|
Packit Service |
4684c1 |
#include <config.h>
|
|
Packit Service |
4684c1 |
#include <stdint.h>
|
|
Packit Service |
4684c1 |
#include <stdio.h>
|
|
Packit Service |
4684c1 |
#include <string.h>
|
|
Packit Service |
4684c1 |
#include <utils.h>
|
|
Packit Service |
4684c1 |
#include <stdlib.h>
|
|
Packit Service |
4684c1 |
#include <gnutls/gnutls.h>
|
|
Packit Service |
4684c1 |
#include <gnutls/crypto.h>
|
|
Packit Service |
4684c1 |
#include <gnutls/self-test.h>
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#ifndef HAVE_LIBNETTLE
|
|
Packit Service |
4684c1 |
int main(int argc, char **argv)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
exit(77);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
#else
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# include <nettle/aes.h>
|
|
Packit Service |
4684c1 |
# include <nettle/cbc.h>
|
|
Packit Service |
4684c1 |
# include <nettle/gcm.h>
|
|
Packit Service |
4684c1 |
# include <assert.h>
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* this tests whether the API to override ciphers works sanely.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
static int used = 0;
|
|
Packit Service |
4684c1 |
static int aead_used = 0;
|
|
Packit Service |
4684c1 |
static void tls_log_func(int level, const char *str)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
fprintf(stderr, "<%d>| %s", level, str);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
struct myaes_ctx {
|
|
Packit Service |
4684c1 |
struct aes128_ctx aes;
|
|
Packit Service |
4684c1 |
unsigned char iv[16];
|
|
Packit Service |
4684c1 |
int enc;
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
myaes_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
/* we use key size to distinguish */
|
|
Packit Service |
4684c1 |
if (algorithm != GNUTLS_CIPHER_AES_128_CBC)
|
|
Packit Service |
4684c1 |
return GNUTLS_E_INVALID_REQUEST;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
*_ctx = calloc(1, sizeof(struct myaes_ctx));
|
|
Packit Service |
4684c1 |
if (*_ctx == NULL) {
|
|
Packit Service |
4684c1 |
return GNUTLS_E_MEMORY_ERROR;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
((struct myaes_ctx *) (*_ctx))->enc = enc;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
myaes_setkey(void *_ctx, const void *userkey, size_t keysize)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
struct myaes_ctx *ctx = _ctx;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
assert(keysize == 16);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (ctx->enc)
|
|
Packit Service |
4684c1 |
aes128_set_encrypt_key(&ctx->aes, userkey);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
aes128_set_decrypt_key(&ctx->aes, userkey);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int myaes_setiv(void *_ctx, const void *iv, size_t iv_size)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
struct myaes_ctx *ctx = _ctx;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
memcpy(ctx->iv, iv, 16);
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
myaes_encrypt(void *_ctx, const void *src, size_t src_size,
|
|
Packit Service |
4684c1 |
void *dst, size_t dst_size)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
struct myaes_ctx *ctx = _ctx;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
used++;
|
|
Packit Service |
4684c1 |
cbc_encrypt(&ctx->aes, (nettle_cipher_func*)aes128_encrypt, 16, ctx->iv, src_size, dst, src);
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
myaes_decrypt(void *_ctx, const void *src, size_t src_size,
|
|
Packit Service |
4684c1 |
void *dst, size_t dst_size)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
struct myaes_ctx *ctx = _ctx;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
used++;
|
|
Packit Service |
4684c1 |
cbc_decrypt(&ctx->aes, (nettle_cipher_func*)aes128_decrypt, 16, ctx->iv, src_size, dst, src);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void myaes_deinit(void *_ctx)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
free(_ctx);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* AES-GCM */
|
|
Packit Service |
4684c1 |
struct myaes_gcm_ctx {
|
|
Packit Service |
4684c1 |
struct gcm_aes128_ctx aes;
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
myaes_gcm_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
/* we use key size to distinguish */
|
|
Packit Service |
4684c1 |
if (algorithm != GNUTLS_CIPHER_AES_128_GCM
|
|
Packit Service |
4684c1 |
&& algorithm != GNUTLS_CIPHER_AES_256_GCM)
|
|
Packit Service |
4684c1 |
return GNUTLS_E_INVALID_REQUEST;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
*_ctx = calloc(1, sizeof(struct myaes_gcm_ctx));
|
|
Packit Service |
4684c1 |
if (*_ctx == NULL) {
|
|
Packit Service |
4684c1 |
return GNUTLS_E_MEMORY_ERROR;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
myaes_gcm_setkey(void *_ctx, const void *userkey, size_t keysize)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
struct myaes_gcm_ctx *ctx = _ctx;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gcm_aes128_set_key(&ctx->aes, userkey);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void myaes_gcm_deinit(void *_ctx)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
free(_ctx);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
myaes_gcm_encrypt(void *_ctx,
|
|
Packit Service |
4684c1 |
const void *nonce, size_t nonce_size,
|
|
Packit Service |
4684c1 |
const void *auth, size_t auth_size,
|
|
Packit Service |
4684c1 |
size_t tag_size,
|
|
Packit Service |
4684c1 |
const void *plain, size_t plain_size,
|
|
Packit Service |
4684c1 |
void *encr, size_t encr_size)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
/* proper AEAD cipher */
|
|
Packit Service |
4684c1 |
struct myaes_gcm_ctx *ctx = _ctx;
|
|
Packit Service |
4684c1 |
if (encr_size < plain_size + tag_size)
|
|
Packit Service |
4684c1 |
return GNUTLS_E_SHORT_MEMORY_BUFFER;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
aead_used++;
|
|
Packit Service |
4684c1 |
gcm_aes128_set_iv(&ctx->aes, nonce_size, nonce);
|
|
Packit Service |
4684c1 |
gcm_aes128_update(&ctx->aes, auth_size, auth);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gcm_aes128_encrypt(&ctx->aes, plain_size, encr, plain);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gcm_aes128_digest(&ctx->aes, tag_size, ((uint8_t*)encr) + plain_size);
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
myaes_gcm_decrypt(void *_ctx,
|
|
Packit Service |
4684c1 |
const void *nonce, size_t nonce_size,
|
|
Packit Service |
4684c1 |
const void *auth, size_t auth_size,
|
|
Packit Service |
4684c1 |
size_t tag_size,
|
|
Packit Service |
4684c1 |
const void *encr, size_t encr_size,
|
|
Packit Service |
4684c1 |
void *plain, size_t plain_size)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
uint8_t tag[16];
|
|
Packit Service |
4684c1 |
struct myaes_gcm_ctx *ctx = _ctx;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (encr_size < tag_size)
|
|
Packit Service |
4684c1 |
return GNUTLS_E_DECRYPTION_FAILED;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
aead_used++;
|
|
Packit Service |
4684c1 |
gcm_aes128_set_iv(&ctx->aes, nonce_size, nonce);
|
|
Packit Service |
4684c1 |
gcm_aes128_update(&ctx->aes, auth_size, auth);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
encr_size -= tag_size;
|
|
Packit Service |
4684c1 |
gcm_aes128_decrypt(&ctx->aes, encr_size, plain, encr);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gcm_aes128_digest(&ctx->aes, tag_size, tag);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (gnutls_memcmp(((uint8_t*)encr)+encr_size, tag, tag_size) != 0)
|
|
Packit Service |
4684c1 |
return GNUTLS_E_DECRYPTION_FAILED;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int main(int argc, char **argv)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_global_set_log_function(tls_log_func);
|
|
Packit Service |
4684c1 |
if (argc > 1)
|
|
Packit Service |
4684c1 |
gnutls_global_set_log_level(4711);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_crypto_register_cipher(GNUTLS_CIPHER_AES_128_CBC, 1,
|
|
Packit Service |
4684c1 |
myaes_init,
|
|
Packit Service |
4684c1 |
myaes_setkey,
|
|
Packit Service |
4684c1 |
myaes_setiv,
|
|
Packit Service |
4684c1 |
myaes_encrypt,
|
|
Packit Service |
4684c1 |
myaes_decrypt,
|
|
Packit Service |
4684c1 |
myaes_deinit);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "%d: cannot register cipher\n", __LINE__);
|
|
Packit Service |
4684c1 |
exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_crypto_register_aead_cipher(GNUTLS_CIPHER_AES_128_GCM, 1,
|
|
Packit Service |
4684c1 |
myaes_gcm_init,
|
|
Packit Service |
4684c1 |
myaes_gcm_setkey,
|
|
Packit Service |
4684c1 |
myaes_gcm_encrypt,
|
|
Packit Service |
4684c1 |
myaes_gcm_decrypt,
|
|
Packit Service |
4684c1 |
myaes_gcm_deinit);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "%d: cannot register cipher\n", __LINE__);
|
|
Packit Service |
4684c1 |
exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
global_init();
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (gnutls_cipher_self_test(GNUTLS_SELF_TEST_FLAG_ALL|GNUTLS_SELF_TEST_FLAG_NO_COMPAT, 0) < 0)
|
|
Packit Service |
4684c1 |
return 1;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (used == 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "The CBC cipher was not used\n");
|
|
Packit Service |
4684c1 |
exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (aead_used == 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "The AEAD cipher was not used\n");
|
|
Packit Service |
4684c1 |
exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_global_deinit();
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#endif
|