search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
certtool is able to set certificate policies via a template
[gnutls.git] / lib / gnutls_cipher_int.c
blobcbb6a401aef8aa1ffe588fd404029c37833a8357
1 /*
2 * Copyright (C) 2009-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 #include <gnutls_int.h>
24 #include <gnutls_errors.h>
25 #include <gnutls_cipher_int.h>
26 #include <gnutls_datum.h>
27 #include <gnutls/crypto.h>
28 #include <crypto.h>
29 #include <algorithms.h>
30
31 #define SR(x, cleanup) if ( (x)<0 ) { \
32 gnutls_assert(); \
33 ret = GNUTLS_E_INTERNAL_ERROR; \
34 goto cleanup; \
35 }
36
37 /* Returns true(non-zero) or false(0) if the
38 * provided cipher exists
39 */
40 int _gnutls_cipher_exists(gnutls_cipher_algorithm_t cipher)
41 {
42 const gnutls_crypto_cipher_st *cc;
43 int ret;
44
45 cc = _gnutls_get_crypto_cipher (cipher);
46 if (cc != NULL) return 1;
47
48 ret = _gnutls_cipher_ops.exists(cipher);
49 return ret;
50 }
51
52 int
53 _gnutls_cipher_init (cipher_hd_st * handle, gnutls_cipher_algorithm_t cipher,
54 const gnutls_datum_t * key, const gnutls_datum_t * iv, int enc)
55 {
56 int ret = GNUTLS_E_INTERNAL_ERROR;
57 const gnutls_crypto_cipher_st *cc = NULL;
58
59 if (cipher == GNUTLS_CIPHER_NULL)
60 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
61
62 handle->is_aead = _gnutls_cipher_algo_is_aead(cipher);
63 if (handle->is_aead)
64 handle->tag_size = gnutls_cipher_get_block_size(cipher);
65
66 /* check if a cipher has been registered
67 */
68 cc = _gnutls_get_crypto_cipher (cipher);
69 if (cc != NULL)
70 {
71 handle->encrypt = cc->encrypt;
72 handle->decrypt = cc->decrypt;
73 handle->deinit = cc->deinit;
74 handle->auth = cc->auth;
75 handle->tag = cc->tag;
76 handle->setiv = cc->setiv;
77
78 SR (cc->init (cipher, &handle->handle, enc), cc_cleanup);
79 SR (cc->setkey( handle->handle, key->data, key->size), cc_cleanup);
80 if (iv)
81 {
82 SR (cc->setiv( handle->handle, iv->data, iv->size), cc_cleanup);
83 }
84
85 return 0;
86 }
87
88 handle->encrypt = _gnutls_cipher_ops.encrypt;
89 handle->decrypt = _gnutls_cipher_ops.decrypt;
90 handle->deinit = _gnutls_cipher_ops.deinit;
91 handle->auth = _gnutls_cipher_ops.auth;
92 handle->tag = _gnutls_cipher_ops.tag;
93 handle->setiv = _gnutls_cipher_ops.setiv;
94
95 /* otherwise use generic cipher interface
96 */
97 ret = _gnutls_cipher_ops.init (cipher, &handle->handle, enc);
98 if (ret < 0)
99 {
100 gnutls_assert ();
101 return ret;
102 }
103
104 ret = _gnutls_cipher_ops.setkey(handle->handle, key->data, key->size);
105 if (ret < 0)
106 {
107 gnutls_assert ();
108 goto cc_cleanup;
109 }
110
111 if (iv)
112 {
113 ret = _gnutls_cipher_ops.setiv(handle->handle, iv->data, iv->size);
114 if (ret < 0)
115 {
116 gnutls_assert ();
117 goto cc_cleanup;
118 }
119 }
120
121 return 0;
122
123 cc_cleanup:
124
125 if (handle->handle)
126 handle->deinit (handle->handle);
127
128 return ret;
129 }
130
131 /* Auth_cipher API
132 */
133 int _gnutls_auth_cipher_init (auth_cipher_hd_st * handle,
134 gnutls_cipher_algorithm_t cipher,
135 const gnutls_datum_t * cipher_key,
136 const gnutls_datum_t * iv,
137 gnutls_mac_algorithm_t mac,
138 const gnutls_datum_t * mac_key,
139 int ssl_hmac, int enc)
140 {
141 int ret;
142
143 memset(handle, 0, sizeof(*handle));
144
145 if (cipher != GNUTLS_CIPHER_NULL)
146 {
147 ret = _gnutls_cipher_init(&handle->cipher, cipher, cipher_key, iv, enc);
148 if (ret < 0)
149 return gnutls_assert_val(ret);
150 }
151 else
152 handle->is_null = 1;
153
154 if (mac != GNUTLS_MAC_AEAD)
155 {
156 handle->is_mac = 1;
157 handle->ssl_hmac = ssl_hmac;
158
159 if (ssl_hmac)
160 ret = _gnutls_mac_init_ssl3(&handle->mac, mac, mac_key->data, mac_key->size);
161 else
162 ret = _gnutls_hmac_init(&handle->mac, mac, mac_key->data, mac_key->size);
163 if (ret < 0)
164 {
165 gnutls_assert();
166 goto cleanup;
167 }
168
169 handle->tag_size = _gnutls_hmac_get_algo_len(mac);
170 }
171 else if (_gnutls_cipher_is_aead(&handle->cipher))
172 handle->tag_size = _gnutls_cipher_tag_len(&handle->cipher);
173
174 return 0;
175 cleanup:
176 if (handle->is_null == 0)
177 _gnutls_cipher_deinit(&handle->cipher);
178 return ret;
179
180 }
181
182 int _gnutls_auth_cipher_add_auth (auth_cipher_hd_st * handle, const void *text,
183 int textlen)
184 {
185 if (handle->is_mac)
186 {
187 if (handle->ssl_hmac)
188 return _gnutls_hash(&handle->mac, text, textlen);
189 else
190 return _gnutls_hmac(&handle->mac, text, textlen);
191 }
192 else if (_gnutls_cipher_is_aead(&handle->cipher))
193 return _gnutls_cipher_auth(&handle->cipher, text, textlen);
194 else
195 return 0;
196 }
197
198 int _gnutls_auth_cipher_encrypt2_tag (auth_cipher_hd_st * handle, const uint8_t *text,
199 int textlen, void *ciphertext, int ciphertextlen,
200 void* tag_ptr, int tag_size,
201 int auth_size)
202 {
203 int ret;
204
205 if (handle->is_mac)
206 {
207 if (handle->ssl_hmac)
208 ret = _gnutls_hash(&handle->mac, text, auth_size);
209 else
210 ret = _gnutls_hmac(&handle->mac, text, auth_size);
211 if (ret < 0)
212 {
213 gnutls_assert();
214 return ret;
215 }
216 ret = _gnutls_auth_cipher_tag(handle, tag_ptr, tag_size);
217 if (ret < 0)
218 return gnutls_assert_val(ret);
219
220 if (handle->is_null==0)
221 {
222 ret = _gnutls_cipher_encrypt2(&handle->cipher, text, textlen, ciphertext, ciphertextlen);
223 if (ret < 0)
224 return gnutls_assert_val(ret);
225 }
226 }
227 else if (_gnutls_cipher_is_aead(&handle->cipher))
228 {
229 ret = _gnutls_cipher_encrypt2(&handle->cipher, text, textlen, ciphertext, ciphertextlen);
230 if (ret < 0)
231 return gnutls_assert_val(ret);
232
233 ret = _gnutls_auth_cipher_tag(handle, tag_ptr, tag_size);
234 if (ret < 0)
235 return gnutls_assert_val(ret);
236 }
237
238 return 0;
239 }
240
241 int _gnutls_auth_cipher_decrypt2 (auth_cipher_hd_st * handle,
242 const void *ciphertext, int ciphertextlen,
243 void *text, int textlen)
244 {
245 int ret;
246
247 if (handle->is_null==0)
248 {
249 ret = _gnutls_cipher_decrypt2(&handle->cipher, ciphertext, ciphertextlen,
250 text, textlen);
251 if (ret < 0)
252 return gnutls_assert_val(ret);
253 }
254
255 if (handle->is_mac)
256 {
257 /* The MAC is not to be hashed */
258 textlen -= handle->tag_size;
259
260 if (handle->ssl_hmac)
261 return _gnutls_hash(&handle->mac, text, textlen);
262 else
263 return _gnutls_hmac(&handle->mac, text, textlen);
264 }
265
266 return 0;
267 }
268
269 int _gnutls_auth_cipher_tag(auth_cipher_hd_st * handle, void* tag, int tag_size)
270 {
271 int ret = 0;
272 if (handle->is_mac)
273 {
274 if (handle->ssl_hmac)
275 {
276 ret = _gnutls_mac_output_ssl3 (&handle->mac, tag);
277 if (ret < 0)
278 return gnutls_assert_val(ret);
279
280 _gnutls_mac_reset_ssl3 (&handle->mac);
281 }
282 else
283 {
284 _gnutls_hmac_output (&handle->mac, tag);
285 _gnutls_hmac_reset (&handle->mac);
286 }
287 }
288 else if (_gnutls_cipher_is_aead(&handle->cipher))
289 {
290 _gnutls_cipher_tag(&handle->cipher, tag, tag_size);
291 }
292
293 return 0;
294 }
295
296 void _gnutls_auth_cipher_deinit (auth_cipher_hd_st * handle)
297 {
298 if (handle->is_mac)
299 {
300 if (handle->ssl_hmac) /* failure here doesn't matter */
301 _gnutls_mac_deinit_ssl3 (&handle->mac, NULL);
302 else
303 _gnutls_hmac_deinit(&handle->mac, NULL);
304 }
305 if (handle->is_null==0)
306 _gnutls_cipher_deinit(&handle->cipher);
307 }
Implementation of the SSL/TLS protocol