|
Packit |
aea12f |
/*
|
|
Packit |
aea12f |
* Copyright (C) 2008-2012 Free Software Foundation, Inc.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Author: Nikos Mavrogiannopoulos
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* This file is part of GNUTLS.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* The GNUTLS library is free software; you can redistribute it and/or
|
|
Packit |
aea12f |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit |
aea12f |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit |
aea12f |
* the License, or (at your option) any later version.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* This library is distributed in the hope that it will be useful, but
|
|
Packit |
aea12f |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
aea12f |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
aea12f |
* Lesser General Public License for more details.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit |
aea12f |
* along with this program. If not, see <https://www.gnu.org/licenses/>
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* This file provides the backend hash/mac API for nettle.
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#include "gnutls_int.h"
|
|
Packit |
aea12f |
#include <hash_int.h>
|
|
Packit |
aea12f |
#include "errors.h"
|
|
Packit |
aea12f |
#include <nettle/md5.h>
|
|
Packit |
aea12f |
#include <nettle/md2.h>
|
|
Packit |
aea12f |
#include <nettle/sha.h>
|
|
Packit |
aea12f |
#include <nettle/sha3.h>
|
|
Packit |
aea12f |
#include <nettle/hmac.h>
|
|
Packit |
aea12f |
#include <nettle/umac.h>
|
|
Packit Service |
991b93 |
#include <nettle/hkdf.h>
|
|
Packit Service |
991b93 |
#include <nettle/pbkdf2.h>
|
|
Packit |
aea12f |
#if ENABLE_GOST
|
|
Packit |
aea12f |
#include "gost/hmac-gost.h"
|
|
Packit Service |
991b93 |
#ifndef HAVE_NETTLE_GOSTHASH94CP_UPDATE
|
|
Packit |
aea12f |
#include "gost/gosthash94.h"
|
|
Packit Service |
991b93 |
#endif
|
|
Packit Service |
991b93 |
#ifndef HAVE_NETTLE_STREEBOG512_UPDATE
|
|
Packit |
aea12f |
#include "gost/streebog.h"
|
|
Packit |
aea12f |
#endif
|
|
Packit Service |
991b93 |
#ifndef HAVE_NETTLE_GOST28147_SET_KEY
|
|
Packit Service |
991b93 |
#include "gost/gost28147.h"
|
|
Packit Service |
991b93 |
#endif
|
|
Packit Service |
991b93 |
#endif
|
|
Packit |
aea12f |
#ifdef HAVE_NETTLE_CMAC128_UPDATE
|
|
Packit |
aea12f |
#include <nettle/cmac.h>
|
|
Packit |
aea12f |
#else
|
|
Packit |
aea12f |
#include "cmac.h"
|
|
Packit |
aea12f |
#endif /* HAVE_NETTLE_CMAC128_UPDATE */
|
|
Packit Service |
991b93 |
#include <nettle/gcm.h>
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
typedef void (*update_func) (void *, size_t, const uint8_t *);
|
|
Packit |
aea12f |
typedef void (*digest_func) (void *, size_t, uint8_t *);
|
|
Packit |
aea12f |
typedef void (*set_key_func) (void *, size_t, const uint8_t *);
|
|
Packit |
aea12f |
typedef void (*set_nonce_func) (void *, size_t, const uint8_t *);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int wrap_nettle_hash_init(gnutls_digest_algorithm_t algo,
|
|
Packit |
aea12f |
void **_ctx);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
struct md5_sha1_ctx {
|
|
Packit |
aea12f |
struct md5_ctx md5;
|
|
Packit |
aea12f |
struct sha1_ctx sha1;
|
|
Packit |
aea12f |
};
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
struct gmac_ctx {
|
|
Packit Service |
991b93 |
unsigned int pos;
|
|
Packit Service |
991b93 |
uint8_t buffer[GCM_BLOCK_SIZE];
|
|
Packit Service |
991b93 |
struct gcm_key key;
|
|
Packit Service |
991b93 |
struct gcm_ctx ctx;
|
|
Packit Service |
991b93 |
nettle_cipher_func *encrypt;
|
|
Packit Service |
991b93 |
union {
|
|
Packit Service |
991b93 |
struct aes128_ctx aes128;
|
|
Packit Service |
991b93 |
struct aes192_ctx aes192;
|
|
Packit Service |
991b93 |
struct aes256_ctx aes256;
|
|
Packit Service |
991b93 |
} cipher;
|
|
Packit Service |
991b93 |
};
|
|
Packit Service |
991b93 |
|
|
Packit |
aea12f |
struct nettle_hash_ctx {
|
|
Packit |
aea12f |
union {
|
|
Packit |
aea12f |
struct md5_ctx md5;
|
|
Packit |
aea12f |
struct sha224_ctx sha224;
|
|
Packit |
aea12f |
struct sha256_ctx sha256;
|
|
Packit |
aea12f |
struct sha384_ctx sha384;
|
|
Packit |
aea12f |
struct sha512_ctx sha512;
|
|
Packit |
aea12f |
struct sha3_224_ctx sha3_224;
|
|
Packit |
aea12f |
struct sha3_256_ctx sha3_256;
|
|
Packit |
aea12f |
struct sha3_384_ctx sha3_384;
|
|
Packit |
aea12f |
struct sha3_512_ctx sha3_512;
|
|
Packit |
aea12f |
struct sha1_ctx sha1;
|
|
Packit |
aea12f |
struct md2_ctx md2;
|
|
Packit |
aea12f |
struct md5_sha1_ctx md5_sha1;
|
|
Packit |
aea12f |
#if ENABLE_GOST
|
|
Packit |
aea12f |
struct gosthash94cp_ctx gosthash94cp;
|
|
Packit |
aea12f |
struct streebog256_ctx streebog256;
|
|
Packit |
aea12f |
struct streebog512_ctx streebog512;
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
} ctx;
|
|
Packit |
aea12f |
void *ctx_ptr;
|
|
Packit |
aea12f |
gnutls_digest_algorithm_t algo;
|
|
Packit |
aea12f |
size_t length;
|
|
Packit |
aea12f |
update_func update;
|
|
Packit |
aea12f |
digest_func digest;
|
|
Packit |
aea12f |
};
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
struct nettle_mac_ctx {
|
|
Packit |
aea12f |
union {
|
|
Packit |
aea12f |
struct hmac_md5_ctx md5;
|
|
Packit |
aea12f |
struct hmac_sha224_ctx sha224;
|
|
Packit |
aea12f |
struct hmac_sha256_ctx sha256;
|
|
Packit |
aea12f |
struct hmac_sha384_ctx sha384;
|
|
Packit |
aea12f |
struct hmac_sha512_ctx sha512;
|
|
Packit |
aea12f |
struct hmac_sha1_ctx sha1;
|
|
Packit |
aea12f |
#if ENABLE_GOST
|
|
Packit |
aea12f |
struct hmac_gosthash94cp_ctx gosthash94cp;
|
|
Packit |
aea12f |
struct hmac_streebog256_ctx streebog256;
|
|
Packit |
aea12f |
struct hmac_streebog512_ctx streebog512;
|
|
Packit Service |
991b93 |
struct gost28147_imit_ctx gost28147_imit;
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
struct umac96_ctx umac96;
|
|
Packit |
aea12f |
struct umac128_ctx umac128;
|
|
Packit |
aea12f |
struct cmac_aes128_ctx cmac128;
|
|
Packit |
aea12f |
struct cmac_aes256_ctx cmac256;
|
|
Packit Service |
991b93 |
struct gmac_ctx gmac;
|
|
Packit |
aea12f |
} ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
void *ctx_ptr;
|
|
Packit |
aea12f |
gnutls_mac_algorithm_t algo;
|
|
Packit |
aea12f |
size_t length;
|
|
Packit |
aea12f |
update_func update;
|
|
Packit |
aea12f |
digest_func digest;
|
|
Packit |
aea12f |
set_key_func set_key;
|
|
Packit |
aea12f |
set_nonce_func set_nonce;
|
|
Packit |
aea12f |
};
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
#if ENABLE_GOST
|
|
Packit Service |
991b93 |
static void
|
|
Packit Service |
991b93 |
_wrap_gost28147_imit_set_key_tc26z(void *ctx, size_t len, const uint8_t * key)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
gost28147_imit_set_param(ctx, &gost28147_param_TC26_Z);
|
|
Packit Service |
991b93 |
gost28147_imit_set_key(ctx, len, key);
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
#endif
|
|
Packit Service |
991b93 |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_wrap_umac96_set_key(void *ctx, size_t len, const uint8_t * key)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
if (unlikely(len != 16))
|
|
Packit |
aea12f |
abort();
|
|
Packit |
aea12f |
umac96_set_key(ctx, key);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_wrap_umac128_set_key(void *ctx, size_t len, const uint8_t * key)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
if (unlikely(len != 16))
|
|
Packit |
aea12f |
abort();
|
|
Packit |
aea12f |
umac128_set_key(ctx, key);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_wrap_cmac128_set_key(void *ctx, size_t len, const uint8_t * key)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
if (unlikely(len != 16))
|
|
Packit |
aea12f |
abort();
|
|
Packit |
aea12f |
cmac_aes128_set_key(ctx, key);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
_wrap_cmac256_set_key(void *ctx, size_t len, const uint8_t * key)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
if (unlikely(len != 32))
|
|
Packit |
aea12f |
abort();
|
|
Packit |
aea12f |
cmac_aes256_set_key(ctx, key);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
static void
|
|
Packit Service |
991b93 |
_wrap_gmac_aes128_set_key(void *_ctx, size_t len, const uint8_t * key)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
struct gmac_ctx *ctx = _ctx;
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
if (unlikely(len != 16))
|
|
Packit Service |
991b93 |
abort();
|
|
Packit Service |
991b93 |
aes128_set_encrypt_key(&ctx->cipher.aes128, key);
|
|
Packit Service |
991b93 |
gcm_set_key(&ctx->key, &ctx->cipher, ctx->encrypt);
|
|
Packit Service |
991b93 |
ctx->pos = 0;
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static void
|
|
Packit Service |
991b93 |
_wrap_gmac_aes192_set_key(void *_ctx, size_t len, const uint8_t * key)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
struct gmac_ctx *ctx = _ctx;
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
if (unlikely(len != 24))
|
|
Packit Service |
991b93 |
abort();
|
|
Packit Service |
991b93 |
aes192_set_encrypt_key(&ctx->cipher.aes192, key);
|
|
Packit Service |
991b93 |
gcm_set_key(&ctx->key, &ctx->cipher, ctx->encrypt);
|
|
Packit Service |
991b93 |
ctx->pos = 0;
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static void
|
|
Packit Service |
991b93 |
_wrap_gmac_aes256_set_key(void *_ctx, size_t len, const uint8_t * key)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
struct gmac_ctx *ctx = _ctx;
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
if (unlikely(len != 32))
|
|
Packit Service |
991b93 |
abort();
|
|
Packit Service |
991b93 |
aes256_set_encrypt_key(&ctx->cipher.aes256, key);
|
|
Packit Service |
991b93 |
gcm_set_key(&ctx->key, &ctx->cipher, ctx->encrypt);
|
|
Packit Service |
991b93 |
ctx->pos = 0;
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static void _wrap_gmac_set_nonce(void *_ctx, size_t nonce_length, const uint8_t *nonce)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
struct gmac_ctx *ctx = _ctx;
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
gcm_set_iv(&ctx->ctx, &ctx->key, nonce_length, nonce);
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static void _wrap_gmac_update(void *_ctx, size_t length, const uint8_t *data)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
struct gmac_ctx *ctx = _ctx;
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
if (ctx->pos + length < GCM_BLOCK_SIZE) {
|
|
Packit Service |
991b93 |
memcpy(&ctx->buffer[ctx->pos], data, length);
|
|
Packit Service |
991b93 |
ctx->pos += length;
|
|
Packit Service |
991b93 |
return;
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
if (ctx->pos) {
|
|
Packit Service |
991b93 |
memcpy(&ctx->buffer[ctx->pos], data, GCM_BLOCK_SIZE - ctx->pos);
|
|
Packit Service |
991b93 |
gcm_update(&ctx->ctx, &ctx->key, GCM_BLOCK_SIZE, ctx->buffer);
|
|
Packit Service |
991b93 |
data += GCM_BLOCK_SIZE - ctx->pos;
|
|
Packit Service |
991b93 |
length -= GCM_BLOCK_SIZE - ctx->pos;
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
if (length >= GCM_BLOCK_SIZE) {
|
|
Packit Service |
991b93 |
gcm_update(&ctx->ctx, &ctx->key,
|
|
Packit Service |
991b93 |
length / GCM_BLOCK_SIZE * GCM_BLOCK_SIZE,
|
|
Packit Service |
991b93 |
data);
|
|
Packit Service |
991b93 |
data += length / GCM_BLOCK_SIZE * GCM_BLOCK_SIZE;
|
|
Packit Service |
991b93 |
length %= GCM_BLOCK_SIZE;
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
memcpy(ctx->buffer, data, length);
|
|
Packit Service |
991b93 |
ctx->pos = length;
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static void _wrap_gmac_digest(void *_ctx, size_t length, uint8_t *digest)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
struct gmac_ctx *ctx = _ctx;
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
if (ctx->pos)
|
|
Packit Service |
991b93 |
gcm_update(&ctx->ctx, &ctx->key, ctx->pos, ctx->buffer);
|
|
Packit Service |
991b93 |
gcm_digest(&ctx->ctx, &ctx->key, &ctx->cipher, ctx->encrypt, length, digest);
|
|
Packit Service |
991b93 |
ctx->pos = 0;
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit |
aea12f |
static int _mac_ctx_init(gnutls_mac_algorithm_t algo,
|
|
Packit |
aea12f |
struct nettle_mac_ctx *ctx)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
/* Any FIPS140-2 related enforcement is performed on
|
|
Packit |
aea12f |
* gnutls_hash_init() and gnutls_hmac_init() */
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->set_nonce = NULL;
|
|
Packit |
aea12f |
switch (algo) {
|
|
Packit |
aea12f |
case GNUTLS_MAC_MD5:
|
|
Packit |
aea12f |
ctx->update = (update_func) hmac_md5_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) hmac_md5_digest;
|
|
Packit |
aea12f |
ctx->set_key = (set_key_func) hmac_md5_set_key;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.md5;
|
|
Packit |
aea12f |
ctx->length = MD5_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_MAC_SHA1:
|
|
Packit |
aea12f |
ctx->update = (update_func) hmac_sha1_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) hmac_sha1_digest;
|
|
Packit |
aea12f |
ctx->set_key = (set_key_func) hmac_sha1_set_key;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.sha1;
|
|
Packit |
aea12f |
ctx->length = SHA1_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_MAC_SHA224:
|
|
Packit |
aea12f |
ctx->update = (update_func) hmac_sha224_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) hmac_sha224_digest;
|
|
Packit |
aea12f |
ctx->set_key = (set_key_func) hmac_sha224_set_key;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.sha224;
|
|
Packit |
aea12f |
ctx->length = SHA224_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_MAC_SHA256:
|
|
Packit |
aea12f |
ctx->update = (update_func) hmac_sha256_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) hmac_sha256_digest;
|
|
Packit |
aea12f |
ctx->set_key = (set_key_func) hmac_sha256_set_key;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.sha256;
|
|
Packit |
aea12f |
ctx->length = SHA256_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_MAC_SHA384:
|
|
Packit |
aea12f |
ctx->update = (update_func) hmac_sha384_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) hmac_sha384_digest;
|
|
Packit |
aea12f |
ctx->set_key = (set_key_func) hmac_sha384_set_key;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.sha384;
|
|
Packit |
aea12f |
ctx->length = SHA384_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_MAC_SHA512:
|
|
Packit |
aea12f |
ctx->update = (update_func) hmac_sha512_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) hmac_sha512_digest;
|
|
Packit |
aea12f |
ctx->set_key = (set_key_func) hmac_sha512_set_key;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.sha512;
|
|
Packit |
aea12f |
ctx->length = SHA512_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
#if ENABLE_GOST
|
|
Packit |
aea12f |
case GNUTLS_MAC_GOSTR_94:
|
|
Packit |
aea12f |
ctx->update = (update_func) hmac_gosthash94cp_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) hmac_gosthash94cp_digest;
|
|
Packit |
aea12f |
ctx->set_key = (set_key_func) hmac_gosthash94cp_set_key;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.gosthash94cp;
|
|
Packit |
aea12f |
ctx->length = GOSTHASH94CP_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_MAC_STREEBOG_256:
|
|
Packit |
aea12f |
ctx->update = (update_func) hmac_streebog256_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) hmac_streebog256_digest;
|
|
Packit |
aea12f |
ctx->set_key = (set_key_func) hmac_streebog256_set_key;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.streebog256;
|
|
Packit |
aea12f |
ctx->length = STREEBOG256_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_MAC_STREEBOG_512:
|
|
Packit |
aea12f |
ctx->update = (update_func) hmac_streebog512_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) hmac_streebog512_digest;
|
|
Packit |
aea12f |
ctx->set_key = (set_key_func) hmac_streebog512_set_key;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.streebog512;
|
|
Packit |
aea12f |
ctx->length = STREEBOG512_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit Service |
991b93 |
case GNUTLS_MAC_GOST28147_TC26Z_IMIT:
|
|
Packit Service |
991b93 |
ctx->update = (update_func) gost28147_imit_update;
|
|
Packit Service |
991b93 |
ctx->digest = (digest_func) gost28147_imit_digest;
|
|
Packit Service |
991b93 |
ctx->set_key = _wrap_gost28147_imit_set_key_tc26z;
|
|
Packit Service |
991b93 |
ctx->ctx_ptr = &ctx->ctx.gost28147_imit;
|
|
Packit Service |
991b93 |
ctx->length = GOST28147_IMIT_DIGEST_SIZE;
|
|
Packit Service |
991b93 |
break;
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
case GNUTLS_MAC_UMAC_96:
|
|
Packit |
aea12f |
ctx->update = (update_func) umac96_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) umac96_digest;
|
|
Packit |
aea12f |
ctx->set_key = _wrap_umac96_set_key;
|
|
Packit |
aea12f |
ctx->set_nonce = (set_nonce_func) umac96_set_nonce;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.umac96;
|
|
Packit |
aea12f |
ctx->length = 12;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_MAC_UMAC_128:
|
|
Packit |
aea12f |
ctx->update = (update_func) umac128_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) umac128_digest;
|
|
Packit |
aea12f |
ctx->set_key = _wrap_umac128_set_key;
|
|
Packit |
aea12f |
ctx->set_nonce = (set_nonce_func) umac128_set_nonce;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.umac128;
|
|
Packit |
aea12f |
ctx->length = 16;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_MAC_AES_CMAC_128:
|
|
Packit |
aea12f |
ctx->update = (update_func) cmac_aes128_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) cmac_aes128_digest;
|
|
Packit |
aea12f |
ctx->set_key = _wrap_cmac128_set_key;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.cmac128;
|
|
Packit |
aea12f |
ctx->length = CMAC128_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_MAC_AES_CMAC_256:
|
|
Packit |
aea12f |
ctx->update = (update_func) cmac_aes256_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) cmac_aes256_digest;
|
|
Packit |
aea12f |
ctx->set_key = _wrap_cmac256_set_key;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.cmac256;
|
|
Packit |
aea12f |
ctx->length = CMAC128_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit Service |
991b93 |
case GNUTLS_MAC_AES_GMAC_128:
|
|
Packit Service |
991b93 |
ctx->set_key = _wrap_gmac_aes128_set_key;
|
|
Packit Service |
991b93 |
ctx->set_nonce = _wrap_gmac_set_nonce;
|
|
Packit Service |
991b93 |
ctx->update = _wrap_gmac_update;
|
|
Packit Service |
991b93 |
ctx->digest = _wrap_gmac_digest;
|
|
Packit Service |
991b93 |
ctx->ctx_ptr = &ctx->ctx.gmac;
|
|
Packit Service |
991b93 |
ctx->length = GCM_DIGEST_SIZE;
|
|
Packit Service |
991b93 |
ctx->ctx.gmac.encrypt = (nettle_cipher_func *)aes128_encrypt;
|
|
Packit Service |
991b93 |
break;
|
|
Packit Service |
991b93 |
case GNUTLS_MAC_AES_GMAC_192:
|
|
Packit Service |
991b93 |
ctx->set_key = _wrap_gmac_aes192_set_key;
|
|
Packit Service |
991b93 |
ctx->set_nonce = _wrap_gmac_set_nonce;
|
|
Packit Service |
991b93 |
ctx->update = _wrap_gmac_update;
|
|
Packit Service |
991b93 |
ctx->digest = _wrap_gmac_digest;
|
|
Packit Service |
991b93 |
ctx->ctx_ptr = &ctx->ctx.gmac;
|
|
Packit Service |
991b93 |
ctx->length = GCM_DIGEST_SIZE;
|
|
Packit Service |
991b93 |
ctx->ctx.gmac.encrypt = (nettle_cipher_func *)aes192_encrypt;
|
|
Packit Service |
991b93 |
break;
|
|
Packit Service |
991b93 |
case GNUTLS_MAC_AES_GMAC_256:
|
|
Packit Service |
991b93 |
ctx->set_key = _wrap_gmac_aes256_set_key;
|
|
Packit Service |
991b93 |
ctx->set_nonce = _wrap_gmac_set_nonce;
|
|
Packit Service |
991b93 |
ctx->update = _wrap_gmac_update;
|
|
Packit Service |
991b93 |
ctx->digest = _wrap_gmac_digest;
|
|
Packit Service |
991b93 |
ctx->ctx_ptr = &ctx->ctx.gmac;
|
|
Packit Service |
991b93 |
ctx->length = GCM_DIGEST_SIZE;
|
|
Packit Service |
991b93 |
ctx->ctx.gmac.encrypt = (nettle_cipher_func *)aes256_encrypt;
|
|
Packit Service |
991b93 |
break;
|
|
Packit |
aea12f |
default:
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
return GNUTLS_E_INVALID_REQUEST;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int wrap_nettle_mac_fast(gnutls_mac_algorithm_t algo,
|
|
Packit |
aea12f |
const void *nonce, size_t nonce_size,
|
|
Packit |
aea12f |
const void *key, size_t key_size,
|
|
Packit |
aea12f |
const void *text, size_t text_size,
|
|
Packit |
aea12f |
void *digest)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_mac_ctx ctx;
|
|
Packit |
aea12f |
int ret;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = _mac_ctx_init(algo, &ctx;;
|
|
Packit |
aea12f |
if (ret < 0)
|
|
Packit |
aea12f |
return gnutls_assert_val(ret);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx.set_key(&ctx, key_size, key);
|
|
Packit Service |
991b93 |
if (ctx.set_nonce) {
|
|
Packit Service |
991b93 |
if (nonce == NULL || nonce_size == 0)
|
|
Packit Service |
991b93 |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
ctx.set_nonce(&ctx, nonce_size, nonce);
|
|
Packit Service |
991b93 |
}
|
|
Packit |
aea12f |
ctx.update(&ctx, text_size, text);
|
|
Packit |
aea12f |
ctx.digest(&ctx, ctx.length, digest);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
zeroize_temp_key(&ctx, sizeof(ctx));
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int wrap_nettle_mac_exists(gnutls_mac_algorithm_t algo)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
switch (algo) {
|
|
Packit |
aea12f |
case GNUTLS_MAC_MD5:
|
|
Packit |
aea12f |
case GNUTLS_MAC_SHA1:
|
|
Packit |
aea12f |
case GNUTLS_MAC_SHA224:
|
|
Packit |
aea12f |
case GNUTLS_MAC_SHA256:
|
|
Packit |
aea12f |
case GNUTLS_MAC_SHA384:
|
|
Packit |
aea12f |
case GNUTLS_MAC_SHA512:
|
|
Packit |
aea12f |
case GNUTLS_MAC_UMAC_96:
|
|
Packit |
aea12f |
case GNUTLS_MAC_UMAC_128:
|
|
Packit Service |
991b93 |
case GNUTLS_MAC_AES_CMAC_128:
|
|
Packit Service |
991b93 |
case GNUTLS_MAC_AES_CMAC_256:
|
|
Packit Service |
991b93 |
case GNUTLS_MAC_AES_GMAC_128:
|
|
Packit Service |
991b93 |
case GNUTLS_MAC_AES_GMAC_192:
|
|
Packit Service |
991b93 |
case GNUTLS_MAC_AES_GMAC_256:
|
|
Packit |
aea12f |
#if ENABLE_GOST
|
|
Packit |
aea12f |
case GNUTLS_MAC_GOSTR_94:
|
|
Packit |
aea12f |
case GNUTLS_MAC_STREEBOG_256:
|
|
Packit |
aea12f |
case GNUTLS_MAC_STREEBOG_512:
|
|
Packit Service |
991b93 |
case GNUTLS_MAC_GOST28147_TC26Z_IMIT:
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
return 1;
|
|
Packit |
aea12f |
default:
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int wrap_nettle_mac_init(gnutls_mac_algorithm_t algo, void **_ctx)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_mac_ctx *ctx;
|
|
Packit |
aea12f |
int ret;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx = gnutls_calloc(1, sizeof(struct nettle_mac_ctx));
|
|
Packit |
aea12f |
if (ctx == NULL) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
return GNUTLS_E_MEMORY_ERROR;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->algo = algo;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = _mac_ctx_init(algo, ctx);
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
gnutls_free(ctx);
|
|
Packit |
aea12f |
return gnutls_assert_val(ret);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*_ctx = ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
static void *wrap_nettle_mac_copy(const void *_ctx)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
const struct nettle_mac_ctx *ctx = _ctx;
|
|
Packit Service |
991b93 |
struct nettle_mac_ctx *new_ctx;
|
|
Packit Service |
991b93 |
ptrdiff_t off = (uint8_t *)ctx->ctx_ptr - (uint8_t *)(&ctx->ctx);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
new_ctx = gnutls_calloc(1, sizeof(struct nettle_mac_ctx));
|
|
Packit Service |
991b93 |
if (new_ctx == NULL)
|
|
Packit Service |
991b93 |
return NULL;
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
memcpy(new_ctx, ctx, sizeof(*ctx));
|
|
Packit Service |
991b93 |
new_ctx->ctx_ptr = (uint8_t *)&new_ctx->ctx + off;
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
return new_ctx;
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
wrap_nettle_mac_set_key(void *_ctx, const void *key, size_t keylen)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_mac_ctx *ctx = _ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->set_key(ctx->ctx_ptr, keylen, key);
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
wrap_nettle_mac_set_nonce(void *_ctx, const void *nonce, size_t noncelen)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_mac_ctx *ctx = _ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (ctx->set_nonce == NULL)
|
|
Packit Service |
991b93 |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
if (nonce == NULL || noncelen == 0)
|
|
Packit Service |
991b93 |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->set_nonce(ctx->ctx_ptr, noncelen, nonce);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return GNUTLS_E_SUCCESS;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
wrap_nettle_mac_update(void *_ctx, const void *text, size_t textsize)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_mac_ctx *ctx = _ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->update(ctx->ctx_ptr, textsize, text);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return GNUTLS_E_SUCCESS;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
wrap_nettle_mac_output(void *src_ctx, void *digest, size_t digestsize)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_mac_ctx *ctx;
|
|
Packit |
aea12f |
ctx = src_ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (digestsize < ctx->length) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
return GNUTLS_E_SHORT_MEMORY_BUFFER;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->digest(ctx->ctx_ptr, digestsize, digest);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void wrap_nettle_mac_deinit(void *hd)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_mac_ctx *ctx = hd;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
zeroize_temp_key(ctx, sizeof(*ctx));
|
|
Packit |
aea12f |
gnutls_free(ctx);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Hash functions
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
wrap_nettle_hash_update(void *_ctx, const void *text, size_t textsize)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_hash_ctx *ctx = _ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->update(ctx->ctx_ptr, textsize, text);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return GNUTLS_E_SUCCESS;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void wrap_nettle_hash_deinit(void *hd)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
gnutls_free(hd);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int wrap_nettle_hash_exists(gnutls_digest_algorithm_t algo)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
switch (algo) {
|
|
Packit |
aea12f |
case GNUTLS_DIG_MD5:
|
|
Packit |
aea12f |
case GNUTLS_DIG_SHA1:
|
|
Packit |
aea12f |
case GNUTLS_DIG_MD5_SHA1:
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
case GNUTLS_DIG_SHA224:
|
|
Packit |
aea12f |
case GNUTLS_DIG_SHA256:
|
|
Packit |
aea12f |
case GNUTLS_DIG_SHA384:
|
|
Packit |
aea12f |
case GNUTLS_DIG_SHA512:
|
|
Packit |
aea12f |
return 1;
|
|
Packit |
aea12f |
case GNUTLS_DIG_SHA3_224:
|
|
Packit |
aea12f |
case GNUTLS_DIG_SHA3_256:
|
|
Packit |
aea12f |
case GNUTLS_DIG_SHA3_384:
|
|
Packit |
aea12f |
case GNUTLS_DIG_SHA3_512:
|
|
Packit |
aea12f |
#ifdef NETTLE_SHA3_FIPS202
|
|
Packit |
aea12f |
return 1;
|
|
Packit |
aea12f |
#else
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
case GNUTLS_DIG_MD2:
|
|
Packit |
aea12f |
#if ENABLE_GOST
|
|
Packit |
aea12f |
case GNUTLS_DIG_GOSTR_94:
|
|
Packit |
aea12f |
case GNUTLS_DIG_STREEBOG_256:
|
|
Packit |
aea12f |
case GNUTLS_DIG_STREEBOG_512:
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
return 1;
|
|
Packit |
aea12f |
default:
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void _md5_sha1_update(void *_ctx, size_t len, const uint8_t *data)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct md5_sha1_ctx *ctx = _ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
md5_update(&ctx->md5, len, data);
|
|
Packit |
aea12f |
sha1_update(&ctx->sha1, len, data);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void _md5_sha1_digest(void *_ctx, size_t len, uint8_t *digest)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct md5_sha1_ctx *ctx = _ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
md5_digest(&ctx->md5, len <= MD5_DIGEST_SIZE ? len : MD5_DIGEST_SIZE,
|
|
Packit |
aea12f |
digest);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (len > MD5_DIGEST_SIZE)
|
|
Packit |
aea12f |
sha1_digest(&ctx->sha1, len - MD5_DIGEST_SIZE,
|
|
Packit |
aea12f |
digest + MD5_DIGEST_SIZE);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int _ctx_init(gnutls_digest_algorithm_t algo,
|
|
Packit |
aea12f |
struct nettle_hash_ctx *ctx)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
/* Any FIPS140-2 related enforcement is performed on
|
|
Packit |
aea12f |
* gnutls_hash_init() and gnutls_hmac_init() */
|
|
Packit |
aea12f |
switch (algo) {
|
|
Packit |
aea12f |
case GNUTLS_DIG_MD5:
|
|
Packit |
aea12f |
md5_init(&ctx->ctx.md5);
|
|
Packit |
aea12f |
ctx->update = (update_func) md5_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) md5_digest;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.md5;
|
|
Packit |
aea12f |
ctx->length = MD5_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_DIG_SHA1:
|
|
Packit |
aea12f |
sha1_init(&ctx->ctx.sha1);
|
|
Packit |
aea12f |
ctx->update = (update_func) sha1_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) sha1_digest;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.sha1;
|
|
Packit |
aea12f |
ctx->length = SHA1_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_DIG_MD5_SHA1:
|
|
Packit |
aea12f |
md5_init(&ctx->ctx.md5_sha1.md5);
|
|
Packit |
aea12f |
sha1_init(&ctx->ctx.md5_sha1.sha1);
|
|
Packit |
aea12f |
ctx->update = (update_func) _md5_sha1_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) _md5_sha1_digest;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.md5_sha1;
|
|
Packit |
aea12f |
ctx->length = MD5_DIGEST_SIZE + SHA1_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_DIG_SHA224:
|
|
Packit |
aea12f |
sha224_init(&ctx->ctx.sha224);
|
|
Packit |
aea12f |
ctx->update = (update_func) sha224_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) sha224_digest;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.sha224;
|
|
Packit |
aea12f |
ctx->length = SHA224_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_DIG_SHA256:
|
|
Packit |
aea12f |
sha256_init(&ctx->ctx.sha256);
|
|
Packit |
aea12f |
ctx->update = (update_func) sha256_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) sha256_digest;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.sha256;
|
|
Packit |
aea12f |
ctx->length = SHA256_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_DIG_SHA384:
|
|
Packit |
aea12f |
sha384_init(&ctx->ctx.sha384);
|
|
Packit |
aea12f |
ctx->update = (update_func) sha384_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) sha384_digest;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.sha384;
|
|
Packit |
aea12f |
ctx->length = SHA384_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_DIG_SHA512:
|
|
Packit |
aea12f |
sha512_init(&ctx->ctx.sha512);
|
|
Packit |
aea12f |
ctx->update = (update_func) sha512_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) sha512_digest;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.sha512;
|
|
Packit |
aea12f |
ctx->length = SHA512_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
#ifdef NETTLE_SHA3_FIPS202
|
|
Packit |
aea12f |
case GNUTLS_DIG_SHA3_224:
|
|
Packit |
aea12f |
sha3_224_init(&ctx->ctx.sha3_224);
|
|
Packit |
aea12f |
ctx->update = (update_func) sha3_224_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) sha3_224_digest;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.sha3_224;
|
|
Packit |
aea12f |
ctx->length = SHA3_224_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_DIG_SHA3_256:
|
|
Packit |
aea12f |
sha3_256_init(&ctx->ctx.sha3_256);
|
|
Packit |
aea12f |
ctx->update = (update_func) sha3_256_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) sha3_256_digest;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.sha3_256;
|
|
Packit |
aea12f |
ctx->length = SHA3_256_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_DIG_SHA3_384:
|
|
Packit |
aea12f |
sha3_384_init(&ctx->ctx.sha3_384);
|
|
Packit |
aea12f |
ctx->update = (update_func) sha3_384_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) sha3_384_digest;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.sha3_384;
|
|
Packit |
aea12f |
ctx->length = SHA3_384_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_DIG_SHA3_512:
|
|
Packit |
aea12f |
sha3_512_init(&ctx->ctx.sha3_512);
|
|
Packit |
aea12f |
ctx->update = (update_func) sha3_512_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) sha3_512_digest;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.sha3_512;
|
|
Packit |
aea12f |
ctx->length = SHA3_512_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
case GNUTLS_DIG_MD2:
|
|
Packit |
aea12f |
md2_init(&ctx->ctx.md2);
|
|
Packit |
aea12f |
ctx->update = (update_func) md2_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) md2_digest;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.md2;
|
|
Packit |
aea12f |
ctx->length = MD2_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
#if ENABLE_GOST
|
|
Packit |
aea12f |
case GNUTLS_DIG_GOSTR_94:
|
|
Packit |
aea12f |
gosthash94cp_init(&ctx->ctx.gosthash94cp);
|
|
Packit |
aea12f |
ctx->update = (update_func) gosthash94cp_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) gosthash94cp_digest;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.gosthash94cp;
|
|
Packit |
aea12f |
ctx->length = GOSTHASH94_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_DIG_STREEBOG_256:
|
|
Packit |
aea12f |
streebog256_init(&ctx->ctx.streebog256);
|
|
Packit |
aea12f |
ctx->update = (update_func) streebog256_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) streebog256_digest;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.streebog256;
|
|
Packit |
aea12f |
ctx->length = STREEBOG256_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_DIG_STREEBOG_512:
|
|
Packit |
aea12f |
streebog512_init(&ctx->ctx.streebog512);
|
|
Packit |
aea12f |
ctx->update = (update_func) streebog512_update;
|
|
Packit |
aea12f |
ctx->digest = (digest_func) streebog512_digest;
|
|
Packit |
aea12f |
ctx->ctx_ptr = &ctx->ctx.streebog512;
|
|
Packit |
aea12f |
ctx->length = STREEBOG512_DIGEST_SIZE;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
default:
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
return GNUTLS_E_INVALID_REQUEST;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int wrap_nettle_hash_fast(gnutls_digest_algorithm_t algo,
|
|
Packit |
aea12f |
const void *text, size_t text_size,
|
|
Packit |
aea12f |
void *digest)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_hash_ctx ctx;
|
|
Packit |
aea12f |
int ret;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = _ctx_init(algo, &ctx;;
|
|
Packit |
aea12f |
if (ret < 0)
|
|
Packit |
aea12f |
return gnutls_assert_val(ret);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx.update(&ctx, text_size, text);
|
|
Packit |
aea12f |
ctx.digest(&ctx, ctx.length, digest);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
wrap_nettle_hash_init(gnutls_digest_algorithm_t algo, void **_ctx)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_hash_ctx *ctx;
|
|
Packit |
aea12f |
int ret;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx = gnutls_malloc(sizeof(struct nettle_hash_ctx));
|
|
Packit |
aea12f |
if (ctx == NULL) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
return GNUTLS_E_MEMORY_ERROR;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->algo = algo;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if ((ret = _ctx_init(algo, ctx)) < 0) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
gnutls_free(ctx);
|
|
Packit |
aea12f |
return ret;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*_ctx = ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
static void *wrap_nettle_hash_copy(const void *_ctx)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
const struct nettle_hash_ctx *ctx = _ctx;
|
|
Packit Service |
991b93 |
struct nettle_hash_ctx *new_ctx;
|
|
Packit Service |
991b93 |
ptrdiff_t off = (uint8_t *)ctx->ctx_ptr - (uint8_t *)(&ctx->ctx);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
new_ctx = gnutls_calloc(1, sizeof(struct nettle_hash_ctx));
|
|
Packit Service |
991b93 |
if (new_ctx == NULL)
|
|
Packit Service |
991b93 |
return NULL;
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
memcpy(new_ctx, ctx, sizeof(*ctx));
|
|
Packit Service |
991b93 |
new_ctx->ctx_ptr = (uint8_t *)&new_ctx->ctx + off;
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
return new_ctx;
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
wrap_nettle_hash_output(void *src_ctx, void *digest, size_t digestsize)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct nettle_hash_ctx *ctx;
|
|
Packit |
aea12f |
ctx = src_ctx;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (digestsize < ctx->length) {
|
|
Packit |
aea12f |
gnutls_assert();
|
|
Packit |
aea12f |
return GNUTLS_E_SHORT_MEMORY_BUFFER;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ctx->digest(ctx->ctx_ptr, digestsize, digest);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
/* KDF functions based on MAC
|
|
Packit Service |
991b93 |
*/
|
|
Packit Service |
991b93 |
static int
|
|
Packit Service |
991b93 |
wrap_nettle_hkdf_extract (gnutls_mac_algorithm_t mac,
|
|
Packit Service |
991b93 |
const void *key, size_t keysize,
|
|
Packit Service |
991b93 |
const void *salt, size_t saltsize,
|
|
Packit Service |
991b93 |
void *output)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
struct nettle_mac_ctx ctx;
|
|
Packit Service |
991b93 |
int ret;
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
ret = _mac_ctx_init(mac, &ctx;;
|
|
Packit Service |
991b93 |
if (ret < 0)
|
|
Packit Service |
991b93 |
return gnutls_assert_val(ret);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
ctx.set_key(&ctx, saltsize, salt);
|
|
Packit Service |
991b93 |
hkdf_extract(&ctx.ctx, ctx.update, ctx.digest, ctx.length,
|
|
Packit Service |
991b93 |
keysize, key, output);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
return 0;
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static int
|
|
Packit Service |
991b93 |
wrap_nettle_hkdf_expand (gnutls_mac_algorithm_t mac,
|
|
Packit Service |
991b93 |
const void *key, size_t keysize,
|
|
Packit Service |
991b93 |
const void *info, size_t infosize,
|
|
Packit Service |
991b93 |
void *output, size_t length)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
struct nettle_mac_ctx ctx;
|
|
Packit Service |
991b93 |
int ret;
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
ret = _mac_ctx_init(mac, &ctx;;
|
|
Packit Service |
991b93 |
if (ret < 0)
|
|
Packit Service |
991b93 |
return gnutls_assert_val(ret);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
ctx.set_key(&ctx, keysize, key);
|
|
Packit Service |
991b93 |
hkdf_expand(&ctx.ctx, ctx.update, ctx.digest, ctx.length,
|
|
Packit Service |
991b93 |
infosize, info, length, output);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
return 0;
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static int
|
|
Packit Service |
991b93 |
wrap_nettle_pbkdf2 (gnutls_mac_algorithm_t mac,
|
|
Packit Service |
991b93 |
const void *key, size_t keysize,
|
|
Packit Service |
991b93 |
const void *salt, size_t saltsize,
|
|
Packit Service |
991b93 |
unsigned iter_count,
|
|
Packit Service |
991b93 |
void *output, size_t length)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
struct nettle_mac_ctx ctx;
|
|
Packit Service |
991b93 |
int ret;
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
ret = _mac_ctx_init(mac, &ctx;;
|
|
Packit Service |
991b93 |
if (ret < 0)
|
|
Packit Service |
991b93 |
return gnutls_assert_val(ret);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
ctx.set_key(&ctx, keysize, key);
|
|
Packit Service |
991b93 |
pbkdf2(&ctx.ctx, ctx.update, ctx.digest, ctx.length,
|
|
Packit Service |
991b93 |
iter_count, saltsize, salt, length, output);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
return 0;
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit |
aea12f |
gnutls_crypto_mac_st _gnutls_mac_ops = {
|
|
Packit |
aea12f |
.init = wrap_nettle_mac_init,
|
|
Packit |
aea12f |
.setkey = wrap_nettle_mac_set_key,
|
|
Packit |
aea12f |
.setnonce = wrap_nettle_mac_set_nonce,
|
|
Packit |
aea12f |
.hash = wrap_nettle_mac_update,
|
|
Packit |
aea12f |
.output = wrap_nettle_mac_output,
|
|
Packit |
aea12f |
.deinit = wrap_nettle_mac_deinit,
|
|
Packit |
aea12f |
.fast = wrap_nettle_mac_fast,
|
|
Packit |
aea12f |
.exists = wrap_nettle_mac_exists,
|
|
Packit Service |
991b93 |
.copy = wrap_nettle_mac_copy,
|
|
Packit |
aea12f |
};
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_crypto_digest_st _gnutls_digest_ops = {
|
|
Packit |
aea12f |
.init = wrap_nettle_hash_init,
|
|
Packit |
aea12f |
.hash = wrap_nettle_hash_update,
|
|
Packit |
aea12f |
.output = wrap_nettle_hash_output,
|
|
Packit |
aea12f |
.deinit = wrap_nettle_hash_deinit,
|
|
Packit |
aea12f |
.fast = wrap_nettle_hash_fast,
|
|
Packit |
aea12f |
.exists = wrap_nettle_hash_exists,
|
|
Packit Service |
991b93 |
.copy = wrap_nettle_hash_copy,
|
|
Packit Service |
991b93 |
};
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
/* These names are clashing with nettle's name mangling. */
|
|
Packit Service |
991b93 |
#undef hkdf_extract
|
|
Packit Service |
991b93 |
#undef hkdf_expand
|
|
Packit Service |
991b93 |
#undef pbkdf2
|
|
Packit Service |
991b93 |
gnutls_crypto_kdf_st _gnutls_kdf_ops = {
|
|
Packit Service |
991b93 |
.hkdf_extract = wrap_nettle_hkdf_extract,
|
|
Packit Service |
991b93 |
.hkdf_expand = wrap_nettle_hkdf_expand,
|
|
Packit Service |
991b93 |
.pbkdf2 = wrap_nettle_pbkdf2,
|
|
Packit |
aea12f |
};
|