2 * Copyright (C) 2000, 2004, 2005, 2008, 2010, 2011 Free Software Foundation,
5 * Author: Nikos Mavrogiannopoulos
7 * This file is part of GnuTLS.
9 * The GnuTLS is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 3 of
12 * the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>
24 #include <gnutls_int.h>
25 #include <gnutls_errors.h>
26 #include <gnutls_cipher_int.h>
27 #include <gnutls_datum.h>
28 #include <gnutls/crypto.h>
32 typedef struct api_cipher_hd_st
40 * @handle: is a #gnutls_cipher_hd_t structure.
41 * @cipher: the encryption algorithm to use
42 * @key: The key to be used for encryption
43 * @iv: The IV to use (if not applicable set NULL)
45 * This function will initialize an context that can be used for
46 * encryption/decryption of data. This will effectively use the
47 * current crypto backend in use by gnutls or the cryptographic
50 * Returns: Zero or a negative error code on error.
55 gnutls_cipher_init (gnutls_cipher_hd_t
* handle
,
56 gnutls_cipher_algorithm_t cipher
,
57 const gnutls_datum_t
* key
, const gnutls_datum_t
* iv
)
62 *handle
= gnutls_calloc (1, sizeof (api_cipher_hd_st
));
66 return GNUTLS_E_MEMORY_ERROR
;
70 ret
= _gnutls_cipher_init (&h
->ctx_enc
, cipher
, key
, iv
, 1);
72 if (ret
>= 0 && _gnutls_cipher_is_aead( &h
->ctx_enc
) == 0) /* AEAD ciphers are stream - so far */
73 ret
= _gnutls_cipher_init (&h
->ctx_dec
, cipher
, key
, iv
, 0);
80 * @handle: is a #gnutls_cipher_hd_t structure.
81 * @tag: will hold the tag
82 * @tag_size: The length of the tag to return
84 * This function operates on authenticated encryption with
85 * associated data (AEAD) ciphers and will return the
88 * Returns: Zero or a negative error code on error.
93 gnutls_cipher_tag (gnutls_cipher_hd_t handle
, void *tag
, size_t tag_size
)
95 api_cipher_hd_st
* h
= handle
;
97 if (_gnutls_cipher_is_aead( &h
->ctx_enc
)==0)
98 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST
);
100 _gnutls_cipher_tag( &h
->ctx_enc
, tag
, tag_size
);
106 * gnutls_cipher_add_auth:
107 * @handle: is a #gnutls_cipher_hd_t structure.
108 * @text: the data to be authenticated
109 * @text_size: The length of the data
111 * This function operates on authenticated encryption with
112 * associated data (AEAD) ciphers and authenticate the
113 * input data. This function can only be called once
114 * and before any encryption operations.
116 * Returns: Zero or a negative error code on error.
121 gnutls_cipher_add_auth (gnutls_cipher_hd_t handle
, const void *text
, size_t text_size
)
123 api_cipher_hd_st
* h
= handle
;
125 if (_gnutls_cipher_is_aead( &h
->ctx_enc
)==0)
126 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST
);
128 _gnutls_cipher_auth( &h
->ctx_enc
, text
, text_size
);
134 * gnutls_cipher_set_iv:
135 * @handle: is a #gnutls_cipher_hd_t structure.
137 * @ivlen: The length of the IV
139 * This function will set the IV to be used for the next
145 gnutls_cipher_set_iv (gnutls_cipher_hd_t handle
, void *iv
, size_t ivlen
)
147 api_cipher_hd_st
* h
= handle
;
149 _gnutls_cipher_setiv( &h
->ctx_enc
, iv
, ivlen
);
151 if (_gnutls_cipher_is_aead( &h
->ctx_enc
)==0)
152 _gnutls_cipher_setiv( &h
->ctx_dec
, iv
, ivlen
);
156 * gnutls_cipher_encrypt:
157 * @handle: is a #gnutls_cipher_hd_t structure.
158 * @text: the data to encrypt
159 * @textlen: The length of data to encrypt
161 * This function will encrypt the given data using the algorithm
162 * specified by the context.
164 * Returns: Zero or a negative error code on error.
169 gnutls_cipher_encrypt (gnutls_cipher_hd_t handle
, void *text
, size_t textlen
)
171 api_cipher_hd_st
* h
= handle
;
173 return _gnutls_cipher_encrypt (&h
->ctx_enc
, text
, textlen
);
177 * gnutls_cipher_decrypt:
178 * @handle: is a #gnutls_cipher_hd_t structure.
179 * @ciphertext: the data to encrypt
180 * @ciphertextlen: The length of data to encrypt
182 * This function will decrypt the given data using the algorithm
183 * specified by the context.
185 * Returns: Zero or a negative error code on error.
190 gnutls_cipher_decrypt (gnutls_cipher_hd_t handle
, void *ciphertext
,
191 size_t ciphertextlen
)
193 api_cipher_hd_st
* h
= handle
;
195 if (_gnutls_cipher_is_aead( &h
->ctx_enc
)!=0)
196 return _gnutls_cipher_decrypt (&h
->ctx_enc
, ciphertext
, ciphertextlen
);
198 return _gnutls_cipher_decrypt (&h
->ctx_dec
, ciphertext
, ciphertextlen
);
202 * gnutls_cipher_encrypt2:
203 * @handle: is a #gnutls_cipher_hd_t structure.
204 * @text: the data to encrypt
205 * @textlen: The length of data to encrypt
206 * @ciphertext: the encrypted data
207 * @ciphertextlen: The available length for encrypted data
209 * This function will encrypt the given data using the algorithm
210 * specified by the context.
212 * Returns: Zero or a negative error code on error.
217 gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle
, const void *text
, size_t textlen
,
218 void *ciphertext
, size_t ciphertextlen
)
220 api_cipher_hd_st
* h
= handle
;
222 return _gnutls_cipher_encrypt2 (&h
->ctx_enc
, text
, textlen
,
223 ciphertext
, ciphertextlen
);
227 * gnutls_cipher_decrypt2:
228 * @handle: is a #gnutls_cipher_hd_t structure.
229 * @ciphertext: the data to encrypt
230 * @ciphertextlen: The length of data to encrypt
231 * @text: the decrypted data
232 * @textlen: The available length for decrypted data
234 * This function will decrypt the given data using the algorithm
235 * specified by the context.
237 * Returns: Zero or a negative error code on error.
242 gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle
, const void *ciphertext
,
243 size_t ciphertextlen
, void *text
, size_t textlen
)
245 api_cipher_hd_st
* h
= handle
;
247 return _gnutls_cipher_decrypt2 (&h
->ctx_dec
, ciphertext
,
248 ciphertextlen
, text
, textlen
);
252 * gnutls_cipher_deinit:
253 * @handle: is a #gnutls_cipher_hd_t structure.
255 * This function will deinitialize all resources occupied by the given
256 * encryption context.
261 gnutls_cipher_deinit (gnutls_cipher_hd_t handle
)
263 api_cipher_hd_st
* h
= handle
;
265 _gnutls_cipher_deinit (&h
->ctx_enc
);
266 if (_gnutls_cipher_is_aead( &h
->ctx_enc
)==0)
267 _gnutls_cipher_deinit (&h
->ctx_dec
);
268 gnutls_free (handle
);
276 * @dig: is a #gnutls_hmac_hd_t structure.
277 * @algorithm: the HMAC algorithm to use
278 * @key: The key to be used for encryption
279 * @keylen: The length of the key
281 * This function will initialize an context that can be used to
282 * produce a Message Authentication Code (MAC) of data. This will
283 * effectively use the current crypto backend in use by gnutls or the
284 * cryptographic accelerator in use.
286 * Returns: Zero or a negative error code on error.
291 gnutls_hmac_init (gnutls_hmac_hd_t
* dig
,
292 gnutls_digest_algorithm_t algorithm
,
293 const void *key
, size_t keylen
)
295 *dig
= gnutls_malloc (sizeof (digest_hd_st
));
299 return GNUTLS_E_MEMORY_ERROR
;
302 return _gnutls_hmac_init (((digest_hd_st
*) * dig
), algorithm
, key
, keylen
);
307 * @handle: is a #gnutls_cipher_hd_t structure.
308 * @text: the data to hash
309 * @textlen: The length of data to hash
311 * This function will hash the given data using the algorithm
312 * specified by the context.
314 * Returns: Zero or a negative error code on error.
319 gnutls_hmac (gnutls_hmac_hd_t handle
, const void *text
, size_t textlen
)
321 return _gnutls_hmac ((digest_hd_st
*) handle
, text
, textlen
);
325 * gnutls_hmac_output:
326 * @handle: is a #gnutls_hmac_hd_t structure.
327 * @digest: is the output value of the MAC
329 * This function will output the current MAC value.
334 gnutls_hmac_output (gnutls_hmac_hd_t handle
, void *digest
)
336 _gnutls_hmac_output ((digest_hd_st
*) handle
, digest
);
340 * gnutls_hmac_deinit:
341 * @handle: is a #gnutls_hmac_hd_t structure.
342 * @digest: is the output value of the MAC
344 * This function will deinitialize all resources occupied by
345 * the given hmac context.
350 gnutls_hmac_deinit (gnutls_hmac_hd_t handle
, void *digest
)
352 _gnutls_hmac_deinit ((digest_hd_st
*) handle
, digest
);
353 gnutls_free (handle
);
357 * gnutls_hmac_get_len:
358 * @algorithm: the hmac algorithm to use
360 * This function will return the length of the output data
361 * of the given hmac algorithm.
363 * Returns: The length or zero on error.
368 gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm
)
370 return _gnutls_hmac_get_algo_len (algorithm
);
375 * @algorithm: the hash algorithm to use
376 * @key: the key to use
377 * @keylen: The length of the key
378 * @text: the data to hash
379 * @textlen: The length of data to hash
380 * @digest: is the output value of the hash
382 * This convenience function will hash the given data and return output
385 * Returns: Zero or a negative error code on error.
390 gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm
,
391 const void *key
, size_t keylen
,
392 const void *text
, size_t textlen
, void *digest
)
394 return _gnutls_hmac_fast (algorithm
, key
, keylen
, text
, textlen
, digest
);
401 * @dig: is a #gnutls_hash_hd_t structure.
402 * @algorithm: the hash algorithm to use
404 * This function will initialize an context that can be used to
405 * produce a Message Digest of data. This will effectively use the
406 * current crypto backend in use by gnutls or the cryptographic
407 * accelerator in use.
409 * Returns: Zero or a negative error code on error.
414 gnutls_hash_init (gnutls_hash_hd_t
* dig
, gnutls_digest_algorithm_t algorithm
)
416 *dig
= gnutls_malloc (sizeof (digest_hd_st
));
420 return GNUTLS_E_MEMORY_ERROR
;
423 return _gnutls_hash_init (((digest_hd_st
*) * dig
), algorithm
);
428 * @handle: is a #gnutls_cipher_hd_t structure.
429 * @text: the data to hash
430 * @textlen: The length of data to hash
432 * This function will hash the given data using the algorithm
433 * specified by the context.
435 * Returns: Zero or a negative error code on error.
440 gnutls_hash (gnutls_hash_hd_t handle
, const void *text
, size_t textlen
)
442 return _gnutls_hash ((digest_hd_st
*) handle
, text
, textlen
);
446 * gnutls_hash_output:
447 * @handle: is a #gnutls_hash_hd_t structure.
448 * @digest: is the output value of the hash
450 * This function will output the current hash value.
455 gnutls_hash_output (gnutls_hash_hd_t handle
, void *digest
)
457 _gnutls_hash_output ((digest_hd_st
*) handle
, digest
);
461 * gnutls_hash_deinit:
462 * @handle: is a #gnutls_hash_hd_t structure.
463 * @digest: is the output value of the hash
465 * This function will deinitialize all resources occupied by
466 * the given hash context.
471 gnutls_hash_deinit (gnutls_hash_hd_t handle
, void *digest
)
473 _gnutls_hash_deinit ((digest_hd_st
*) handle
, digest
);
474 gnutls_free (handle
);
478 * gnutls_hash_get_len:
479 * @algorithm: the hash algorithm to use
481 * This function will return the length of the output data
482 * of the given hash algorithm.
484 * Returns: The length or zero on error.
489 gnutls_hash_get_len (gnutls_digest_algorithm_t algorithm
)
491 return _gnutls_hash_get_algo_len (algorithm
);
496 * @algorithm: the hash algorithm to use
497 * @text: the data to hash
498 * @textlen: The length of data to hash
499 * @digest: is the output value of the hash
501 * This convenience function will hash the given data and return output
504 * Returns: Zero or a negative error code on error.
509 gnutls_hash_fast (gnutls_digest_algorithm_t algorithm
,
510 const void *text
, size_t textlen
, void *digest
)
512 return _gnutls_hash_fast (algorithm
, text
, textlen
, digest
);
516 * gnutls_key_generate:
517 * @key: is a pointer to a #gnutls_datum_t which will contain a newly
519 * @key_size: The number of bytes of the key.
521 * Generates a random key of @key_bytes size.
523 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
529 gnutls_key_generate (gnutls_datum_t
* key
, unsigned int key_size
)
533 key
->size
= key_size
;
534 key
->data
= gnutls_malloc (key
->size
);
538 return GNUTLS_E_MEMORY_ERROR
;
541 ret
= gnutls_rnd (GNUTLS_RND_RANDOM
, key
->data
, key
->size
);
545 _gnutls_free_datum (key
);