} else {
|
|
Packit |
aea12f |
/* CCM-style cipher */
|
|
Packit |
aea12f |
ctx->cipher->aead_encrypt(ctx,
|
|
Packit |
aea12f |
nonce_size, nonce,
|
|
Packit |
aea12f |
auth_size, auth,
|
|
Packit |
aea12f |
tag_size,
|
|
Packit |
aea12f |
tag_size+plain_size, encr,
|
|
Packit |
aea12f |
plain);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
wrap_nettle_cipher_aead_decrypt(void *_ctx,
|
|
Packit |
aea12f |
const void *nonce, size_t nonce_size,
|
|
Packit |
aea12f |
const void *auth, size_t auth_size,
|
|
Packit |
aea12f |
size_t tag_size,
|
|
Packit |
aea12f |
const void *encr, size_t encr_size,
|
|
Packit |
aea12f |
void *plain, size_t plain_size)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_cipher_ctx *ctx = _ctx;
|
|
Packit |
aea12f |
int ret;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (unlikely(encr_size < tag_size))
|
|
Packit |
aea12f |
return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (ctx->cipher->aead_decrypt == NULL) {
|
|
Packit |
aea12f |
/* proper AEAD cipher */
|
|
Packit |
aea12f |
uint8_t tag[MAX_HASH_SIZE];
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->cipher->set_iv(ctx->ctx_ptr, nonce_size, nonce);
|
|
Packit |
aea12f |
ctx->cipher->auth(ctx->ctx_ptr, auth_size, auth);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
encr_size -= tag_size;
|
|
Packit |
aea12f |
ctx->cipher->decrypt(ctx, encr_size, plain, encr);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->cipher->tag(ctx->ctx_ptr, tag_size, tag);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (gnutls_memcmp(((uint8_t*)encr)+encr_size, tag, tag_size) != 0)
|
|
Packit |
aea12f |
return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
|
|
Packit |
aea12f |
} else {
|
|
Packit |
aea12f |
/* CCM-style cipher */
|
|
Packit |
aea12f |
encr_size -= tag_size;
|
|
Packit |
aea12f |
ret = ctx->cipher->aead_decrypt(ctx,
|
|
Packit |
aea12f |
nonce_size, nonce,
|
|
Packit |
aea12f |
auth_size, auth,
|
|
Packit |
aea12f |
tag_size,
|
|
Packit |
aea12f |
encr_size, plain,
|
|
Packit |
aea12f |
encr);
|
|
Packit |
aea12f |
if (unlikely(ret == 0))
|
|
Packit |
aea12f |
return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
wrap_nettle_cipher_auth(void *_ctx, const void *plain, size_t plain_size)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_cipher_ctx *ctx = _ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->cipher->auth(ctx->ctx_ptr, plain_size, plain);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void wrap_nettle_cipher_tag(void *_ctx, void *tag, size_t tag_size)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_cipher_ctx *ctx = _ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->cipher->tag(ctx->ctx_ptr, tag_size, tag);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void wrap_nettle_cipher_close(void *_ctx)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_cipher_ctx *ctx = _ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
zeroize_temp_key(ctx->ctx_ptr, ctx->cipher->ctx_size);
|
|
Packit |
aea12f |
gnutls_free(ctx);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_crypto_cipher_st _gnutls_cipher_ops = {
|
|
Packit |
aea12f |
.init = wrap_nettle_cipher_init,
|
|
Packit |
aea12f |
.exists = wrap_nettle_cipher_exists,
|
|
Packit |
aea12f |
.setiv = wrap_nettle_cipher_setiv,
|
|
Packit |
aea12f |
.getiv = wrap_nettle_cipher_getiv,
|
|
Packit |
aea12f |
.setkey = wrap_nettle_cipher_setkey,
|
|
Packit |
aea12f |
.encrypt = wrap_nettle_cipher_encrypt,
|
|
Packit |
aea12f |
.decrypt = wrap_nettle_cipher_decrypt,
|
|
Packit |
aea12f |
.aead_encrypt = wrap_nettle_cipher_aead_encrypt,
|
|
Packit |
aea12f |
.aead_decrypt = wrap_nettle_cipher_aead_decrypt,
|
|
Packit |
aea12f |
.deinit = wrap_nettle_cipher_close,
|
|
Packit |
aea12f |
.auth = wrap_nettle_cipher_auth,
|
|
Packit |
aea12f |
.tag = wrap_nettle_cipher_tag,
|
|
Packit |
aea12f |
};
|